# NixOps configuration for the monitoring host

{ config, pkgs, lib, ... }:

{

  imports = [
    ./grafana.nix
    ./prometheus.nix
  ];

  services = {
    nginx = {
      enable = true;                                          # Enable Nginx
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts."monitoring.mcwhirter.io" = {              # Monitoring hostname
        enableACME = true;                                    # Use ACME certs
        forceSSL = true;                                      # Force SSL
        locations = {
          "/grafana/".proxyPass = "http://localhost:3000/";   # Proxy Grafana
          "/prometheus/".extraConfig = ''
            proxy_pass http://localhost:9090/prometheus/;
            proxy_set_header Host $host;
            proxy_set_header REMOTE_ADDR $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
          '';
        };
      };
    };

  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "monitoring.mcwhirter.io".email = "craige@mcwhirter.io";
    };
  };

}