# Prometheus configuration for a BIRD-enabled router.

{ config, pkgs, lib, ... }:

with lib;

let
  nodeExporterPort = 9100;
  birdExporterPort = 9101;

  birdExporter = pkgs.buildGoModule rec {
    pname = "bird-exporter";
    version = "1.2.6";
    src = pkgs.fetchFromGitHub {
      owner = "czerwonk";
      repo = "bird_exporter";
      rev = version;
      sha256 = "1yqizzlvwyxlrd2priqd1jx9s87yvsypqkmk81dacm1ra4xrs0nd";
    };

    vendorSha256 = "0wczj3g0c917hwjkz23xg5blb4z5a04v3wbx6kg0wfyb09c9bwx3";
  };

in {
  systemd.services.bird_exporter = {
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "simple";
      ExecStart = "${birdExporter}/bin/bird_exporter -format.new=true -bird.v2=true -web.listen-address=127.0.0.1:${toString birdExporterPort}";
      Restart = "always";
      RestartSec = "60";
    };
  };

  services.prometheus.exporters.node = {
    enable = true;
    listenAddress = "127.0.0.1";
    port = nodeExporterPort;
  };

  services.nginx.enable = true;
  services.nginx.virtualHosts."${config.networking.hostName}.${config.networking.domain}" = let
    allowMonitoring = ''
      allow 209.250.231.127; # monitoring.hackerspace.pl
      deny all;
    '';
  in {
    locations."/metrics-node" = {
      proxyPass = "http://127.0.0.1:${toString nodeExporterPort}/metrics";
      extraConfig = allowMonitoring;
    };
    locations."/metrics-bird" = {
      proxyPass = "http://127.0.0.1:${toString birdExporterPort}/metrics";
      extraConfig = allowMonitoring;
    };
  };
}