{ self, config, lib, pkgs, ... }:

with self.lib.nginx;
with self.lib.mon;
let exp = config.services.prometheus.exporters;
in {
  imports = [ ./scrape.nix ./rules.nix ];

  services.prometheus = {
    enable = true;
    enableReload = true;
    retentionTime = "14d";

    listenAddress = "0.0.0.0";
    webExternalUrl = "https://prometheus.vapor.systems";

    globalConfig = {
      scrape_interval = "10s";
    };
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';

  security.acme.certs = {
    "vapor.systems" = {
      extraDomainNames = [ "*.vapor.systems" ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "prometheus.vapor.systems" = (proxyDomainAuth "vapor.systems" "http://10.10.0.1:9090/");
    };
  };
}