{ self, config, lib, pkgs, ... }:

with self.lib.nginx;
with self.lib.mon;
let exp = config.services.prometheus.exporters;
in {
  services.prometheus = {
    enable = true;
    enableReload = true;
    retentionTime = "14d";

    listenAddress = "10.10.0.1";
    webExternalUrl = "https://prometheus.vapor.systems";

    globalConfig = {
      scrape_interval = "10s";
    };

    scrapeConfigs = [
      (mkScrapeConfig "node" [ "ettves" "phaenn" "fra01" "nyc01" "sin01" ] exp.node.port)
      (mkScrapeConfig "zfs" [ "ettves" "phaenn" ] exp.zfs.port)
      (mkScrapeConfig "smartctl" [ "ettves" "phaenn" ] exp.smartctl.port)
      (mkScrapeConfig "nginx" [ "ettves" "phaenn" "fra01" "nyc01" "sin01" ] exp.nginx.port)
      
      (mkScrapeConfig "postgres" [ "ettves" ] exp.postgres.port)
      (mkScrapeConfig "quassel" [ "localhost" ] config.services.quassel.settings.metrics.port)

      { 
        job_name = "authentik"; 
        static_configs = [
          { targets = [ "ettves:9300" "ettves:9303" "ettves:9304" ]; }
        ]; 
        relabel_configs = relabelConfig;
      }
      
      (mkScrapeConfig "garage" [ "fra01" "nyc01" "sin01" ] 3903)
      (mkScrapeConfig "pdns" [ "ettves" "fra01" "nyc01" "sin01" ] 8081)
      
      (mkScrape "minecraft" [ "ettves:25585" "ettves:9150" ])
    ];
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';

  security.acme.certs = {
    "vapor.systems" = {
      extraDomainNames = [ "*.vapor.systems" ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "prometheus.vapor.systems" = (proxyDomainAuth "vapor.systems" "http://10.10.0.1:9090/");
    };
  };
}