monitoring.nix

rec {
  deployment = {
    secrets = {
      "monitoringvpn-private-key" = {
        # source = ...;
        destination = "/run/keys/monitoringvpn/server.key";
        owner.user = "root";
        owner.group = "root";
        permissions = "0400";
        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
      };
      "monitoringvpn-preshared-key" = {
        # source = ...;
        destination = "/run/keys/monitoringvpn/preshared.key";
        owner.user = "root";
        owner.group = "root";
        permissions = "0400";
        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
      };
    };
  };

  imports = [
    ../../nixos/modules/monitoring/vpn/server.nix
    ../../nixos/modules/monitoring/server/grafana.nix
    ../../nixos/modules/monitoring/server/prometheus.nix
    ../../nixos/modules/monitoring/exporters/node.nix
    # Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
    # ../../nixos/modules/monitoring/server/loki.nix
  ];

  services.private-storage.monitoring.vpn.server = {
    # enable = ...;
    # ip = ...;
    # vpnClientIPs = ...;
    # pubKeysPath = ...;
  };

  services.private-storage.monitoring.grafana = {
    domain = "monitoring.private.storage";
    prometheusUrl = "http://localhost:9090/";
    lokiUrl = "http://localhost:3100/";
  };

  services.private-storage.monitoring.prometheus = {
    # nodeExporterTargets = ...;
    # nginxExporterTargets = ...;
  };

  # system.stateVersion = ...;

  # networking.hosts = ...;
}