From 148dc2a73f67e01a00f2f0b52f11f4fcda0c866b Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Tue, 28 Sep 2021 17:22:06 -0600
Subject: [PATCH] Expose zkap-spending-service metrics.

---
 nixos/modules/spending.nix                 | 10 ++++++++++
 nixos/pkgs/zkap-spending-service/repo.json |  4 ++--
 nixos/tests/spending.nix                   |  4 ++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/spending.nix b/nixos/modules/spending.nix
index 238fbe8f..c6340af1 100644
--- a/nixos/modules/spending.nix
+++ b/nixos/modules/spending.nix
@@ -127,6 +127,16 @@ in
             # Want a regex instead? try locations."~ /v\d+/"
             proxyPass = "http://unix:${cfg.unixSocket}";
           };
+          locations."/metrics" = {
+            proxyPass = "http://unix:${cfg.unixSocket}";
+            # Only allow our monitoringvpn subnet
+            extraConfig = ''
+              allow 172.23.23.0/24;
+              allow 127.0.0.1;
+              allow ::1;
+              deny all;
+            '';
+          };
           locations."/" = {
             # Return a 404 error for any paths not specified above.
             extraConfig = ''
diff --git a/nixos/pkgs/zkap-spending-service/repo.json b/nixos/pkgs/zkap-spending-service/repo.json
index 39aeb840..69f7a300 100644
--- a/nixos/pkgs/zkap-spending-service/repo.json
+++ b/nixos/pkgs/zkap-spending-service/repo.json
@@ -1,9 +1,9 @@
 {
   "owner": "privatestorage",
   "repo": "zkap-spending-service",
-  "rev": "e0d63b79213d16f2de6629167ea8f1236ba22e14",
+  "rev": "cbf7509f429ffd6e6cf37a73e4ff84a9c5ce1141",
   "branch": "main",
   "domain": "whetstone.privatestorage.io",
-  "outputHash": "30abb0g9xxn4lp493kj5wmz8kj5q2iqvw40m8llqvb3zamx60gd8cy451ii7z15qbrbx9xmjdfw0k4gviij46fkx1s8nbich5c8qx57",
+  "outputHash": "04g7pcykc2525cg3z7wg5834s7vqn82xaqjvf52l6dnxv3mb9xr93kk505dvxcwhgfbqpim5i479s9kqd8gi7q3lq5wn5fq7rf7lkrj",
   "outputHashAlgo": "sha512"
 }
diff --git a/nixos/tests/spending.nix b/nixos/tests/spending.nix
index c970157b..ef88b682 100644
--- a/nixos/tests/spending.nix
+++ b/nixos/tests/spending.nix
@@ -28,5 +28,9 @@
       with subtest("Ensure that the spending service version matches the expected version"):
         output = spending.succeed("${curl} http://localhost/v1/_version")
         assert json.loads(output)["revision"] == "${revision}", "Spending service revision does not match."
+      with subtest("Ensure that the spending service generates metrics"):
+        # TODO: We should pass "-H 'accept: application/openmetrics-text'" here.
+        # See https://github.com/prometheus/prometheus/issues/8932
+        output = spending.succeed("${curl} http://localhost/metrics | ${pkgs.prometheus}/bin/promtool check metrics")
     '';
 }
-- 
GitLab