@@ -1,5 +1,7 @@
{lib, ...}: {
- flake.modules.nixos."services/gotosocial" = {config, ...}: {
+ flake.modules.nixos."services/gotosocial" = {config, ...}: let
+ metricsPort = 9464;
+ in {
services.gotosocial = {
enable = true;
settings = {
@@ -37,8 +39,6 @@
log-timestamp-format = "2006-01-02T15:04:05.000Z07:00";
# Metric
metrics-enabled = true;
- metrics-auth-enabled = true;
- metrics-auth-username = "trinnon-metrics";
};
environmentFile = config.vaultix.templates.gotosocial-env.path;
};
@@ -49,8 +49,15 @@
localAddress = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
in ''
encode zstd gzip
+ handle /metrics {
+ basic_auth {
+ trinnon-metrics {$GTS_METRICS_AUTH_PASSWORD}
+ }
+ reverse_proxy http://localhost:${builtins.toString metricsPort}
+ }
reverse_proxy ${localAddress}
'');
+ systemd.services.caddy.serviceConfig.EnvironmentFile = [config.vaultix.templates.caddy-gotosocial-env.path];
services.restic.backups."${config.networking.hostName}-backup".paths =
lib.mkIf
@@ -63,6 +70,7 @@
vaultix.secrets.gotosocial-oidc-secret.file = ./oidc-secret.age;
vaultix.secrets.gotosocial-smtp-password.file = ./smtp-password.age;
vaultix.secrets.gotosocial-metrics-password.file = ./metrics-password.age;
+ vaultix.secrets.gotosocial-metrics-password-hashed.file = ./metrics-password-hashed.age;
vaultix.templates.gotosocial-env = {
content = let
@@ -73,11 +81,22 @@
GTS_STORAGE_S3_SECRET_KEY=${cfg.placeholder.gotosocial-s3-secret-key}
GTS_OIDC_CLIENT_SECRET=${cfg.placeholder.gotosocial-oidc-secret}
GTS_SMTP_PASSWORD=${cfg.placeholder.gotosocial-smtp-password}
- GTS_METRICS_AUTH_PASSWORD=${cfg.placeholder.gotosocial-metrics-password}
+ OTEL_METRICS_PRODUCERS=prometheus
+ OTEL_METRICS_EXPORTER=prometheus
+ OTEL_EXPORTER_PROMETHEUS_HOST=${config.services.gotosocial.settings.host}
+ OTEL_EXPORTER_PROMETHEUS_PORT=${builtins.toString metricsPort}
'';
owner = "root";
group = "gotosocial";
mode = "0440";
};
+
+ vaultix.templates.caddy-gotosocial-env = {
+ content = let
+ cfg = config.vaultix;
+ in ''
+ GTS_METRICS_AUTH_PASSWORD=${cfg.placeholder.gotosocial-metrics-password-hashed}
+ '';
+ };
};
}