Commit 6361f06

HPCesia <me@hpcesia.com>
2025-10-15 10:35:11
fix: migrate gotosocial metric
After GoToSocial v0.20, metrics exposure significantly changed. See https://docs.gotosocial.org/en/v0.20.0/advanced/metrics
1 parent 8b3b83b
modules/services/gotosocial/default.nix
@@ -1,5 +1,7 @@
 {lib, ...}: {
-  flake.modules.nixos."services/gotosocial" = {config, ...}: {
+  flake.modules.nixos."services/gotosocial" = {config, ...}: let
+    metricsPort = 9464;
+  in {
     services.gotosocial = {
       enable = true;
       settings = {
@@ -37,8 +39,6 @@
         log-timestamp-format = "2006-01-02T15:04:05.000Z07:00";
         # Metric
         metrics-enabled = true;
-        metrics-auth-enabled = true;
-        metrics-auth-username = "trinnon-metrics";
       };
       environmentFile = config.vaultix.templates.gotosocial-env.path;
     };
@@ -49,8 +49,15 @@
         localAddress = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
       in ''
         encode zstd gzip
+        handle /metrics {
+          basic_auth {
+           trinnon-metrics {$GTS_METRICS_AUTH_PASSWORD}
+          }
+          reverse_proxy http://localhost:${builtins.toString metricsPort}
+        }
         reverse_proxy ${localAddress}
       '');
+    systemd.services.caddy.serviceConfig.EnvironmentFile = [config.vaultix.templates.caddy-gotosocial-env.path];
 
     services.restic.backups."${config.networking.hostName}-backup".paths =
       lib.mkIf
@@ -63,6 +70,7 @@
     vaultix.secrets.gotosocial-oidc-secret.file = ./oidc-secret.age;
     vaultix.secrets.gotosocial-smtp-password.file = ./smtp-password.age;
     vaultix.secrets.gotosocial-metrics-password.file = ./metrics-password.age;
+    vaultix.secrets.gotosocial-metrics-password-hashed.file = ./metrics-password-hashed.age;
 
     vaultix.templates.gotosocial-env = {
       content = let
@@ -73,11 +81,22 @@
         GTS_STORAGE_S3_SECRET_KEY=${cfg.placeholder.gotosocial-s3-secret-key}
         GTS_OIDC_CLIENT_SECRET=${cfg.placeholder.gotosocial-oidc-secret}
         GTS_SMTP_PASSWORD=${cfg.placeholder.gotosocial-smtp-password}
-        GTS_METRICS_AUTH_PASSWORD=${cfg.placeholder.gotosocial-metrics-password}
+        OTEL_METRICS_PRODUCERS=prometheus
+        OTEL_METRICS_EXPORTER=prometheus
+        OTEL_EXPORTER_PROMETHEUS_HOST=${config.services.gotosocial.settings.host}
+        OTEL_EXPORTER_PROMETHEUS_PORT=${builtins.toString metricsPort}
       '';
       owner = "root";
       group = "gotosocial";
       mode = "0440";
     };
+
+    vaultix.templates.caddy-gotosocial-env = {
+      content = let
+        cfg = config.vaultix;
+      in ''
+        GTS_METRICS_AUTH_PASSWORD=${cfg.placeholder.gotosocial-metrics-password-hashed}
+      '';
+    };
   };
 }
modules/services/gotosocial/metrics-password-hashed.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 k1Yv0btz+gv0KaC6HFJwNspZIb5YuDx6fkbBxgjAO1w
+NzqoQMY2dVWvhWt8JgWvy8mbySMe5FFl6DGe+lVCCQE
+-> i-grease `TbPP? hYUAFZ | z
+rZaGGT0xgA
+--- 4DvZoFuvzlp/QgADxTtK8rNvMMnGCC9BCdhasC/ZBN4
+\��{�ߟ�A�nZ�݄`2Bu}Z���-�	����h>Gdj��n�n�4f���_	y^��+�s�\�e[�e#�Oꏸ��4\�������a�g
\ No newline at end of file
secrets/cache/pardofelis/4bd156fa71860c150ce4a52701814d42a5ee9cde0a86b9a966666e222e752864
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw NFX1KI7fxUvCGv4eLgbO4Ed/HqeiNjhXFfeOFNbD1EI
+HQo9u4kyftQ3agb9I88DCyRxh22g1u+RkFBfeoOjN0I
+-> by-grease ]J gShe
+/zbYZ0cF+pArHGV8jzIXfHU1zHiXE/38NmQvE0xgM5Ie618
+--- tSYIBYfkK/yM8VcQsiwaUBgGA+0Dde+sKqkDoa/UYsA
+���V
���s��p��@T�|M�̘'��|�VR��r`��'"	�_u=a��W2q��\߉r�B+a�9�jx搵7�=^�e�X�a�nT�NZ�
\ No newline at end of file