{ config, ... }:

let
  host = "prometheus.dgnum.eu";
  port = 9091;
in

{
  services.prometheus = {
    enable = true;

    inherit port;

    checkConfig = "syntax-only";
    enableReload = true;

    listenAddress = "127.0.0.1";

    webConfigFile = config.age.secrets."prometheus-web_config_file".path;

    webExternalUrl = "https://${host}";

    scrapeConfigs = [
      {
        job_name = "prometheus";
        static_configs = [ { targets = [ "localhost:9090" ]; } ];
      }
    ];
  };

  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;

    locations."/" = {
      proxyPass = "http://127.0.0.1:${builtins.toString port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
    };
  };

  age-secrets.autoMatch = [ "prometheus" ];
}