{
  config,
  nodes,
  lib,
  ...
}:

let
  host = "prometheus.dgnum.eu";
  port = 9091;

  nodeExporterConfigs = lib.flatten (
    lib.mapAttrsToList (
      node:
      { config, ... }:
      lib.optional config.dgn-node-monitoring.enable {
        targets = [ "${node}.dgnum:${builtins.toString config.dgn-node-monitoring.port}" ];
        labels = {
          host = node;
        };
      }
    ) nodes
  );
in

{
  services.prometheus = {
    enable = true;

    inherit port;

    checkConfig = "syntax-only";
    enableReload = true;

    listenAddress = "127.0.0.1";

    webConfigFile = config.age.secrets."prometheus-web_config_file".path;

    webExternalUrl = "https://${host}";

    retentionTime = "6m";

    extraFlags = [ "--storage.tsdb.retention.size=20GB" ];

    globalConfig = {
      scrape_interval = "15s"; # if you change this settings, please do it in grafana also
    };

    scrapeConfigs = [
      {
        job_name = "prometheus";
        static_configs = [ { targets = [ "localhost:9090" ]; } ];
      }
      {
        job_name = "node_exporter";
        static_configs = nodeExporterConfigs;
      }
      {
        job_name = "uptime_kuma";
        scheme = "https";
        static_configs = [ { targets = [ "status.dgnum.eu" ]; } ];
        basic_auth = {
          username = "prometheus";
          password_file = config.age.secrets."prometheus-uptime-kuma-apikey".path;
        };
      }
    ];
  };

  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;

    locations."/" = {
      proxyPass = "http://127.0.0.1:${builtins.toString port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
    };
  };

  age-secrets.autoMatch = [ "prometheus" ];
}