Prepare for remote push metrics

services/monitoring/lgtm/loki.nix

@@ -12,8 +12,8 @@ in
 
   config = mkIf cfg.enable {
     age.secrets = {
-      loki-htpasswd = {
-        file = ../../../secrets/loki-htpasswd.age;
+      metrics-push-htpasswd = {
+        file = ../../../secrets/metrics-push-htpasswd.age;
         owner = "nginx";
       };
       loki-environment.file = ../../../secrets/loki-environment.age;
@@ -93,7 +93,7 @@ in
       forceSSL = true;
       locations."/loki/api/v1/push" = {
         proxyPass = "http://localhost:${toString config.services.loki.configuration.server.http_listen_port}";
-        basicAuthFile = config.age.secrets.loki-htpasswd.path;
+        basicAuthFile = config.age.secrets.metrics-push-htpasswd.path;
       };
     };
   };

services/monitoring/lgtm/prometheus.nix

@@ -34,7 +34,13 @@ in
   options.bagel.services.prometheus.enable = mkEnableOption "Prometheus scraper";
 
   config = mkIf cfg.enable {
-    age.secrets.mimir-environment.file = ../../../secrets/mimir-environment.age;
+    age.secrets = {
+      metrics-push-htpasswd = {
+        file = ../../../secrets/metrics-push-htpasswd.age;
+        owner = "nginx";
+      };
+      mimir-environment.file = ../../../secrets/mimir-environment.age;
+    };
 
     services.prometheus = {
       enable = true;
@@ -109,8 +115,9 @@ in
     services.nginx.virtualHosts."mimir.forkos.org" = {
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
+      locations."/api/v1/push" = {
         proxyPass = "http://localhost:${toString mimirPort}";
+        basicAuthFile = config.age.secrets.metrics-push-htpasswd.path;
       };
     };
   };

services/monitoring/promtail.nix

@@ -12,7 +12,7 @@ in
 
   config = mkIf cfg.enable {
     age.secrets.promtail-password = {
-      file = ../../secrets/promtail-password.age;
+      file = ../../secrets/metrics-push-password.age;
       owner = "promtail";
     };