{ lib, config, ... }: let inherit (lib) mkEnableOption mkIf; cfg = config.bagel.services.pyroscope; in { options.bagel.services.pyroscope = { enable = mkEnableOption "pyroscope server"; }; # TODO: send me to nixpkgs imports = [ ./module.nix ]; config = mkIf cfg.enable { age.secrets.pyroscope-secrets.file = ../../../secrets/pyroscope-secrets.age; services.pyroscope = { enable = true; secretFile = config.age.secrets.pyroscope-secrets.path; settings = { target = "all"; multitenancy_enabled = false; api.base-url = "https://pyroscope.forkos.org"; analytics.reporting_enabled = false; storage = { backend = "s3"; s3 = { endpoint = "s3.delroth.net"; region = "garage"; bucket_name = "bagel-pyroscope"; access_key_id = "\${S3_KEY_ID}"; secret_access_key = "\${S3_KEY}"; force_path_style = true; }; }; server = { grpc_listen_port = 9097; grpc_server_max_recv_msg_size = 104857600; grpc_server_max_send_msg_size = 104857600; grpc_server_max_concurrent_streams = 1000; }; memberlist = { advertise_port = 7948; bind_port = 7948; }; }; }; }; }