{ lib, config, ... }: let inherit (lib) mkEnableOption mkIf; cfg = config.bagel.services.pyroscope; pyroscopePort = config.services.pyroscope.settings.server.http_listen_port; in { options.bagel.services.pyroscope = { enable = mkEnableOption "pyroscope server"; }; # TODO: send me to nixpkgs imports = [ ./module.nix ]; config = mkIf cfg.enable { age.secrets.pyroscope-secrets.file = ../../../secrets/pyroscope-secrets.age; services.nginx = { upstreams.pyroscope = { servers."127.0.0.1:${toString pyroscopePort}" = {}; extraConfig = "keepalive 16;"; }; virtualHosts."pyroscope.forkos.org" = { enableACME = true; forceSSL = true; locations."/api/v1/push" = { proxyPass = "http://pyroscope"; basicAuthFile = config.age.secrets.metrics-push-htpasswd.path; }; }; }; services.pyroscope = { enable = true; secretFile = config.age.secrets.pyroscope-secrets.path; settings = { target = "all"; multitenancy_enabled = false; api.base-url = "https://pyroscope.forkos.org"; analytics.reporting_enabled = false; storage = { backend = "s3"; s3 = { endpoint = "s3.delroth.net"; region = "garage"; bucket_name = "bagel-pyroscope"; access_key_id = "\${S3_KEY_ID}"; secret_access_key = "\${S3_KEY}"; force_path_style = true; }; }; server = { http_listen_port = 4040; grpc_listen_port = 9097; grpc_server_max_recv_msg_size = 104857600; grpc_server_max_send_msg_size = 104857600; grpc_server_max_concurrent_streams = 1000; }; memberlist = { advertise_port = 7948; bind_port = 7948; }; }; }; }; }