{ config, lib, pkgs, ... }:

with lib;

let
  relabelHosts = [
    { source_labels = ["__address__"];
      target_label = "instance";
      regex = "(localhost|127\.[0-9]+\.[0-9]+\.[0-9]+)(:[0-9]+)?";
      replacement = "surtr";
    }
  ];
in {
  config = {
    services.prometheus = {
      enable = true;

      exporters = {
        node = {
          enable = true;
          enabledCollectors = [];
        };
      };

      globalConfig = {
        evaluation_interval = "1s";
      };

      remoteWrite = [
        {
          url = "https://prometheus.vidhar.yggdrasil/api/v1/write";
          name = "vidhar";
          tls_config = {
            ca_file = toString ../../vidhar/prometheus/ca/ca.crt;
            cert_file = toString ./tls.crt;
            key_file = "/run/credentials/prometheus.service/tls.key";
          };
        }
      ];

      scrapeConfigs = [
        { job_name = "prometheus";
          static_configs = [
            { targets = ["localhost:${toString config.services.prometheus.port}"]; }
          ];
          relabel_configs = relabelHosts;
          scrape_interval = "1s";
        }
        { job_name = "node";
          static_configs = [
            { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
          ];
          relabel_configs = relabelHosts;
          scrape_interval = "1s";
        }
      ];

      rules = [
        (generators.toYAML {} {
          groups = [
          ];
        })
      ];
    };

    sops.secrets."prometheus.key" = {
      format = "binary";
      sopsFile = ./tls.key;
    };

    systemd.services.prometheus.serviceConfig.LoadCredential = [
      "tls.key:${config.sops.secrets."prometheus.key".path}"
    ];
  };
}