From 4969520222f22d0ba9dcf76e3a329c197e6a3504 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sun, 1 Jun 2025 11:40:04 +0200
Subject: [PATCH] feat: enhance Blackbox Exporter configuration with domain
 blacklist and update Grafana alerting rules

---
 hosts/web-arm/modules/blackbox-exporter.nix   | 21 ++++++++++++++++++-
 .../grafana/alerting/websites/default.nix     |  4 +++-
 hosts/web-arm/modules/grafana/default.nix     |  4 +---
 .../web-arm/sites/autoconfig.cloonar.com.nix  |  6 ------
 hosts/web-arm/sites/autoconfig.nix            | 10 ---------
 5 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/hosts/web-arm/modules/blackbox-exporter.nix b/hosts/web-arm/modules/blackbox-exporter.nix
index ddf9557..27f265a 100644
--- a/hosts/web-arm/modules/blackbox-exporter.nix
+++ b/hosts/web-arm/modules/blackbox-exporter.nix
@@ -5,13 +5,32 @@ with lib;
 let
   hostname = config.networking.hostName;
 
+  cfg = config.services.blackbox-exporter;
   nginxVHosts = config.services.nginx.virtualHosts or {};
   allDomains = lib.attrNames nginxVHosts;
-  httpsDomains = lib.map (d: "https://${d}") allDomains;
+  filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
+  httpsDomains = lib.map (d: "https://${d}") filteredDomains;
   domainsString = builtins.concatStringsSep "\n          "
     (map (d: "\"${d}\",") httpsDomains);
 in {
+  options.services.blackbox-exporter.blacklistDomains = mkOption {
+    type = types.listOf types.str;
+    default = [];
+    description = "List of domains to monitor with Blackbox Exporter";
+  };
+
   config = {
+    services.blackbox-exporter = {
+      blacklistDomains = [
+        "autoconfig.cloonar.com"
+        "cloonar.dev"
+        "loki.cloonar.com"
+        "stage.korean-skin.care"
+        "victoria-server.cloonar.com"
+        "updns.cloonar.com"
+        "feeds.jordanrannells.com"
+      ];
+    };
     # Systemd service for Blackbox Exporter
     systemd.services.blackbox-exporter = {
       description = "Blackbox Exporter";
diff --git a/hosts/web-arm/modules/grafana/alerting/websites/default.nix b/hosts/web-arm/modules/grafana/alerting/websites/default.nix
index 6681423..b6139f6 100644
--- a/hosts/web-arm/modules/grafana/alerting/websites/default.nix
+++ b/hosts/web-arm/modules/grafana/alerting/websites/default.nix
@@ -1,9 +1,11 @@
 { lib, pkgs, config, ... }:
 
 let
+  cfg = config.services.blackbox-exporter;
   nginxVHosts = config.services.nginx.virtualHosts or {};
   allDomains = lib.attrNames nginxVHosts;
-  httpsDomains = lib.map (d: "https://${d}") allDomains;
+  filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
+  httpsDomains = lib.map (d: "https://${d}") filteredDomains;
   websiteAlertRules = lib.map (target:
     let
       domain = lib.replaceStrings ["://" "." "-" "/" ] ["-" "-" "_" "_"] target + "-down-alert";
diff --git a/hosts/web-arm/modules/grafana/default.nix b/hosts/web-arm/modules/grafana/default.nix
index 6ec5819..db3286b 100644
--- a/hosts/web-arm/modules/grafana/default.nix
+++ b/hosts/web-arm/modules/grafana/default.nix
@@ -67,9 +67,7 @@ in
         use_pkce = true;
       };
 
-      "auth.anonymous".enabled = true;
-      "auth.anonymous".org_name = "Cloonar e.U.";
-      "auth.anonymous".org_role = "Viewer";
+      "auth.anonymous".enabled = false;
 
       server = {
         root_url = "https://grafana.cloonar.com";
diff --git a/hosts/web-arm/sites/autoconfig.cloonar.com.nix b/hosts/web-arm/sites/autoconfig.cloonar.com.nix
index 8b40ad0..d45fb8f 100644
--- a/hosts/web-arm/sites/autoconfig.cloonar.com.nix
+++ b/hosts/web-arm/sites/autoconfig.cloonar.com.nix
@@ -27,10 +27,4 @@ in
       proxyPass = "http://localhost:1323/";
     };
   };
-  services.nginx.virtualHosts."autoconfig.superbros.tv".extraConfig = ''
-    return 301 https://autoconfig.cloonar.com$request_uri;
-  '';
-  services.nginx.virtualHosts."autoconfig.korean-skin.care".extraConfig = ''
-    return 301 https://autoconfig.cloonar.com$request_uri;
-  '';
 }
diff --git a/hosts/web-arm/sites/autoconfig.nix b/hosts/web-arm/sites/autoconfig.nix
index 963d2b8..465c69e 100644
--- a/hosts/web-arm/sites/autoconfig.nix
+++ b/hosts/web-arm/sites/autoconfig.nix
@@ -1,11 +1,5 @@
 { pkgs, lib, config, ... }:
 let
-  domains = [
-    "cloonar.com"
-    "ghetto.at"
-    "optiprot.eu"
-  ];
-
   vhostConfig = {
       forceSSL = true;
       enableACME = true;
@@ -48,10 +42,6 @@ let
 in
 {
   services.nginx.virtualHosts."autoconfig.cloonar.com" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.ghetto.at" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.optiprot.eu" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.superbros.tv" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.korean-skin.care" = vhostConfig;
 
   systemd.services."phpfpm-autoconfig".serviceConfig.ProtectHome = lib.mkForce false;