feat: enhance Blackbox Exporter configuration with domain blacklist and update Grafana alerting rules

hosts/web-arm/modules/blackbox-exporter.nix

@@ -5,13 +5,32 @@ with lib;
 let
   hostname = config.networking.hostName;
 
+  cfg = config.services.blackbox-exporter;
   nginxVHosts = config.services.nginx.virtualHosts or {};
   allDomains = lib.attrNames nginxVHosts;
-  httpsDomains = lib.map (d: "https://${d}") allDomains;
+  filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
+  httpsDomains = lib.map (d: "https://${d}") filteredDomains;
   domainsString = builtins.concatStringsSep "\n          "
     (map (d: "\"${d}\",") httpsDomains);
 in {
+  options.services.blackbox-exporter.blacklistDomains = mkOption {
+    type = types.listOf types.str;
+    default = [];
+    description = "List of domains to monitor with Blackbox Exporter";
+  };
+
   config = {
+    services.blackbox-exporter = {
+      blacklistDomains = [
+        "autoconfig.cloonar.com"
+        "cloonar.dev"
+        "loki.cloonar.com"
+        "stage.korean-skin.care"
+        "victoria-server.cloonar.com"
+        "updns.cloonar.com"
+        "feeds.jordanrannells.com"
+      ];
+    };
     # Systemd service for Blackbox Exporter
     systemd.services.blackbox-exporter = {
       description = "Blackbox Exporter";

hosts/web-arm/modules/grafana/alerting/websites/default.nix

@@ -1,9 +1,11 @@
 { lib, pkgs, config, ... }:
 
 let
+  cfg = config.services.blackbox-exporter;
   nginxVHosts = config.services.nginx.virtualHosts or {};
   allDomains = lib.attrNames nginxVHosts;
-  httpsDomains = lib.map (d: "https://${d}") allDomains;
+  filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
+  httpsDomains = lib.map (d: "https://${d}") filteredDomains;
   websiteAlertRules = lib.map (target:
     let
       domain = lib.replaceStrings ["://" "." "-" "/" ] ["-" "-" "_" "_"] target + "-down-alert";

hosts/web-arm/modules/grafana/default.nix

@@ -67,9 +67,7 @@ in
         use_pkce = true;
       };
 
-      "auth.anonymous".enabled = true;
-      "auth.anonymous".org_name = "Cloonar e.U.";
-      "auth.anonymous".org_role = "Viewer";
+      "auth.anonymous".enabled = false;
 
       server = {
         root_url = "https://grafana.cloonar.com";

hosts/web-arm/sites/autoconfig.cloonar.com.nix

@@ -27,10 +27,4 @@ in
       proxyPass = "http://localhost:1323/";
     };
   };
-  services.nginx.virtualHosts."autoconfig.superbros.tv".extraConfig = ''
-    return 301 https://autoconfig.cloonar.com$request_uri;
-  '';
-  services.nginx.virtualHosts."autoconfig.korean-skin.care".extraConfig = ''
-    return 301 https://autoconfig.cloonar.com$request_uri;
-  '';
 }

hosts/web-arm/sites/autoconfig.nix

@@ -1,11 +1,5 @@
 { pkgs, lib, config, ... }:
 let
-  domains = [
-    "cloonar.com"
-    "ghetto.at"
-    "optiprot.eu"
-  ];
-
   vhostConfig = {
       forceSSL = true;
       enableACME = true;
@@ -48,10 +42,6 @@ let
 in
 {
   services.nginx.virtualHosts."autoconfig.cloonar.com" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.ghetto.at" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.optiprot.eu" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.superbros.tv" = vhostConfig;
-  services.nginx.virtualHosts."autoconfig.korean-skin.care" = vhostConfig;
 
   systemd.services."phpfpm-autoconfig".serviceConfig.ProtectHome = lib.mkForce false;