{ config, ... }:
let
  configure_prom = builtins.toFile "prometheus.yml" ''
    scrape_configs:
    - job_name: '${config.networking.hostName}'
      stream_parse: true
      static_configs:
      - targets:
        - 127.0.0.1:9100
  '';
in {
  services.prometheus.exporters.node.enable = true;

  sops.secrets.victoria-nginx-password.owner = "nginx";

  services.victoriametrics = {
    enable = true;
    extraOptions = [
      "-promscrape.config=${configure_prom}"
    ];
  };

  services.nginx.virtualHosts."victoria-server.cloonar.com" = {
    forceSSL = true;
    enableACME = true;
    acmeRoot = null;
    locations."/" = {
      proxyWebsockets = true;
      extraConfig = ''
        auth_basic "Victoria password";
        auth_basic_user_file ${config.sops.secrets.victoria-nginx-password.path};

        proxy_read_timeout 1800s;
        proxy_redirect off;
        proxy_connect_timeout 1600s;

        access_log off;
        proxy_pass http://127.0.0.1:8428;
      '';
    };
  };

}