6 files changed, 87 insertions, 0 deletions

diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index 74518f0..fbda40f 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -13,11 +13,14 @@ in
     ./hardware-configuration.nix
     <top/profiles/server>
     <top/shared/monitoring.nix>
+    <top/shared/postgresql.nix>
     <top/shared/tailscale.nix>
     <top/shared/basics-physical.nix>
     <top/shared/vpn.nix>
+    ./exporters.nix
     ./home-automation.nix
     ./kodi.nix
+    ./miniflux.nix
     ./torrent.nix
     ./hosehawk.nix
   ];
@@ -49,7 +52,9 @@ in
   monitoring.lokiPort = ports.grafanaLoki;
   monitoring.prometheusPort = ports.prometheus;
   monitoring.prometheusNodeExporterPort = ports.prometheusNodeExporter;
+  exporters.sqlExporterPort = ports.prometheusSqlExporter;
   hosehawk.port = ports.hosehawk;
+  miniflux.port = ports.miniflux;
 
   home-automation.zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0";
 
diff --git a/nixos/hosts/ev/exporters.nix b/nixos/hosts/ev/exporters.nix
new file mode 100644
index 0000000..1c03c35
--- /dev/null
+++ b/nixos/hosts/ev/exporters.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+let
+  helpers = import <top/shared/postgres-collectors.nix> { inherit config lib pkgs; };
+  cfg = config.exporters;
+in
+{
+  options.exporters = {
+    sqlExporterPort = lib.mkOption {
+      type = lib.types.int;
+    };
+  };
+
+  imports = [
+    <top/shared/prometheus-sql-exporter/service.nix>
+  ];
+
+  config = {
+    services.prometheus-sql-exporter = {
+      enable = true;
+      port = cfg.sqlExporterPort;
+      config = {
+        target = {
+          # This URL should be postgresql:///postgres?host=/run/postgresql
+          # but sql_exporter uses xo/dburl which isn't spec-compliant: https://github.com/xo/dburl/issues/46
+          data_source_name = "postgresql:/run/postgresql:/postgres";
+          collectors = helpers.collectorNames;
+        };
+        collectors = helpers.collectors;
+      };
+    };
+
+    monitoring.prometheusScrapeConfigs = [
+      {
+        job_name = "sql";
+        static_configs = [{
+          targets = [ "localhost:${toString cfg.sqlExporterPort}" ];
+        }];
+      }
+    ];
+  };
+}
diff --git a/nixos/hosts/ev/miniflux.nix b/nixos/hosts/ev/miniflux.nix
new file mode 100644
index 0000000..5bf1ccd
--- /dev/null
+++ b/nixos/hosts/ev/miniflux.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.miniflux;
+in
+{
+  options.miniflux = {
+    port = lib.mkOption {
+      type = lib.types.int;
+    };
+  };
+
+  config = {
+    age.secrets.miniflux-admin.file = <top/secrets/miniflux-admin.age>;
+
+    services.miniflux = {
+      enable = true;
+      config = {
+        LISTEN_ADDR = "0.0.0.0:${toString cfg.port}";
+        DATABASE_URL = "user=miniflux host=/run/postgresql dbname=miniflux";
+      };
+      # miniflux does not support disabling its authentication. https://github.com/miniflux/v2/issues/408
+      adminCredentialsFile = config.age.secrets.miniflux-admin.path;
+      createDatabaseLocally = false;
+    };
+  };
+}
diff --git a/nixos/hosts/ev/ports.nix b/nixos/hosts/ev/ports.nix
index cd41d1b..502e190 100644
--- a/nixos/hosts/ev/ports.nix
+++ b/nixos/hosts/ev/ports.nix
@@ -2,8 +2,10 @@ rec {
   grafanaAlloy = 3001;
   grafanaLoki = 3030;
   hosehawk = 4000;
+  miniflux = 4001;
   prometheus = 9090;
   prometheusNodeExporter = 9002;
+  prometheusSqlExporter = 9003;
   qbittorrent = 7777;
   zigbee2mqtt = 8080;
 
@@ -11,6 +13,7 @@ rec {
     inherit
       grafanaAlloy
       hosehawk
+      miniflux
       prometheus
       qbittorrent
       zigbee2mqtt
diff --git a/nixos/secrets/miniflux-admin.age b/nixos/secrets/miniflux-admin.age
new file mode 100644
index 0000000..b656b07
--- /dev/null
+++ b/nixos/secrets/miniflux-admin.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 PMTW+A CIjI5374KCn9hZRM6vj4PTcUj4FzHan/buPBD5gQmw8
+6mXVcux6zZQ16U1y3bipsKD4y1QiMQ498IQAzpDJqt0
+-> ssh-ed25519 PHC5tQ IQiEl8meNDHIE0HI2SErDxFDVSEd/TCRH5PplnIC9H4
+mq/N57ex2NpbptzaMpAfYJ1Y/exIj1+J2X9CRW28aOg
+-> e#-grease TdfbQVa$ L X4("^:7K V&L1z
+cHZi1Yyb7tz7gw9zkPqbbhEZeGVIncPZfTpIvch0e/wDCIjMxY7e2Pb6nOVDxQ
+--- b32AUhCBWDVXlj4pUbDW91Y80nQ5Wp9zTy+rl6vnFHU
+A��5�'`�e�YZ%Fd�k�*�&8I���Be@A����a�[��/�{�e���E�u<)>��I�t��M�Y};�b
\ No newline at end of file
diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 282ee6c..f1c8ab8 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -8,4 +8,5 @@ in
 {
   "vpn-se-privKey.age".publicKeys = [ martin hamac ev ];
   "grafana-matrix-forwarder-env.age".publicKeys = [ martin tente ];
+  "miniflux-admin.age".publicKeys = [ martin ev ];
 }