fix(gs/mugwump): Make nginx scraper play well with SSL r/1845

Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.

Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI

1 files changed, 9 insertions, 0 deletions

diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
index 96bc1cca3f02..267098a74fc1 100644
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -96,6 +96,7 @@ with lib;
 
   services.nginx = {
     enable = true;
+    statusPage = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
@@ -146,6 +147,8 @@ with lib;
       nginx = {
         enable = true;
         openFirewall = true;
+        sslVerify = false;
+        constLabels = [ "host=mugwump" ];
       };
     };
 
@@ -155,6 +158,12 @@ with lib;
       static_configs = [{
         targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
       }];
+    } {
+      job_name = "nginx";
+      scrape_interval = "5s";
+      static_configs = [{
+        targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];
+      }];
     }];
   };