From c83b7e7da3db0af5ef01e308e47c422e774bf3da Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Mon, 12 Oct 2020 23:27:58 -0400
Subject: fix(gs/mugwump): Make nginx scraper play well with SSL

Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.

Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
---
 users/glittershark/system/system/machines/mugwump.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'users/glittershark/system/system/machines/mugwump.nix')

diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
index 96bc1cca3f..267098a74f 100644
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -96,6 +96,7 @@ with lib;
 
   services.nginx = {
     enable = true;
+    statusPage = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
@@ -146,6 +147,8 @@ with lib;
       nginx = {
         enable = true;
         openFirewall = true;
+        sslVerify = false;
+        constLabels = [ "host=mugwump" ];
       };
     };
 
@@ -155,6 +158,12 @@ with lib;
       static_configs = [{
         targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
       }];
+    } {
+      job_name = "nginx";
+      scrape_interval = "5s";
+      static_configs = [{
+        targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];
+      }];
     }];
   };
 
-- 
cgit 1.4.1