{ config, lib, pkgs, ... }:

# requires nsupdate to get correct hostname (from ./search.nix)
# graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp)

with import <stockholm/lib>;
{

  services.nginx = {
    enable = mkDefault true;
    virtualHosts = {
      "stats.nsupdate.info" = {
        enableACME = true;
        forceSSL = true;

        locations = {
          "/"  = {
            proxyPass  = "http://localhost:3000/";
            extraConfig = ''
              proxy_set_header   Host             $host;
              proxy_set_header   X-Real-IP        $remote_addr;
              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            '';
          };
        };
      };
    };
  };

  services.grafana = {
    enable = true;
    addr = "127.0.0.1";
    users.allowSignUp = false;
    users.allowOrgCreate = false;
    users.autoAssignOrg = false;
    auth.anonymous.enable = true;
    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
  };

  services.graphite = {
    beacon = {
      enable = true;
      config = {
        graphite_url = "http://localhost:18080";

        no_data = "critical";
        loading_error = "normal";

        prefix = "[elchos]";

        cli = {
          command = ''${pkgs.irc-announce}/bin/irc-announce irc.freenode.org 6667 alert0r \#elchos ' [elchos] ''${level} ''${name} ''${value}' '';
        };
        #smtp = {
        #  from = "beacon@mors.r";
        #  to = [
        #    "lass@mors.r"
        #  ];
        #};
        normal_handlers = [
          # "smtp"
          "cli"
        ];
        warning_handlers = [
          # "smtp"
          "cli"
        ];
        critical_handlers = [
          # "smtp"
          "cli"
        ];
        alerts = let
          high-load = hostid: let
              host = "elch-${toString hostid}"; in {
              name = "high-cpu-load-${host}";
              query = "aliasByNode(perSecond(elchos.${host}.cpu.0.cpu.idle),1)";
              method = "average";
              interval = "1minute";
              logging = "info";
              repeat_interval = "5minute";
              rules = [
  #              "warning: < 30.0"
                "critical: < 1.0"
              ];
            };
          in map high-load [ 1 2 3 4 5 6 7 8 ];
      };
   };
   api = {
      enable = true;
      package = pkgs.graphiteApi;
      listenAddress = "127.0.0.1";
      port = 18080;
    };
    carbon = {
      enableCache = true;
      # save disk usage by restricting to 1 bulk update per second
      config = ''
        [cache]
        MAX_CACHE_SIZE = inf
        MAX_UPDATES_PER_SECOND = 10
        MAX_CREATES_PER_MINUTE = 5000
        '';
      storageSchemas = ''
        [carbon]
        pattern = ^carbon\.
        retentions = 60:90d

        [elchos]
        patterhn = ^elchos\.
        retentions = 10s:30d,60s:3y


        [default]
        pattern = ^krebs\.
        retentions = 1s:30d,30s:3m,300s:1y
        [default]
        pattern = .*
        retentions = 30s:30d,300s:1y
        '';
    };
  };

  networking.firewall = {
    allowedTCPPorts = [ 2003 80 443 ];
    allowedUDPPorts = [ 2003 ];
  };
}