···

       
1
       
 
       
vmetrics:

     

       
2
       
 
       
    auth: ENC[AES256_GCM,data:oxbj18DlfPJ+PEdIj6YEdF66ZZNar1l9Mak0Bmqu2AOZWlhCo2aRlrcGfvs7mORplvQmcfh5MwjTqGExjQX4ke28SZ7pszoLMGM3XR2BdedPNsO0KcI/zV19dAL1wijBr1c2qqDJGqqO1P0UzLaUbonl9bskG8L9+lB2pr8aU7z1Unejd/Qq2Ae/3x9Ku82deeP5jGWJkeUae9wADEsBPdbqRbv1bpW5zzmc2A==,iv:x65jPFbodvp3/v09OJ0BIgxMUFOLBkpiKRVMoB8seP4=,tag:wz5UVNBJoSl2994GYjVgpA==,type:str]

     

       
0
       
 
       

     

       
3
       
 
       
buildbot:

     

       
4
       
 
       
    token: ENC[AES256_GCM,data:38NXxDghxuRLPHaDqJ3iUqfewImSNAmMOEcc1+/wt6ser9KKpoO2nZBGrTOJF8DvsHHKYj4hPsBXBRtKVQy2f7eB2RkMjOTWZY/Q9+KgGFy5QEu1YdEPZ897Gk/E6APowQCRfJZ/ExUoxgoUumQSqMy2I++NuPQzlUI10yDDC0HwzLErnfWJDct+XoYdral2OG9GhMI0aglrlLtYHAPG7+dvqGm1N5jhQBrkOw==,iv:yZKW7ssLp+gy204C5ikwh3ivSrEtEl/sH+t17rsaMD0=,tag:umxk8szrR94gDFc7NZP4IA==,type:str]

     

       
5
       
 
       
minio:

     
···

       
38
       
 
       
            S2duS3ZmMVZJYW9HOERMc1FadlZIekEKaXDFW+Szv9WlqQMIr6Mc5qYlMyt8M19u

     

       
39
       
 
       
            DmMZu5Mzl2bLQK5LQvT/iLktWZZidYKfOuP73HpAFf8iIhYXBOLKMQ==

     

       
40
       
 
       
            -----END AGE ENCRYPTED FILE-----

     

       
41
       
-
       
    lastmodified: "2025-02-13T17:40:39Z"

     

       
42
       
-
       
    mac: ENC[AES256_GCM,data:91bqz+E6GInVIiZ67UR3u+ZGs7BjKgck5gNazotgNT+h9WzXLjR4ASahi3ZRmLb8aAJ/dkkq++oXDYnSN3r2NB4z0UXfD+7/Ic7ZxTjOcj7GiN6enVSndEdtupyc2qhCqRolQbGloaAkUj86QeB8CvoOM/rg26ErKEXIx07MYm4=,iv:XWfTe2vKiMSuV0gUKdn+rygC98ZVNO8f6uGhFLHJs2o=,tag:YJdBi6uzo8EJqU/6cLPzew==,type:str]

     

       
43
       
 
       
    pgp: []

     

       
44
       
 
       
    unencrypted_suffix: _unencrypted

     

       
45
       
 
       
    version: 3.9.4

     

···

       
1
       
 
       
vmetrics:

     

       
2
       
 
       
    auth: ENC[AES256_GCM,data:oxbj18DlfPJ+PEdIj6YEdF66ZZNar1l9Mak0Bmqu2AOZWlhCo2aRlrcGfvs7mORplvQmcfh5MwjTqGExjQX4ke28SZ7pszoLMGM3XR2BdedPNsO0KcI/zV19dAL1wijBr1c2qqDJGqqO1P0UzLaUbonl9bskG8L9+lB2pr8aU7z1Unejd/Qq2Ae/3x9Ku82deeP5jGWJkeUae9wADEsBPdbqRbv1bpW5zzmc2A==,iv:x65jPFbodvp3/v09OJ0BIgxMUFOLBkpiKRVMoB8seP4=,tag:wz5UVNBJoSl2994GYjVgpA==,type:str]

     

       
3
       
+
       
    minio_token: ENC[AES256_GCM,data:2joZcYZKcPv7jAlFP+r2xr1840Nv62vWjgE+VvkaIoYlA0Pjg4HWp8qZyEjeJTIOBvmS91RDgooZ7aOmXtZL7venWeMiMyR8k/58+uic3aNg+u5hen461qfYnseQa5bNv2zxXAMVpJG/cAVbnDAk5L1XIX5+GOnGCHC1BXH+xoyp+5ue3DGKeCitJgDBiuEfg68/UiJnQXGAjFe7ZzZX5NTSeb0ktBkxSKHT/Zk7pfoVjY+nzd0he2LVaLKu/qzmSMs3eew2pCHL2BHX7VmF7fDlDfg=,iv:akHyfu47u5luyfzfyFBrkMVmuw+S89LI0wVKNbbHOnQ=,tag:FFVBVNoY3h42c6fUL/v7oQ==,type:str]

     

       
4
       
 
       
buildbot:

     

       
5
       
 
       
    token: ENC[AES256_GCM,data:38NXxDghxuRLPHaDqJ3iUqfewImSNAmMOEcc1+/wt6ser9KKpoO2nZBGrTOJF8DvsHHKYj4hPsBXBRtKVQy2f7eB2RkMjOTWZY/Q9+KgGFy5QEu1YdEPZ897Gk/E6APowQCRfJZ/ExUoxgoUumQSqMy2I++NuPQzlUI10yDDC0HwzLErnfWJDct+XoYdral2OG9GhMI0aglrlLtYHAPG7+dvqGm1N5jhQBrkOw==,iv:yZKW7ssLp+gy204C5ikwh3ivSrEtEl/sH+t17rsaMD0=,tag:umxk8szrR94gDFc7NZP4IA==,type:str]

     

       
6
       
 
       
minio:

     
···

       
39
       
 
       
            S2duS3ZmMVZJYW9HOERMc1FadlZIekEKaXDFW+Szv9WlqQMIr6Mc5qYlMyt8M19u

     

       
40
       
 
       
            DmMZu5Mzl2bLQK5LQvT/iLktWZZidYKfOuP73HpAFf8iIhYXBOLKMQ==

     

       
41
       
 
       
            -----END AGE ENCRYPTED FILE-----

     

       
42
       
+
       
    lastmodified: "2025-02-13T19:01:36Z"

     

       
43
       
+
       
    mac: ENC[AES256_GCM,data:Mu/FvauwQWX0pVdsgJttlM5o0p0Aeo8iwd2ieKUNuRXo+3oJfjOmjaGarJYX7Y1I3PJ+yGt8jgbWN+P1XA41gI4z8+Qwi5IfLZz9taXZ63TwZLV27N4eLr11LQzx02IC/sliA6Y7uDkhzepb5kyHw03wqBQ7i9OxQ4ppIpvV2hc=,iv:u4jOwfuAxrP2HmNHT8FabrOK3dYzuDKDLocvWdyEg0g=,tag:yg57InQ9kDtDxQhQrA8A3w==,type:str]

     

       
44
       
 
       
    pgp: []

     

       
45
       
 
       
    unencrypted_suffix: _unencrypted

     

       
46
       
 
       
    version: 3.9.4

     

···

       
1
       
 
       
{...}: {

     

       
2
       
 
       
  imports = [

     

       
0
       
 
       

     

       
3
       
 
       
    ./minio.nix

     

       
4
       
 
       
  ];

     

       
5
       
 
       
}

     

···

       
1
       
 
       
{...}: {

     

       
2
       
 
       
  imports = [

     

       
3
       
+
       
    ./vmagent.nix

     

       
4
       
 
       
    ./minio.nix

     

       
5
       
 
       
  ];

     

       
6
       
 
       
}

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{

     

       
2
       
+
       
  _utils,

     

       
3
       
+
       
  config,

     

       
4
       
+
       
  lib,

     

       
5
       
+
       
  ...

     

       
6
       
+
       
}: let

     

       
7
       
+
       
  secrets = _utils.setupSecrets config {

     

       
8
       
+
       
    namespace = "vmetrics";

     

       
9
       
+
       
    secrets = ["minio_token"];

     

       
10
       
+
       
  };

     

       
11
       
+
       
in {

     

       
12
       
+
       
  imports = lib.singleton secrets.generate;

     

       
13
       
+
       
  systemd.services.vmagent.serviceConfig.LoadCredential = [

     

       
14
       
+
       
    "minio_token:${secrets.get "minio_token"}"

     

       
15
       
+
       
  ];

     

       
16
       
+
       


     

       
17
       
+
       
  services.vmagent.prometheusConfig.scrape_configs = lib.singleton {

     

       
18
       
+
       
    job_name = "minio-job";

     

       
19
       
+
       
    metrics_path = "/minio/v2/metrics/cluster";

     

       
20
       
+
       
    scheme = "http";

     

       
21
       
+
       
    static_configs = lib.singleton {targets = lib.singleton "localhost:26531";};

     

       
22
       
+
       
    relabel_configs = lib.singleton {

     

       
23
       
+
       
      target_label = "instance";

     

       
24
       
+
       
      replacement = config.networking.fqdnOrHostName;

     

       
25
       
+
       
    };

     

       
26
       
+
       


     

       
27
       
+
       
    # https://github.com/NixOS/nixpkgs/issues/367447

     

       
28
       
+
       
    # https://docs.victoriametrics.com/sd_configs/#scrape_configs

     

       
29
       
+
       
    # hard coding because we can't use %{ENV_VAR} syntax (yet) when checking.

     

       
30
       
+
       
    bearer_token_file = "/run/credentials/vmagent.service/minio_token";

     

       
31
       
+
       
  };

     

       
32
       
+
       
}