From 279368432bc99db03a835b60e70e141a632577e4 Mon Sep 17 00:00:00 2001
From: "Ricardo (XenGi) Band" <email@ricardo.band>
Date: Wed, 18 Feb 2026 00:14:31 +0100
Subject: [PATCH] add prometheus nginx

---
 hosts/matrix/default.nix      |  3 ++-
 hosts/md/default.nix          |  1 +
 hosts/monitoring/default.nix  |  1 +
 hosts/www/default.nix         |  1 +
 services/prometheus-nginx.nix | 13 +++++++++++++
 5 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 services/prometheus-nginx.nix

diff --git a/hosts/matrix/default.nix b/hosts/matrix/default.nix
index 7ab9d3c..7c2b962 100644
--- a/hosts/matrix/default.nix
+++ b/hosts/matrix/default.nix
@@ -4,9 +4,10 @@
   imports = [
     ../common.nix
     ../../services/openssh.nix
-    ../../services/nginx.nix
     ../../services/prometheus-node.nix
+    ../../services/nginx.nix
     ./nginx.nix
+    ../../services/prometheus-nginx.nix
     ./synapse.nix
     ./draupnir.nix
   ];
diff --git a/hosts/md/default.nix b/hosts/md/default.nix
index 437a864..8234469 100644
--- a/hosts/md/default.nix
+++ b/hosts/md/default.nix
@@ -8,6 +8,7 @@
     ./hedgedoc.nix
     ../../services/nginx.nix
     ./nginx.nix
+    ../../services/prometheus-nginx.nix
   ];
 
   networking = {
diff --git a/hosts/monitoring/default.nix b/hosts/monitoring/default.nix
index 23aa560..f98be6a 100644
--- a/hosts/monitoring/default.nix
+++ b/hosts/monitoring/default.nix
@@ -7,6 +7,7 @@
     ../../services/prometheus-node.nix
     ../../services/nginx.nix
     ./nginx.nix
+    ../../services/prometheus-nginx.nix
     ./prometheus.nix
     ./grafana.nix
   ];
diff --git a/hosts/www/default.nix b/hosts/www/default.nix
index 2a62713..4a9cc1b 100644
--- a/hosts/www/default.nix
+++ b/hosts/www/default.nix
@@ -8,6 +8,7 @@
     ../../services/prometheus-node.nix
     ../../services/nginx.nix
     ./nginx.nix
+    ../../services/prometheus-nginx.nix
   ];
 
   networking = {
diff --git a/services/prometheus-nginx.nix b/services/prometheus-nginx.nix
new file mode 100644
index 0000000..a02de4e
--- /dev/null
+++ b/services/prometheus-nginx.nix
@@ -0,0 +1,13 @@
+{ config, ... }:
+
+{
+  services.prometheus.exporters.nginx = {
+    enable = true;
+    openFirewall = true;
+    firewallRules = ''
+      ip saddr 195.160.173.14/32 tcp dport ${toString config.services.prometheus.exporters.nginx.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+      ip6 saddr 2001:678:760:cccb::14/128 tcp dport ${toString config.services.prometheus.exporters.nginx.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+    '';
+  };
+}
+