{ config, lib, pkgs, ... }:

# requires nsupdate to get correct hostname (from ./search.nix)
# graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp)

with import <stockholm/lib>;
{

  networking.firewall = {
    allowedTCPPorts = [ 2003 80 443 18080 ];
    allowedUDPPorts = [ 2003 ];
  };

  services.nginx = {
    enable = mkDefault true;
    virtualHosts = {
      "stats.nsupdate.info" = {
        enableACME = true;
        forceSSL = true;

        locations = {
          "/"  = {
            proxyPass  = "http://localhost:3000/";
            extraConfig = ''
              proxy_set_header   Host             $host;
              proxy_set_header   X-Real-IP        $remote_addr;
              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            '';
          };
        };
      };
    };
  };

  services.grafana = {
    enable = true;
    addr = "127.0.0.1";
    users.allowSignUp = false;
    users.allowOrgCreate = false;
    users.autoAssignOrg = false;
    auth.anonymous.enable = true;
    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
  };

  services.graphite = {
   api = {
      enable = true;
      # package = pkgs.graphiteApi;
      #listenAddress = "127.0.0.1";
      listenAddress = "0.0.0.0";
      port = 18080;
    };
    carbon = {
      enableCache = true;
      # save disk usage by restricting to 1 bulk update per second
      config = ''
        [cache]
        MAX_CACHE_SIZE = inf
        MAX_UPDATES_PER_SECOND = 3
        MAX_CREATES_PER_MINUTE = 5000
        LOG_UPDATES = False
        LOG_CACHE_HITS = False
        LOG_CACHE_QUEUE_SORTS = False
        '';
      storageSchemas = ''
        [carbon]
        pattern = ^carbon\.
        retentions = 60:90d

        [elchos]
        patterhn = ^elchos\.
        retentions = 10s:30d,60s:3y


        [default]
        pattern = ^krebs\.
        retentions = 1s:30d,30s:3m,300s:1y
        [default]
        pattern = .*
        retentions = 30s:30d,300s:1y
        '';
    };
  };

}