{ config, ... }:
{
  age.secrets."maxmind" = {
    file = ../../../../secrets/shared/maxmind.age;
  };
  users.users."promtail".extraGroups = [ "caddy" ];
  services.prometheus = {
    exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
      postfix = {
        enable = true;
      };
    };
  };
  services.geoipupdate = {
    enable = true;
    settings = {
      AccountID = 1018346;
      LicenseKey = config.age.secrets."maxmind".path;
      EditionIDs = [
        "GeoLite2-ASN"
        "GeoLite2-City"
        "GeoLite2-Country"
      ];
      DatabaseDirectory = "/var/lib/GeoIP";
    };
  };
  services.promtail = {
    enable = true;
    configuration = {
      server = {
        http_listen_port = 3031;
        grpc_listen_port = 0;
      };
      positions = {
        filename = "/tmp/positions.yaml";
      };
      clients = [{
        url = "http://nuc.vpn.rfive.de:3030/loki/api/v1/push";
      }];
      scrape_configs = [
        {
          job_name = "caddy_access_log";
          static_configs = [
            {
              targets = [ "localhost" ];
              labels = {
                job = "caddy_access_log";
                agent = "caddy-promtail";
                __path__ = "/var/log/caddy/*.log";
              };
            }
          ];
          pipeline_stages = [
            {
              json.expressions.remote_ip = "request.remote_ip";
            }
            {
              geoip = {
                db = "/var/lib/GeoIP/GeoLite2-City.mmdb";
                source = "remote_ip";
                db_type = "city";
              };
            }
          ];

        }
      ];
    };
  };
  networking.firewall.allowedTCPPorts = [
    config.services.prometheus.exporters.node.port
    config.services.prometheus.exporters.postfix.port
  ];
}