From dc9ee1d7899997bcbe9809fd709b29381aaad566 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Thu, 13 Jun 2024 14:29:35 -0700
Subject: [PATCH] feat(monitoring): asterisk

---
 modules/nixos/monitoring/ingest/prometheus.nix | 13 +++++++++----
 modules/system/exports/freepbx.nix             |  9 +++++++++
 modules/system/exports/monitoring.nix          | 13 +++++++++++--
 systems/freepbx/asterisk-prometheus.conf       |  4 ++++
 systems/freepbx/default.nix                    |  5 +++++
 5 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 systems/freepbx/asterisk-prometheus.conf

diff --git a/modules/nixos/monitoring/ingest/prometheus.nix b/modules/nixos/monitoring/ingest/prometheus.nix
index f63ed941..aa253ae6 100644
--- a/modules/nixos/monitoring/ingest/prometheus.nix
+++ b/modules/nixos/monitoring/ingest/prometheus.nix
@@ -24,25 +24,30 @@
     port = service.ports.${portName};
   in "${mkAddress6 (access.getAddressFor system.config.name "lan")}:${toString port.port}";
   mkServiceConfig = system: serviceName: let
+    inherit (service.prometheus) exporter;
     service = system.config.exports.services.${serviceName};
     targets = map (portName:
       mkPortTarget {
         inherit system service portName;
       })
-    service.prometheus.exporter.ports;
+    exporter.ports;
   in {
     job_name = "${system.config.name}-${service.id}";
     static_configs = [
       {
         inherit targets;
         labels = mkMerge [
-          (mapOptionDefaults service.prometheus.exporter.labels)
-          (mkIf (service.prometheus.exporter.metricsPath != "/metrics") {
-            __metrics_path__ = mkOptionDefault service.prometheus.exporter.metricsPath;
+          (mapOptionDefaults exporter.labels)
+          (mkIf (exporter.metricsPath != "/metrics") {
+            __metrics_path__ = mkOptionDefault exporter.metricsPath;
           })
         ];
       }
     ];
+    scheme = mkIf exporter.ssl.enable (mkDefault "https");
+    tls_config = mkIf (exporter.ssl.enable && exporter.ssl.insecure) {
+      insecure_skip_verify = mkDefault true;
+    };
   };
   mapSystem = system: map (mkServiceConfig system) system.config.exports.prometheus.exporter.services;
 in {
diff --git a/modules/system/exports/freepbx.nix b/modules/system/exports/freepbx.nix
index 1d1a18eb..01c41bd4 100644
--- a/modules/system/exports/freepbx.nix
+++ b/modules/system/exports/freepbx.nix
@@ -45,10 +45,19 @@ in {
       asterisk = {
         port = mkAlmostOptionDefault 8088;
         protocol = "http";
+        prometheus.exporter.enable = let
+          sslPort = config.ports.asterisk-ssl;
+        in mkAlmostOptionDefault (!sslPort.enable || !sslPort.prometheus.exporter.enable);
       };
       asterisk-ssl = {
         port = mkAlmostOptionDefault 8089;
         protocol = "https";
+        prometheus.exporter.enable = mkAlmostOptionDefault true;
+      };
+      operator = {
+        enable = mkAlmostOptionDefault false;
+        port = mkAlmostOptionDefault 58080;
+        protocol = "http";
       };
     };
   };
diff --git a/modules/system/exports/monitoring.nix b/modules/system/exports/monitoring.nix
index 82b6c107..902a2af6 100644
--- a/modules/system/exports/monitoring.nix
+++ b/modules/system/exports/monitoring.nix
@@ -134,9 +134,10 @@ let
     ...
   }: let
     inherit (gensokyo-zone.lib) mapOptionDefaults;
-    inherit (lib.options) mkOption;
+    inherit (lib.options) mkOption mkEnableOption;
     inherit (lib.modules) mkOptionDefault;
-    inherit (lib.attrsets) attrNames filterAttrs;
+    inherit (lib.attrsets) attrNames attrValues filterAttrs;
+    inherit (lib.lists) any;
     exporterPorts = filterAttrs (_: port: port.enable && port.prometheus.exporter.enable) config.ports;
     statusPorts = filterAttrs (_: port: port.enable && port.status.enable) config.ports;
   in {
@@ -153,6 +154,14 @@ let
             type = str;
             default = "/metrics";
           };
+          ssl = {
+            enable = mkEnableOption "HTTPS" // {
+              default = any (port: port.ssl) (attrValues exporterPorts);
+            };
+            insecure = mkEnableOption "self-signed SSL" // {
+              default = true;
+            };
+          };
         };
       };
       status = {
diff --git a/systems/freepbx/asterisk-prometheus.conf b/systems/freepbx/asterisk-prometheus.conf
new file mode 100644
index 00000000..0ceaf294
--- /dev/null
+++ b/systems/freepbx/asterisk-prometheus.conf
@@ -0,0 +1,4 @@
+[general]
+enabled=yes
+core_metrics_enabled=yes
+uri=metrics
diff --git a/systems/freepbx/default.nix b/systems/freepbx/default.nix
index c33e3d7e..31ce406f 100644
--- a/systems/freepbx/default.nix
+++ b/systems/freepbx/default.nix
@@ -18,6 +18,11 @@ _: {
     "/etc/sysconfig/network-scripts/ifcfg-eth0" = {
       source = ./ifcfg-eth0;
     };
+    "/etc/asterisk/prometheus.conf" = {
+      source = ./asterisk-prometheus.conf;
+      owner = "asterisk";
+      group = "asterisk";
+    };
     "/root/.ssh/authorized_keys" = {
       source = ../reisen/root.authorized_keys;
     };