{ config, pkgs, modulesPath, lib, ... }:

let
  monitor_ip = "monitor.lab";
  traefik_ip = "traefik.lab";
  sandbox_ip = "sandbox.lab";
  forgejo_ip = "forgejo.lab";
  dnsmasq_ip = "dns.lab";

  prometheus_exporter_port = 9100;
  postgres_exporter_port = 9187;
  prometheus_port = 9090;
  alertmanager_port = 9093;
  grafana_port = 3000;
  promtail_port = 9080;
  traefik_monitor_port = 8082;
  forgejo_monitor_port = 3000;
  dnsmasq_exporter_port = 9153;

  exporters = {
    node = [
        "${monitor_ip}:${toString prometheus_exporter_port}"
        "${traefik_ip}:${toString prometheus_exporter_port}"
        "${sandbox_ip}:${toString prometheus_exporter_port}"
        "${forgejo_ip}:${toString prometheus_exporter_port}"
    ];
    promtail = [
        "${monitor_ip}:${toString promtail_port}"
        "${traefik_ip}:${toString promtail_port}"
        "${sandbox_ip}:${toString promtail_port}"
        "${forgejo_ip}:${toString promtail_port}"
    ];
    grafana = [ "${monitor_ip}:${toString grafana_port}" ];
    prometheus = [ "${monitor_ip}:${toString prometheus_port}" ];
    alertmanager = [ "${monitor_ip}:${toString alertmanager_port}" ];
    traefik = [ "${traefik_ip}:${toString traefik_monitor_port}" ];
    gitea = [ "${forgejo_ip}:${toString forgejo_monitor_port}" ];
    postgres = [ "${forgejo_ip}:${toString postgres_exporter_port}" ];

    dnsmasq = [ "${dnsmasq_ip}:${toString dnsmasq_exporter_port}" ];
  };


in {
  networking.firewall.allowedTCPPorts = [ 9090 ];

  services.prometheus = {
    enable = true;
    retentionTime = "7d";
    globalConfig = {
      scrape_timeout = "10s";
      scrape_interval = "30s";
      # A short evaluation_interval will check alerting rules very often.
      # It can be costly if you run Prometheus with 100+ alerts.
      evaluation_interval = "20s";
    };
    extraFlags = [
      "--web.enable-admin-api"
    ];

    scrapeConfigs = lib.mapAttrsToList (job_name: targets: {
      inherit job_name;
      static_configs = [ { inherit targets; } ];
    }) exporters;

    # 🔔 Alerts provisioning
    ruleFiles = [
      (pkgs.writeText "prometheus-alerts.yml" (builtins.readFile ./provisioning/alerts/prometheus-alerts.yml))
      (pkgs.writeText "loki-alerts.yml" (builtins.readFile ./provisioning/alerts/loki-alerts.yml))
      (pkgs.writeText "promtail-alerts.yml" (builtins.readFile ./provisioning/alerts/promtail-alerts.yml))
      (pkgs.writeText "postgres-alerts.yml" (builtins.readFile ./provisioning/alerts/postgres-alerts.yml))
      (pkgs.writeText "traefik-alerts.yml" (builtins.readFile ./provisioning/alerts/traefik-alerts.yml))
      (pkgs.writeText "node-exporter-alerts.yml" (builtins.readFile ./provisioning/alerts/node-exporter-alerts.yml))
    ];
  };
}