2025-03-12 HEAD master

1 files changed, 27 insertions, 16 deletions

diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix
index 5d3ddfe..d9316c2 100644
--- a/modules/endlessh-go.nix
+++ b/modules/endlessh-go.nix
@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  this,
   ...
 }:
 let
@@ -10,23 +9,35 @@ in
 {
   options.nixfiles.modules.endlessh-go.enable = lib.mkEnableOption "endlessh-go";
 
-  config =
-    let
+  config = lib.mkIf cfg.enable {
+    nixfiles.modules.unbound.zone.whitelist = [ "ip-api.com" ];
+
+    services.endlessh-go = {
+      enable = true;
+      listenAddress = "0.0.0.0";
       port = 22;
-    in
-    lib.mkIf cfg.enable {
-      services.endlessh-go = {
+      prometheus = {
         enable = true;
-        listenAddress = "0.0.0.0";
-        inherit port;
-        prometheus = {
-          enable = true;
-          listenAddress = this.wireguard.ipv4.address;
-          port = 9229;
-        };
-        extraOptions = [ "-geoip_supplier=ip-api" ];
+        listenAddress = "127.0.0.1";
+        port = 9229;
       };
-
-      networking.firewall.allowedTCPPorts = [ port ];
+      extraOptions = [ "-geoip_supplier=ip-api" ];
     };
+
+    environment.etc."alloy/endlessh.alloy".text = with config.services.endlessh-go.prometheus; ''
+      prometheus.scrape "endlessh" {
+        targets = [
+          {
+            __address__ = "${listenAddress}:${toString port}",
+            instance    = "${config.networking.hostName}",
+          },
+        ]
+        forward_to = [prometheus.relabel.default.receiver]
+      }
+    '';
+
+    systemd.services.alloy.reloadTriggers = [ config.environment.etc."alloy/endlessh.alloy".source ];
+
+    networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ];
+  };
 }