caddy: Expose metrics without the admin api

2026-01-21 15:11:34 +01:00 · 2025-09-23 13:10:24 +02:00 · 2025-09-23 13:10:24 +02:00 · 3d0d4ea31d
commit 3d0d4ea31d
parent c917eed038
2 changed files with 14 additions and 2 deletions
--- a/modules/system/services/alloy.nix
+++ b/modules/system/services/alloy.nix
@ -126,7 +126,7 @@ in
          text = ''
            prometheus.scrape "caddy" {
              targets = [{
-                __address__ = "localhost:2019",
+                __address__ = "localhost:${builtins.toString config.custom.services.caddy.metrics.port}",
                instance    = constants.hostname,
              }]
              forward_to      = [prometheus.remote_write.default.receiver]
--- a/modules/system/services/caddy.nix
+++ b/modules/system/services/caddy.nix
@ -31,6 +31,10 @@ in
    enable = lib.mkEnableOption "" // {
      default = virtualHosts != { };
    };
+    metrics.port = lib.mkOption {
+      type = lib.types.port;
+      default = 49514;
+    };
    virtualHosts = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule (
@ -63,9 +67,11 @@ in
    };
  };

-  config = lib.mkIf (virtualHosts != { }) (
+  config = lib.mkIf (virtualHosts != [ ]) (
    lib.mkMerge [
      {
+        meta.ports.tcp.list = [ cfg.metrics.port ];
+
        services.caddy = {
          enable = true;
          package = pkgs.caddy.withPlugins {
@ -75,9 +81,15 @@ in
            ];
            hash = "sha256-117vurf98sK/4o3JU3rBwNBUjnZZyFRJ1mq5T1S1IxY=";
          };
+          enableReload = false;
          globalConfig = ''
+            admin off
            metrics { per_host }
          '';
+          virtualHosts.":${builtins.toString cfg.metrics.port}" = {
+            logFormat = "";
+            extraConfig = "metrics /metrics";
+          };
        };

        custom.persist.directories = [ "/var/lib/caddy" ];