{ pkgs, lib, config, ... }:
let
  cfg = config.stura.monitoring;
in {
  options.stura.monitoring = {
    extraLogFiles = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [];
      description = "Additional log file paths for vector to scrape and forward to Loki.";
      example = [ "/var/log/nginx/access.log" "/var/log/nginx/error.log" ];
    };

    extraGroups = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [];
      description = "Supplementary groups added to the vector systemd service to allow reading protected log files.";
      example = [ "nginx" "postfix" ];
    };
  };

  config = {
    networking.hosts = {
      "141.56.51.20" = [
        "mon.adm.htw.stura-dresden.de"
        "log.adm.htw.stura-dresden.de"
        "met.adm.htw.stura-dresden.de"
      ];
    };
    services.vector = {
      enable = true;
      settings = {
        sources = {
          host_metrics = {
            type = "host_metrics";
            collectors = [ "cpu" "disk" "filesystem" "load" "memory" "network" ];
          };

          journald_logs = {
            type = "journald";
            include_units = [];  # empty = collect all units
          };
        } // lib.optionalAttrs (cfg.extraLogFiles != [] || config.services.nginx.enable) {
          extra_log_files = {
            type = "file";
            include = lib.optional config.services.nginx.enable "/var/log/nginx/access.log"
              ++ cfg.extraLogFiles;
          };
        };

        transforms = {
          add_host_label_metrics = {
            type = "remap";
            inputs = [ "host_metrics" ];
            source = ''
              .tags.host = get_hostname!()
            '';
          };

          add_host_label_logs = {
            type = "remap";
            inputs = [ "journald_logs" ] ++ lib.optional (cfg.extraLogFiles != [] || config.services.nginx.enable) "extra_log_files";
            source = ''
              .host = get_hostname!()
            '';
          };
        };

        sinks = {
          mimir = {
            type = "prometheus_remote_write";
            inputs = [ "add_host_label_metrics" ];
            endpoint = "https://metrics.adm.htw.stura-dresden.de/api/v1/push";
            tls.verify_certificate = false;
          };

          loki = {
            type = "loki";
            inputs = [ "add_host_label_logs" ];
            endpoint = "https://log.adm.htw.stura-dresden.de";
            labels = {
              host = "{{ host }}";
              unit = "{{ _SYSTEMD_UNIT }}";
            };
            tls.verify_certificate = false;
            encoding.codec = "json";
          };
        };
      };
    };

    systemd.services.vector.serviceConfig.SupplementaryGroups =
      [ "systemd-journal" ]
      ++ lib.optional config.services.nginx.enable "nginx"
      ++ cfg.extraGroups;
  };
}