monitoring: fix nix-cache_caddy scrape target TLS error

Move nix-cache_caddy back to a manual config in prometheus.nix using the service CNAME (nix-cache.home.2rjus.net) instead of the hostname. The auto-generated target used nix-cache01.home.2rjus.net which doesn't match the TLS certificate SAN. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 01:03:50 +01:00
parent 86a077e152
commit fa6380e767
2 changed files with 12 additions and 5 deletions
--- a/services/monitoring/prometheus.nix
+++ b/services/monitoring/prometheus.nix
@@ -111,6 +111,18 @@ in
          }
        ];
      }
+      # TODO: nix-cache_caddy can't be auto-generated because the cert is issued
+      # for nix-cache.home.2rjus.net (service CNAME), not nix-cache01 (hostname).
+      # Consider adding a target override to homelab.monitoring.scrapeTargets.
+      {
+        job_name = "nix-cache_caddy";
+        scheme = "https";
+        static_configs = [
+          {
+            targets = [ "nix-cache.home.2rjus.net" ];
+          }
+        ];
+      }
      # pve-exporter with complex relabel config
      {
        job_name = "pve-exporter";
--- a/services/nix-cache/default.nix
+++ b/services/nix-cache/default.nix
@@ -7,9 +7,4 @@
    ./nix.nix
  ];

-  homelab.monitoring.scrapeTargets = [{
-    job_name = "nix-cache_caddy";
-    port = 443;
-    scheme = "https";
-  }];
 }