forked from pub-solar/infra
195 lines
5.1 KiB
Nix
195 lines
5.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
flake,
|
|
...
|
|
}:
|
|
{
|
|
age.secrets.alertmanager-envfile = {
|
|
file = "${flake.self}/secrets/alertmanager-envfile.age";
|
|
mode = "600";
|
|
owner = "alertmanager";
|
|
};
|
|
|
|
security.acme.certs = {
|
|
"alerts.${config.pub-solar-os.networking.domain}" = {
|
|
# disable http challenge
|
|
webroot = null;
|
|
# enable dns challenge
|
|
dnsProvider = "namecheap";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."alerts.${config.pub-solar-os.networking.domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
listenAddresses = [
|
|
"10.7.6.5"
|
|
"[fd00:fae:fae:fae:fae:5::]"
|
|
];
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.alertmanager.port}";
|
|
};
|
|
};
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
port = 9001;
|
|
exporters = {
|
|
node = {
|
|
enable = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
port = 9002;
|
|
};
|
|
};
|
|
globalConfig = {
|
|
scrape_interval = "10s";
|
|
scrape_timeout = "9s";
|
|
};
|
|
scrapeConfigs = [
|
|
{
|
|
job_name = "node-exporter";
|
|
static_configs = [
|
|
{
|
|
targets = [ "nachtigall.wg.${config.pub-solar-os.networking.domain}" ];
|
|
labels = {
|
|
instance = "nachtigall";
|
|
};
|
|
}
|
|
{
|
|
targets = [
|
|
"metronom.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
|
|
];
|
|
labels = {
|
|
instance = "metronom";
|
|
};
|
|
}
|
|
{
|
|
targets = [
|
|
"tankstelle.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
|
|
];
|
|
labels = {
|
|
instance = "tankstelle";
|
|
};
|
|
}
|
|
{
|
|
targets = [
|
|
"trinkgenossin.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
|
|
];
|
|
labels = {
|
|
instance = "trinkgenossin";
|
|
};
|
|
}
|
|
{
|
|
targets = [
|
|
"delite.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
|
|
];
|
|
labels = {
|
|
instance = "delite";
|
|
};
|
|
}
|
|
{
|
|
targets = [
|
|
"blue-shell.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
|
|
];
|
|
labels = {
|
|
instance = "blue-shell";
|
|
};
|
|
}
|
|
];
|
|
}
|
|
{
|
|
job_name = "matrix-synapse";
|
|
metrics_path = "/_synapse/metrics";
|
|
static_configs = [
|
|
{
|
|
targets = [ "nachtigall.wg.${config.pub-solar-os.networking.domain}" ];
|
|
labels = {
|
|
instance = "nachtigall";
|
|
};
|
|
}
|
|
];
|
|
}
|
|
{
|
|
job_name = "garage";
|
|
static_configs = [
|
|
{
|
|
targets = [ "trinkgenossin.wg.${config.pub-solar-os.networking.domain}:3903" ];
|
|
labels = {
|
|
instance = "trinkgenossin";
|
|
};
|
|
}
|
|
{
|
|
targets = [ "delite.wg.${config.pub-solar-os.networking.domain}:3903" ];
|
|
labels = {
|
|
instance = "delite";
|
|
};
|
|
}
|
|
{
|
|
targets = [ "blue-shell.wg.${config.pub-solar-os.networking.domain}:3903" ];
|
|
labels = {
|
|
instance = "blue-shell";
|
|
};
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
ruleFiles = [
|
|
(pkgs.writeText "prometheus-rules.yml" (
|
|
builtins.toJSON {
|
|
groups = [
|
|
{
|
|
name = "alerting-rules";
|
|
rules = import ./alert-rules.nix { inherit lib; };
|
|
}
|
|
];
|
|
}
|
|
))
|
|
];
|
|
|
|
alertmanagers = [ { static_configs = [ { targets = [ "localhost:9093" ]; } ]; } ];
|
|
|
|
alertmanager = {
|
|
enable = true;
|
|
# port = 9093; # Default
|
|
webExternalUrl = "https://alerts.pub.solar";
|
|
environmentFile = "${config.age.secrets.alertmanager-envfile.path}";
|
|
configuration = {
|
|
|
|
route = {
|
|
receiver = "all";
|
|
group_by = [ "instance" ];
|
|
group_wait = "30s";
|
|
group_interval = "2m";
|
|
repeat_interval = "24h";
|
|
};
|
|
|
|
receivers = [
|
|
{
|
|
name = "all";
|
|
# Email config documentation: https://prometheus.io/docs/alerting/latest/configuration/#email_config
|
|
email_configs = [
|
|
{
|
|
send_resolved = true;
|
|
to = "admins@pub.solar";
|
|
from = "alerts@pub.solar";
|
|
smarthost = "mail.pub.solar:465";
|
|
auth_username = "admins@pub.solar";
|
|
auth_password = "$SMTP_AUTH_PASSWORD";
|
|
require_tls = false;
|
|
}
|
|
];
|
|
# TODO:
|
|
# For matrix notifications, look into: https://github.com/pinpox/matrix-hook and add a webhook
|
|
# webhook_configs = [ { url = "http://127.0.0.1:11000/alert"; } ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|