infra/modules/prometheus/default.nix
2024-09-10 16:02:26 +02:00

195 lines
5.1 KiB
Nix

{
config,
lib,
pkgs,
flake,
...
}:
{
age.secrets.alertmanager-envfile = {
file = "${flake.self}/secrets/alertmanager-envfile.age";
mode = "600";
owner = "alertmanager";
};
security.acme.certs = {
"alerts.${config.pub-solar-os.networking.domain}" = {
# disable http challenge
webroot = null;
# enable dns challenge
dnsProvider = "namecheap";
};
};
services.nginx.virtualHosts."alerts.${config.pub-solar-os.networking.domain}" = {
enableACME = true;
forceSSL = true;
listenAddresses = [
"10.7.6.5"
"[fd00:fae:fae:fae:fae:5::]"
];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.alertmanager.port}";
};
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
globalConfig = {
scrape_interval = "10s";
scrape_timeout = "9s";
};
scrapeConfigs = [
{
job_name = "node-exporter";
static_configs = [
{
targets = [ "nachtigall.wg.${config.pub-solar-os.networking.domain}" ];
labels = {
instance = "nachtigall";
};
}
{
targets = [
"metronom.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
];
labels = {
instance = "metronom";
};
}
{
targets = [
"tankstelle.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
];
labels = {
instance = "tankstelle";
};
}
{
targets = [
"trinkgenossin.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
];
labels = {
instance = "trinkgenossin";
};
}
{
targets = [
"delite.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
];
labels = {
instance = "delite";
};
}
{
targets = [
"blue-shell.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
];
labels = {
instance = "blue-shell";
};
}
];
}
{
job_name = "matrix-synapse";
metrics_path = "/_synapse/metrics";
static_configs = [
{
targets = [ "nachtigall.wg.${config.pub-solar-os.networking.domain}" ];
labels = {
instance = "nachtigall";
};
}
];
}
{
job_name = "garage";
static_configs = [
{
targets = [ "trinkgenossin.wg.${config.pub-solar-os.networking.domain}:3903" ];
labels = {
instance = "trinkgenossin";
};
}
{
targets = [ "delite.wg.${config.pub-solar-os.networking.domain}:3903" ];
labels = {
instance = "delite";
};
}
{
targets = [ "blue-shell.wg.${config.pub-solar-os.networking.domain}:3903" ];
labels = {
instance = "blue-shell";
};
}
];
}
];
ruleFiles = [
(pkgs.writeText "prometheus-rules.yml" (
builtins.toJSON {
groups = [
{
name = "alerting-rules";
rules = import ./alert-rules.nix { inherit lib; };
}
];
}
))
];
alertmanagers = [ { static_configs = [ { targets = [ "localhost:9093" ]; } ]; } ];
alertmanager = {
enable = true;
# port = 9093; # Default
webExternalUrl = "https://alerts.pub.solar";
environmentFile = "${config.age.secrets.alertmanager-envfile.path}";
configuration = {
route = {
receiver = "all";
group_by = [ "instance" ];
group_wait = "30s";
group_interval = "2m";
repeat_interval = "24h";
};
receivers = [
{
name = "all";
# Email config documentation: https://prometheus.io/docs/alerting/latest/configuration/#email_config
email_configs = [
{
send_resolved = true;
to = "admins@pub.solar";
from = "alerts@pub.solar";
smarthost = "mail.pub.solar:465";
auth_username = "admins@pub.solar";
auth_password = "$SMTP_AUTH_PASSWORD";
require_tls = false;
}
];
# TODO:
# For matrix notifications, look into: https://github.com/pinpox/matrix-hook and add a webhook
# webhook_configs = [ { url = "http://127.0.0.1:11000/alert"; } ];
}
];
};
};
};
}