summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-10-03 13:44:30 +0200
committertv <tv@krebsco.de>2020-10-03 13:44:30 +0200
commitd1e52425e0d5d79a33b11c92cc2afb498075d953 (patch)
tree29277982f014eaae680e006b6afc7fdb42e8d9b2 /krebs
parent654f64f05935a69607a540f2e8d15619cee9e15e (diff)
parent7e7499d86302d261c8f8404fb34f2ac091318d0e (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/0tests/data/secrets/shack/telegram_bot.env0
-rw-r--r--krebs/1systems/puyak/config.nix1
-rw-r--r--krebs/1systems/wolf/config.nix18
-rw-r--r--krebs/2configs/go.nix2
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/2configs/shack/glados/default.nix25
-rw-r--r--krebs/2configs/shack/glados/multi/rollos.nix53
-rw-r--r--krebs/2configs/shack/glados/multi/wasser.nix12
-rw-r--r--krebs/2configs/shack/influx.nix5
-rw-r--r--krebs/2configs/shack/light.shack.nix12
-rw-r--r--krebs/2configs/shack/muell_mail.nix4
-rw-r--r--krebs/2configs/shack/node-light.nix3
-rw-r--r--krebs/2configs/shack/prometheus/alert-rules.nix140
-rw-r--r--krebs/2configs/shack/prometheus/alertmanager-telegram.nix17
-rw-r--r--krebs/2configs/shack/prometheus/server.nix23
-rw-r--r--krebs/2configs/shack/prometheus/templates/shack.tmpl25
-rw-r--r--krebs/3modules/external/mic92.nix28
-rw-r--r--krebs/3modules/hosts.nix2
-rw-r--r--krebs/3modules/lass/default.nix4
-rw-r--r--krebs/3modules/newsbot-js.nix2
-rw-r--r--krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix26
-rw-r--r--krebs/5pkgs/simple/flameshot-once/profile.nix2
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix2
23 files changed, 256 insertions, 152 deletions
diff --git a/krebs/0tests/data/secrets/shack/telegram_bot.env b/krebs/0tests/data/secrets/shack/telegram_bot.env
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/telegram_bot.env
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index c84887eaa..08a3392bd 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -18,6 +18,7 @@
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
+ <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
## Collect local statistics via collectd and send to collectd
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 029644ca6..0160f9ebb 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -27,6 +27,8 @@ in
<stockholm/krebs/2configs/shack/muellshack.nix>
# provide light control api
<stockholm/krebs/2configs/shack/node-light.nix>
+ # light.shack web-ui
+ <stockholm/krebs/2configs/shack/light.shack.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/muell_mail.nix>
# send mail if muell was not handled
@@ -34,6 +36,22 @@ in
# powerraw usb serial to mqtt and raw socket
<stockholm/krebs/2configs/shack/powerraw.nix>
+ { # do not log to /var/spool/log
+ services.nginx.appendHttpConfig = ''
+ map $request_method $loggable {
+ default 1;
+ GET 0;
+ }
+ log_format vhost '$host $remote_addr - $remote_user '
+ '[$time_local] "$request" $status '
+ '$body_bytes_sent "$http_referer" '
+ '"$http_user_agent"';
+ error_log stderr;
+ access_log syslog:server=unix:/dev/log vhost;
+ '';
+ services.journald.rateLimitBurst = 10000;
+ }
+
# create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
index f4c1290c2..c39b08a8e 100644
--- a/krebs/2configs/go.nix
+++ b/krebs/2configs/go.nix
@@ -13,7 +13,7 @@ with import <stockholm/lib>;
enable = true;
virtualHosts.go = {
locations."/".extraConfig = ''
- proxy_set_header Host go;
+ proxy_set_header Host go.r;
proxy_pass http://localhost:1337;
'';
serverAliases = [
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 72eff176b..061dc9ab9 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -76,7 +76,7 @@ let
};
}
{
- pattern = ''^([\w-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ pattern = ''^([\H-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
activate = "match";
arguments = [1 2 3];
command = {
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index 9bf90bca4..f47bca2db 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -3,6 +3,7 @@ let
shackopen = import ./multi/shackopen.nix;
wasser = import ./multi/wasser.nix;
badair = import ./multi/schlechte_luft.nix;
+ rollos = import ./multi/rollos.nix;
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@@ -62,13 +63,18 @@ in {
];
};
# https://www.home-assistant.io/components/influxdb/
- #influxdb = {
- # database = "hass";
- # tags = {
- # instance = "wolf";
- # source = "hass";
- # };
- #};
+ influxdb = {
+ database = "glados";
+ host = "influx.shack";
+ component_config_glob = {
+ "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles";
+ "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles";
+ };
+ tags = {
+ instance = "wolf";
+ source = "glados";
+ };
+ };
esphome = {};
api = {};
mqtt = {
@@ -93,8 +99,7 @@ in {
};
};
switch =
- wasser.switch
- ++ (import ./switch/power.nix)
+ (import ./switch/power.nix)
;
light = [];
media_player = [
@@ -113,6 +118,7 @@ in {
++ (import ./sensors/mate.nix)
++ (import ./sensors/darksky.nix { inherit lib;})
++ shackopen.sensor
+ ++ wasser.sensor
;
air_quality = (import ./sensors/sensemap.nix );
@@ -147,6 +153,7 @@ in {
automation = wasser.automation
++ badair.automation
+ ++ rollos.automation
++ (import ./automation/shack-startup.nix)
++ (import ./automation/party-time.nix)
++ (import ./automation/hass-restart.nix);
diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix
index 1febad525..4e6494936 100644
--- a/krebs/2configs/shack/glados/multi/rollos.nix
+++ b/krebs/2configs/shack/glados/multi/rollos.nix
@@ -1,13 +1,56 @@
+#
+
let
glados = import ../lib;
+ tempsensor = "sensor.dark_sky_temperature";
+ all_covers = [
+ "cover.crafting_rollo"
+ "cover.elab_rollo"
+ "cover.or2_rollo"
+ "cover.retroraum_rollo"
+ ];
in
{
- # LED
- light = [
- ];
- sensor = [
- ];
automation =
[
+ { alias = "Rollos fahren Runter";
+ trigger = [
+ {
+ platform = "numeric_state";
+ entity_id = tempsensor;
+ above = 25;
+ for = "00:30:00";
+ }
+ ];
+ condition =
+ [
+ {
+ condition = "state";
+ entity_id = "sun.sun";
+ state = "above_horizon";
+ }
+ ];
+ action =
+ [
+ { service = "cover.close_cover";
+ entity_id = all_covers;
+ }
+ ];
+ }
+ { alias = "Rollos fahren Hoch";
+ trigger = [
+ {
+ platform = "sun";
+ event = "sunset";
+ }
+ ];
+ condition = [ ];
+ action =
+ [
+ { service = "cover.open_cover";
+ entity_id = all_covers;
+ }
+ ];
+ }
];
}
diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix
index 6f3dc98ad..74ce736a6 100644
--- a/krebs/2configs/shack/glados/multi/wasser.nix
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@@ -2,13 +2,17 @@
# switch.crafting_giesskanne_relay
let
glados = import ../lib;
- seconds = 10;
+ seconds = 20;
wasser = "switch.crafting_giesskanne_relay";
in
{
- switch = [
- (glados.tasmota.plug { host = "Wasser"; topic = "plug";} )
- ];
+ sensor = map ( entity_id: {
+ platform = "statistics";
+ name = "Statistics for ${entity_id}";
+ inherit entity_id;
+ max_age.minutes = "60";
+ }) ["sensor.crafting_brotbox_soil_moisture"];
+
automation =
[
diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix
index 92cb24bf3..93d83a59b 100644
--- a/krebs/2configs/shack/influx.nix
+++ b/krebs/2configs/shack/influx.nix
@@ -8,6 +8,11 @@ in
networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications
networking.firewall.allowedUDPPorts = [ collectd-port ];
services.nginx.virtualHosts."influx.shack" = {
+ # Disable constant GET request logging.
+ # $loggable map is defined in 1/wolf
+ extraConfig = ''
+ access_log syslog:server=unix:/dev/log combined if=$loggable;
+ '';
locations."/" = {
proxyPass = "http://localhost:${toString port}/";
};
diff --git a/krebs/2configs/shack/light.shack.nix b/krebs/2configs/shack/light.shack.nix
new file mode 100644
index 000000000..8e01cb1bf
--- /dev/null
+++ b/krebs/2configs/shack/light.shack.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+let
+ light-shack-src = pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/standby.shack";
+ rev = "e1b90a0a";
+ sha256 = "07fmz63arc5rxa0a3778srwz0jflp4ad6xnwkkc56hwybby0bclh";
+ };
+ web-dir = "${light-shack-src}/client/www/";
+in
+{
+ services.nginx.virtualHosts."light.shack".locations."/".root = web-dir;
+}
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 409278954..481564719 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -4,8 +4,8 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muell_mail";
- rev = "57b67c95052d90044137b2c89007a371dc389afd";
- sha256 = "1grkzs6fxjnc2bv4kskj63d5sb4qxz6yyr85nj0da9hn7qkk4jkj";
+ rev = "c3e43687879f95e01a82ef176fa15678543b2eb8";
+ sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muell_mail";
cfg = toString <secrets/shack/muell_mail.js>;
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index b471f2af5..4a981ea87 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -28,6 +28,9 @@ in {
};
services.nginx.virtualHosts."openhab.shack" = {
+ extraConfig = ''
+ access_log syslog:server=unix:/dev/log combined if=$loggable;
+ '';
serverAliases = [ "lightapi.shack" ];
locations."/power/".proxyPass = "http://localhost:${port}/power/";
locations."/lounge/".proxyPass = "http://localhost:${port}/lounge/";
diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
index 096c551ba..1c2d0b1ad 100644
--- a/krebs/2configs/shack/prometheus/alert-rules.nix
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -1,102 +1,42 @@
-{ lib }:
-with lib;
-
+{ lib,... }:
let
- deviceFilter = ''device!="ramfs",device!="rpc_pipefs",device!="lxcfs",device!="nsfs",device!="borgfs"'';
-in mapAttrsToList (name: opts: {
- alert = name;
- expr = opts.condition;
- for = opts.time or "2m";
- labels = if (opts.page or true) then { severity = "page"; } else {};
- annotations = {
- summary = opts.summary;
- description = opts.description;
- };
-}) {
- node_down = {
- condition = ''up{job="node"} == 0'';
- summary = "{{$labels.alias}}: Node is down.";
- description = "{{$labels.alias}} has been down for more than 2 minutes.";
- };
- node_systemd_service_failed = {
- condition = ''node_systemd_unit_state{state="failed"} == 1'';
- summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
- description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
- };
- node_filesystem_full_80percent = {
- condition = ''sort(node_filesystem_free_bytes{${deviceFilter}} < node_filesystem_size_bytes{${deviceFilter}} * 0.2) / 1024^3'';
- time = "10m";
- summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 20% space left on its filesystem.";
- };
- node_filesystem_full_in_7d = {
- condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[2d], 7*24*3600) <= 0'';
- time = "1h";
- summary = "{{$labels.alias}}: Filesystem is running out of space in 7 days.";
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 7 days";
- };
- node_filesystem_full_in_30d = {
- condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[30d], 30*24*3600) <= 0'';
- time = "1h";
- summary = "{{$labels.alias}}: Filesystem is running out of space in 30 days.";
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 30 days";
- };
- node_filedescriptors_full_in_3h = {
- condition = ''predict_linear(node_filefd_allocated[3h], 3*3600) >= node_filefd_maximum'';
- time = "20m";
- summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
- description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
- };
- node_filedescriptors_full_in_7d = {
- condition = ''predict_linear(node_filefd_allocated[7d], 7*24*3600) >= node_filefd_maximum'';
- time = "1h";
- summary = "{{$labels.alias}} is running out of available file descriptors in 7 days.";
- description = "{{$labels.alias}} is running out of available file descriptors in approx. 7 days";
- };
- node_load15 = {
- condition = ''node_load15 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 1.0'';
- time = "10m";
- summary = "{{$labels.alias}}: Running on high load: {{$value}}";
- description = "{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
- };
- node_ram_using_90percent = {
- condition = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
- time = "1h";
- summary = "{{$labels.alias}}: Using lots of RAM.";
- description = "{{$labels.alias}} is using at least 90% of its RAM for at least 1 hour.";
- };
- node_swap_using_30percent = {
- condition = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.3";
- time = "30m";
- summary = "{{$labels.alias}}: Using more than 30% of its swap.";
- description = "{{$labels.alias}} is using 30% of its swap space for at least 30 minutes.";
- };
- node_visible_confluence_space = {
- condition = "node_visible_confluence_space != 0";
- summary = "crowd prometheus cann see the {{$labels.space_name}} confluence space!";
- description = "crowd user `prometheus` can see the `{{$labels.space_name}}` confluence space.";
- };
- node_hwmon_temp = {
- condition = "node_hwmon_temp_celsius > node_hwmon_temp_crit_celsius*0.9 OR node_hwmon_temp_celsius > node_hwmon_temp_max_celsius*0.95";
- time = "5m";
- summary = "{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}} ";
- description = "{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}";
- };
- node_conntrack_limit = {
- condition = "node_nf_conntrack_entries_limit - node_nf_conntrack_entries < 1000";
- time = "5m";
- summary = "{{$labels.alias}}: Number of tracked connections high";
- description = "{{$labels.alias}} has only {{$value}} free slots for connection tracking available.";
- };
- node_reboot = {
- condition = "time() - node_boot_time_seconds < 300";
- summary = "{{$labels.alias}}: Reboot";
- description = "{{$labels.alias}} just rebooted.";
- };
- node_uptime = {
- condition = "time() - node_boot_time_seconds > 2592000";
- page = false;
- summary = "{{$labels.alias}}: Uptime monster";
- description = "{{$labels.alias}} has been up for more than 30 days.";
- };
+ disk_free_threshold = "10"; # at least this much free disk percentage
+in {
+ services.prometheus.rules = [(builtins.toJSON
+ {
+ groups = [
+ { name = "shack-env";
+ rules = [
+ {
+ alert = "RootPartitionFull";
+ for = "30m";
+ expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}'';
+ labels.severity = "warning";
+ annotations.summary = "{{ $labels.alias }} root disk full";
+ annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
+ annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).A vast number of shackspace services will stop working. CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
+ }
+ {
+ alert = "RootPartitionFull";
+ for = "30m";
+ expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}'';
+ labels.severity = "warning";
+ annotations.summary = "{{ $labels.alias }} root disk full";
+ annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak";
+ annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
+ }
+ {
+ alert = "HostDown";
+ expr = ''up{alias="wolf.shack"} == 0'';
+ for = "5m";
+ labels.severity = "page";
+ annotations.summary = "Instance {{ $labels.alias }} down for 5 minutes";
+ annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
+ annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, try to restart the host via naproxen ( http://naproxen.shack:8006 ). Wolf being down means that CI,glados automation, light management and a couple of other services will not work anymore.'';
+ }
+ ];
+ }
+ ];
+ }
+ )];
}
diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
new file mode 100644
index 000000000..8527001cb
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
@@ -0,0 +1,17 @@
+{ pkgs, ...}:
+{
+ systemd.services.alertmanager-bot-telegram = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "ip-up.target" ];
+ serviceConfig = {
+ EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
+ DynamicUser = true;
+ StateDirectory = "alertbot";
+ ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
+ --alertmanager.url=http://alert.prometheus.shack --log.level=info \
+ --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
+ --listen.addr="0.0.0.0:16320" \
+ --template.paths=${./templates}/shack.tmpl'';
+ };
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index c088a3b08..9e4b4d1a7 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -1,6 +1,9 @@
{ pkgs, lib, config, ... }:
# from https://gist.github.com/globin/02496fd10a96a36f092a8e7ea0e6c7dd
{
+ imports = [
+ ./alert-rules.nix
+ ];
networking = {
firewall.allowedTCPPorts = [
9090 # prometheus
@@ -18,12 +21,6 @@
};
prometheus = {
enable = true;
- ruleFiles = lib.singleton (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
- groups = lib.singleton {
- name = "mf-alerting-rules";
- rules = import ./alert-rules.nix { inherit lib; };
- };
- }));
scrapeConfigs = [
{
job_name = "node";
@@ -118,7 +115,10 @@
];
alertmanager = {
enable = true;
- listenAddress = "0.0.0.0";
+ listenAddress = "127.0.0.1";
+ webExternalUrl = "http://alert.prometheus.shack";
+ logLevel = "debug";
+
configuration = {
"global" = {
"smtp_smarthost" = "smtp.example.com:587";
@@ -134,15 +134,10 @@
"receivers" = [
{
"name" = "team-admins";
- "email_configs" = [
- {
- "to" = "devnull@example.com";
- "send_resolved" = true;
- }
- ];
+ "email_configs" = [ ];
"webhook_configs" = [
{
- "url" = "https://example.com/prometheus-alerts";
+ "url" = "http://localhost:16320";
"send_resolved" = true;
}
];
diff --git a/krebs/2configs/shack/prometheus/templates/shack.tmpl b/krebs/2configs/shack/prometheus/templates/shack.tmpl
new file mode 100644
index 000000000..9295f019f
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/templates/shack.tmpl
@@ -0,0 +1,25 @@
+{{ define "telegram.default" }}
+{{range .Alerts -}}
+{{ $severity := index .Labels "severity" }}
+{{ $desc := "No Description" }}
+{{ if eq .Status "firing" }}
+ {{ $desc = index .Annotations "description" }}
+ {{- if eq $severity "critical" -}}
+ <i><u><b>[CRITICAL]</b></u></i>
+ {{- else if eq $severity "warning" -}}
+ <u><b>[WARNING]</b></u>
+ {{- else -}}
+ <b>[{{ $severity }}]</b>
+ {{- end -}}
+{{ else -}}
+ {{ $desc = "The issue has been resolved" }}
+ <del>[RESOLVED]</del>
+{{- end }} {{ index .Labels "alertname"}}: {{ index .Annotations "summary"}}
+
+{{ $desc }}
+
+Alert Links:
+* <a href="{{ index .Annotations "url"}}">Grafana</a>
+* <a href="{{ .GeneratorURL }}">Source</a>
+{{end -}}
+{{end}}
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 782f8ac04..5a766664f 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -349,19 +349,20 @@ in {
ip4.addr = "10.243.29.171";
aliases = [ "rock.r" ];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
- DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
- HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
- mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
- Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
- Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
- 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
- fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
- 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
- ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
- cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime
+ 9PY3QBIcXvwDlOrd3oUwyWTvZpUeO7yzIXdouAe4s0ohPIVq7Cmruj4ZrOGUCKyB
+ oJpOziYSbL/IiCpXyOzWMLEwu0AoeFfbxig+5oZfwQ9epM2j902CgsUipJBLIg48
+ BC9oOD+/iYEwsFPqQ/S0kETyQK5Ad+qv0lbU6/Kmify8Qplvpv/8DRdjsdLki1fU
+ a6MAEw12OtHe6IWtlitPjFMBykTP6kkSp/eg0G2KZFVuEulwHGf9QT/eT4fZTMCC
+ 2V5Vp4rIr/hawmj+h4NIxniBSQcPAAIGNwZVC4uYYV1nd4iaI/T04rDJwte5WKHf
+ EVxtlYt9RU1I/XdNRSj9gYyneVcVlDVos8Z93oUv1hIGZYFtNmGVna6lggOBPf/t
+ BZ1MT6FKA4QX9JI8bQoNs18s8ffzyb07psNbH6YhpCygnhf9C7NR/CeI8BtpzJza
+ 1Qk731Z6bk6xRFKMuY2tRKlNCqPHULj44oTHB3Ki2B/bMlkguqSChfFzKIRASYO1
+ SASSgddexjkjKLslxcLWhIqYrZhuhYlFyoeoMI3qQsey/4X5PUmQDxxhTT80+qvE
+ thBNPg46joyLTq9E9ddf7t/0C6oD2DXY88N9bkztuK5dtYHmjajUbePuaTJtrKhI
+ 7MnLboZCEiSyvkVTTx0Yjf0CAwEAAQ==
+ -----END PUBLIC KEY-----
'';
};
};
@@ -463,6 +464,7 @@ in {
ip4.addr = "10.243.29.185";
aliases = [
"eva.r"
+ "prometheus.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
index 159b54e34..ae0136303 100644
--- a/krebs/3modules/hosts.nix
+++ b/krebs/3modules/hosts.nix
@@ -48,7 +48,9 @@ in {
hostNetAliases = host:
mapAttrs (_: net: filter (x: x.name != null && x.value != []) [
{ name = net.ip4.addr or null; value = net.aliases; }
+ { name = net.ip4.addr or null; value = (map (alias: "4.${alias}") net.aliases); }
{ name = net.ip6.addr or null; value = net.aliases; }
+ { name = net.ip6.addr or null; value = (map (alias: "6.${alias}") net.aliases); }
]) host.nets;
# netAliases : { ${netname} : [addrAliases] }
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 2a75cc1bb..d2a945284 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -95,6 +95,7 @@ in {
};
wiregrill = {
via = internet;
+ ip4.addr = "10.244.1.103";
ip6.addr = w6 "1";
aliases = [
"prism.w"
@@ -104,6 +105,7 @@ in {
subnets = [
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+ "10.244.1.0/24"
];
};
};
@@ -196,6 +198,7 @@ in {
};
wiregrill = {
ip6.addr = w6 "50da";
+ ip4.addr = "10.244.1.4";
aliases = [
"shodan.w"
];
@@ -554,6 +557,7 @@ in {
phone = {
nets = {
wiregrill = {
+ ip4.addr = "10.244.1.13";
ip6.addr = w6 "a";
aliases = [
"phone.w"
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index 00e346f8e..a3640caa5 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -48,7 +48,7 @@ let
};
urlShortenerHost = mkOption {
type = types.str;
- default = "go";
+ default = "go.r";
description = "what server to use for url shortening, host";
};
urlShortenerPort = mkOption {
diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
new file mode 100644
index 000000000..f0e221406
--- /dev/null
+++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
@@ -0,0 +1,26 @@
+{ lib, fetchFromGitHub, buildGoModule }:
+
+buildGoModule rec {
+ pname = "alertmanager-bot";
+ version = "2020-07-13";
+
+ src = fetchFromGitHub {
+ owner = "metalmatze";
+ repo = "alertmanager-bot";
+ rev = "5efc0bbbf8023d4324e9da98562f064a714a7206";
+ sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4";
+ };
+
+ modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h";
+ postInstall = ''
+ install -D ./default.tmpl $out/templates/default.tmpl
+ '';
+
+ meta = with lib; {
+ description = "Simple command-line snippet manager, written in Go";
+ homepage = https://github.com/knqyf263/pet;
+ license = licenses.mit;
+ maintainers = with maintainers; [ kalbasit ];
+ platforms = platforms.linux ++ platforms.darwin;
+ };
+}
diff --git a/krebs/5pkgs/simple/flameshot-once/profile.nix b/krebs/5pkgs/simple/flameshot-once/profile.nix
index 4427e5b23..5aed99597 100644
--- a/krebs/5pkgs/simple/flameshot-once/profile.nix
+++ b/