diff options
author | tv <tv@krebsco.de> | 2023-07-25 20:39:35 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-07-25 20:39:35 +0200 |
commit | 5d1b0675cf179f863a5b34b67661a953197b6057 (patch) | |
tree | dd9c83dff894fd97cee61dd1b2df3eaeecbbd740 /lass/2configs/monitoring/prometheus.nix | |
parent | a2c9ad05b2e8237b915a100e1e38ca0f3d18526c (diff) | |
parent | 8eab63eaa81717391269a61355cb7fb64341fd1a (diff) |
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'lass/2configs/monitoring/prometheus.nix')
-rw-r--r-- | lass/2configs/monitoring/prometheus.nix | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/lass/2configs/monitoring/prometheus.nix b/lass/2configs/monitoring/prometheus.nix new file mode 100644 index 000000000..ba32c62a7 --- /dev/null +++ b/lass/2configs/monitoring/prometheus.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: +{ + #prometheus + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx + # { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana + # { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager + # { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager + ]; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "prometheus.lass.r" = { + locations."/".proxyPass = "http://localhost:9090"; + }; + "alert.lass.r" = { + locations."/".proxyPass = "http://localhost:9093"; + }; + "grafana.lass.r" = { + locations."/".proxyPass = "http://localhost:3012"; + }; + }; + }; + + services.grafana = { + enable = true; + addr = "0.0.0.0"; + port = 3012; + auth.anonymous = { + enable = true; + org_role = "Admin"; + }; + }; + services.prometheus = { + enable = true; + ruleFiles = [ + (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { + groups = [{ + name = "alerting-rules"; + rules = import ./alert-rules.nix { inherit lib; }; + }]; + })) + ]; + scrapeConfigs = [ + { + job_name = "telegraf"; + scrape_interval = "60s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ + "prism.r:9273" + "dishfire.r:9273" + "yellow.r:9273" + ]; + } + ]; + } + ]; + alertmanagers = [ + { scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; + alertmanager = { + enable = true; + webExternalUrl = "https://alert.lass.r"; + listenAddress = "[::1]"; + configuration = { + global = { + # The smarthost and SMTP sender used for mail notifications. + smtp_smarthost = "localhost:587"; + smtp_from = "alertmanager@alert.lass.r"; + # smtp_auth_username = "alertmanager@thalheim.io"; + # smtp_auth_password = "$SMTP_PASSWORD"; + }; + route = { + receiver = "default"; + routes = [ + { + group_by = [ "host" ]; + group_wait = "30s"; + group_interval = "2m"; + repeat_interval = "2h"; + receiver = "all"; + } + ]; + }; + receivers = [ + { + name = "all"; + webhook_configs = [{ + url = "http://127.0.0.1:9223/"; + max_alerts = 5; + }]; + } + { + name = "default"; + } + ]; + }; + }; + }; + +} |