summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/0tests/data/secrets/shack/unifi-prometheus-pw0
-rw-r--r--krebs/1systems/puyak/config.nix7
-rw-r--r--krebs/1systems/wolf/config.nix9
-rw-r--r--krebs/2configs/collectd-base.nix4
-rw-r--r--krebs/2configs/shack/prometheus/node.nix27
-rw-r--r--krebs/2configs/shack/prometheus/server.nix195
-rw-r--r--krebs/2configs/shack/prometheus/unifi.nix10
-rw-r--r--krebs/3modules/makefu/default.nix9
-rw-r--r--krebs/3modules/makefu/wiregrill/rockit.pub2
-rw-r--r--krebs/3modules/makefu/wiregrill/shackdev.pub1
10 files changed, 253 insertions, 11 deletions
diff --git a/krebs/0tests/data/secrets/shack/unifi-prometheus-pw b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index af11c6944..f9b83ef21 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -7,13 +7,13 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
- <stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/go.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
@@ -59,10 +59,7 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
+ services.logind.lidSwitch = "ignore";
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 7ca0f0ec1..d684dcd1c 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -40,11 +40,16 @@ in
<stockholm/krebs/2configs/shack/radioactive.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/wolf-client.nix>
- ## write collectd statistics to wolf.shack
- <stockholm/krebs/2configs/collectd-base.nix>
+
{ services.influxdb.enable = true; }
<stockholm/krebs/2configs/shack/netbox.nix>
+ <stockholm/krebs/2configs/shack/prometheus/server.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+ <stockholm/krebs/2configs/shack/prometheus/unifi.nix>
+ <stockholm/krebs/2configs/collectd-base.nix> # home-assistant
+ { services.influxdb.enable = true; }
+
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/collectd-base.nix
index 440f83fce..71a00be3a 100644
--- a/krebs/2configs/collectd-base.nix
+++ b/krebs/2configs/collectd-base.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
+ target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "heidi.shack"
+ Host "wolf.r"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
diff --git a/krebs/2configs/shack/prometheus/node.nix b/krebs/2configs/shack/prometheus/node.nix
new file mode 100644
index 000000000..5462464d5
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/node.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+{
+ networking.firewall.allowedTCPPorts = [ 9100 ];
+
+ services.prometheus.exporters.node = {
+ enable = true;
+ enabledCollectors = [
+ "conntrack"
+ "diskstats"
+ "entropy"
+ "filefd"
+ "filesystem"
+ "loadavg"
+ "mdadm"
+ "meminfo"
+ "netdev"
+ "netstat"
+ "stat"
+ "time"
+ "vmstat"
+ "systemd"
+ "logind"
+ "interrupts"
+ "ksmd"
+ ];
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
new file mode 100644
index 000000000..c936f2531
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -0,0 +1,195 @@
+{ pkgs, lib, config, ... }:
+# from https://gist.github.com/globin/02496fd10a96a36f092a8e7ea0e6c7dd
+{
+ networking = {
+ firewall.allowedTCPPorts = [
+ 3000 # grafana
+ 9090 # prometheus
+ 9093 # alertmanager
+ ];
+ useDHCP = true;
+ };
+
+ services = {
+ prometheus = {
+ enable = true;
+ extraFlags = [
+ "-storage.local.retention 8760h"
+ "-storage.local.series-file-shrink-ratio 0.3"
+ "-storage.local.memory-chunks 2097152"
+ "-storage.local.max-chunks-to-persist 1048576"
+ "-storage.local.index-cache-size.fingerprint-to-metric 2097152"
+ "-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
+ "-storage.local.index-cache-size.label-name-to-label-values 2097152"
+ "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
+ ];
+ alertmanagerURL = [ "http://localhost:9093" ];
+ rules = [
+ ''
+ ALERT node_down
+ IF up == 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Node is down.",
+ description = "{{$labels.alias}} has been down for more than 5 minutes."
+ }
+ ALERT node_systemd_service_failed
+ IF node_systemd_unit_state{state="failed"} == 1
+ FOR 4m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
+ description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
+ }
+ ALERT node_filesystem_full_90percent
+ IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
+ }
+ ALERT node_filesystem_full_in_4h
+ IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
+ }
+ ALERT node_filedescriptors_full_in_3h
+ IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
+ FOR 20m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
+ }
+ ALERT node_load1_90percent
+ IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Running on high load.",
+ description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
+ }
+ ALERT node_cpu_util_90percent
+ IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: High CPU utilization.",
+ description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
+ }
+ ALERT node_ram_using_90percent
+ IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
+ FOR 30m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary="{{$labels.alias}}: Using lots of RAM.",
+ description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
+ }
+ ''
+ ];
+ scrapeConfigs = [
+ {
+ job_name = "node";
+ scrape_interval = "10s";
+ static_configs = [
+ {
+ targets = [
+ "localhost:9100"
+ ];
+ labels = {
+ alias = "wolf.shack";
+ };
+ }
+ {
+ targets = [
+ "localhost:9130"
+ ];
+ labels = {
+ alias = "unifi.shack";
+ };
+ }
+ {
+ targets = [
+ "10.42.22.184:9100" # puyak.shack
+ ];
+ labels = {
+ alias = "puyak.shack";
+ };
+ }
+ {
+ targets = [
+ "phenylbutazon.shack:9100"
+ ];
+ labels = {
+ alias = "phenylbutazon.shack";
+ };
+ }
+ {
+ targets = [
+ "ibuprofen.shack:9100"
+ ];
+ labels = {
+ alias = "ibuprofen.shack";
+ };
+ }
+ ];
+ }
+ ];
+ alertmanager = {
+ enable = true;
+ listenAddress = "0.0.0.0";
+ configuration = {
+ "global" = {
+ "smtp_smarthost" = "smtp.example.com:587";
+ "smtp_from" = "alertmanager@example.com";
+ };
+ "route" = {
+ "group_by" = [ "alertname" "alias" ];
+ "group_wait" = "30s";
+ "group_interval" = "2m";
+ "repeat_interval" = "4h";
+ "receiver" = "team-admins";
+ };
+ "receivers" = [
+ {
+ "name" = "team-admins";
+ "email_configs" = [
+ {
+ "to" = "devnull@example.com";
+ "send_resolved" = true;
+ }
+ ];
+ "webhook_configs" = [
+ {
+ "url" = "https://example.com/prometheus-alerts";
+ "send_resolved" = true;
+ }
+ ];
+ }
+ ];
+ };
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix
new file mode 100644
index 000000000..401ecb024
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/unifi.nix
@@ -0,0 +1,10 @@
+{lib, ... }:
+{
+ services.prometheus.exporters.unifi = {
+ enable = true;
+ unifiAddress = "https://unifi.shack:8443/";
+ unifiInsecure = true;
+ unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
+ unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
+ };
+}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 601762b93..9581712fb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -236,6 +236,7 @@ in {
"tracker.makefu.r"
"wiki.gum.r"
"wiki.makefu.r"
+ "sick.makefu.r"
];
};
};
@@ -288,10 +289,16 @@ in {
ip4.addr = "10.243.189.130";
};
};
+ };
+
+ shackdev = rec { # router@shack
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.2";
};
+
rockit = rec { # router@home
cores = 1;
- nets.wiregrill.ip4.addr = "10.244.245.2";
+ nets.wiregrill.ip4.addr = "10.244.245.3";
};
senderechner = rec {
diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub
index 6cb0d960d..ace109450 100644
--- a/krebs/3modules/makefu/wiregrill/rockit.pub
+++ b/krebs/3modules/makefu/wiregrill/rockit.pub
@@ -1 +1 @@
-YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
+LPMs1h9+8ABqeZsS6xmHC7votPqpUT609XuktAhaik8=
diff --git a/krebs/3modules/makefu/wiregrill/shackdev.pub b/krebs/3modules/makefu/wiregrill/shackdev.pub
new file mode 100644
index 000000000..6cb0d960d
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/shackdev.pub
@@ -0,0 +1 @@
+YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 08:49:28 +0000