123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 |
- # Edit this configuration file to define what should be installed on
- # your system. Help is available in the configuration.nix(5) man page
- # and in the NixOS manual (accessible by running ‘nixos-help’).
-
- { config, pkgs, lib, ... }:
-
- {
- imports =
- [ ../../../lib/lxc-container.nix
- ../../../lib/shared.nix
- ../../../lib/admins.nix
- ];
-
- environment.systemPackages = with pkgs; [
- vim
- ];
-
- networking = {
- hostName = "prometheus";
- firewall = {
- allowedTCPPorts = [
- 22
- 80
- 443
- 9090
- 9091
- 9093
- 9094
- ];
- enable = true;
- };
- };
-
- services.prometheus = {
- enable = true;
-
- alertmanager = {
- enable = true;
- openFirewall = true;
- webExternalUrl = "http://prometheus.serv.zentralwerk.org/alertmanager/";
- listenAddress = "0.0.0.0";
- configuration = {
- "global" = {
- "smtp_smarthost" = "mail.serv.zentralwerk.org:587";
- "smtp_from" = "alertmanager@prometheus.serv.zentralwerk.org";
- };
- "route" = {
- "group_by" = [ "alertname" "alias" ];
- "group_wait" = "30s";
- "group_interval" = "2m";
- "repeat_interval" = "4h";
- "receiver" = "team-admins";
- };
- "receivers" = [
- {
- "name" = "team-admins";
- # "email_configs" = [
- # {
- # "to" = "devnull@example.com";
- # "send_resolved" = true;
- # }
- # ];
- # "webhook_configs" = [
- # {
- # "url" = "https://example.com/prometheus-alerts";
- # "send_resolved" = true;
- # }
- # ];
- }
- ];
- };
- };
-
- alertmanagerURL = [ "http://prometheus.serv.zentralwerk.org/alertmanager/" ];
-
- pushgateway = {
- enable = true;
- web.external-url = "http://prometheus.serv.zentralwerk.org/push/";
- };
-
- exporters.collectd.enable = true;
- exporters.collectd.openFirewall = true;
-
- exporters.nginx.enable = true;
-
- };
-
- services.nginx = {
- enable = true;
-
- virtualHosts."prometheus.serv.zentralwerk.org" = {
- # serverAliases = [ "registry.serv.zentralwerk.org" ];
- enableACME = true;
- enableSSL = true;
- # forceSSL = true;
- locations.".well-known/acme-challenge/" = {
- root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
- };
- locations."/" = {
- proxyPass = "http://localhost:9090";
- };
- };
- };
-
-
- system.stateVersion = "19.03"; # Did you read the comment?
-
- }
|