configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 2.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, lib, ... }:
  5. {
  6. imports =
  7. [ ../../../lib/lxc-container.nix
  8. ../../../lib/shared.nix
  9. ../../../lib/admins.nix
  10. ];
  11. environment.systemPackages = with pkgs; [
  12. vim
  13. ];
  14. networking = {
  15. hostName = "prometheus";
  16. firewall = {
  17. allowedTCPPorts = [
  18. 22
  19. 80
  20. 443
  21. 9090
  22. 9091
  23. 9093
  24. 9094
  25. ];
  26. enable = true;
  27. };
  28. };
  29. services.prometheus = {
  30. enable = true;
  31. alertmanager = {
  32. enable = true;
  33. openFirewall = true;
  34. webExternalUrl = "http://prometheus.serv.zentralwerk.org/alertmanager/";
  35. listenAddress = "0.0.0.0";
  36. configuration = {
  37. "global" = {
  38. "smtp_smarthost" = "mail.serv.zentralwerk.org:587";
  39. "smtp_from" = "alertmanager@prometheus.serv.zentralwerk.org";
  40. };
  41. "route" = {
  42. "group_by" = [ "alertname" "alias" ];
  43. "group_wait" = "30s";
  44. "group_interval" = "2m";
  45. "repeat_interval" = "4h";
  46. "receiver" = "team-admins";
  47. };
  48. "receivers" = [
  49. {
  50. "name" = "team-admins";
  51. # "email_configs" = [
  52. # {
  53. # "to" = "devnull@example.com";
  54. # "send_resolved" = true;
  55. # }
  56. # ];
  57. # "webhook_configs" = [
  58. # {
  59. # "url" = "https://example.com/prometheus-alerts";
  60. # "send_resolved" = true;
  61. # }
  62. # ];
  63. }
  64. ];
  65. };
  66. };
  67. alertmanagerURL = [ "http://prometheus.serv.zentralwerk.org/alertmanager/" ];
  68. pushgateway = {
  69. enable = true;
  70. web.external-url = "http://prometheus.serv.zentralwerk.org/push/";
  71. };
  72. exporters.collectd.enable = true;
  73. exporters.collectd.openFirewall = true;
  74. exporters.nginx.enable = true;
  75. };
  76. services.nginx = {
  77. enable = true;
  78. virtualHosts."prometheus.serv.zentralwerk.org" = {
  79. # serverAliases = [ "registry.serv.zentralwerk.org" ];
  80. enableACME = true;
  81. enableSSL = true;
  82. # forceSSL = true;
  83. locations.".well-known/acme-challenge/" = {
  84. root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
  85. };
  86. locations."/" = {
  87. proxyPass = "http://localhost:9090";
  88. };
  89. };
  90. };
  91. system.stateVersion = "19.03"; # Did you read the comment?
  92. }