C3D2
/
nix-config


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

{
  imports =
    [ ../../../lib/lxc-container.nix
    ../../../lib/shared.nix
    ../../../lib/admins.nix
  ];

  environment.systemPackages = with pkgs; [
    vim
  ];

  networking = {
    hostName = "prometheus";
    firewall = {
      allowedTCPPorts = [ 
        22
        80
        443
        9090
        9091
        9093
        9094
      ];
      enable = true;
    };
  };

  services.prometheus = {
    enable = true;

    alertmanager = {
      enable = true;
      openFirewall = true;
      webExternalUrl = "http://prometheus.serv.zentralwerk.org/alertmanager/";
      listenAddress = "0.0.0.0";
      configuration = {
        "global" = {
          "smtp_smarthost" = "mail.serv.zentralwerk.org:587";
          "smtp_from" = "alertmanager@prometheus.serv.zentralwerk.org";
        };
        "route" = {
          "group_by" = [ "alertname" "alias" ];
          "group_wait" = "30s";
          "group_interval" = "2m";
          "repeat_interval" = "4h";
          "receiver" = "team-admins";
        };
        "receivers" = [
          {
            "name" = "team-admins";
            # "email_configs" = [
            #   {
            #     "to" = "devnull@example.com";
            #     "send_resolved" = true;
            #   }
            # ];
            # "webhook_configs" = [
            #   {
            #     "url" = "https://example.com/prometheus-alerts";
            #     "send_resolved" = true;
            #   }
            # ];
          }
        ];
      };
    };

    alertmanagerURL = [ "http://prometheus.serv.zentralwerk.org/alertmanager/" ];

    pushgateway = {
      enable = true;
      web.external-url =  "http://prometheus.serv.zentralwerk.org/push/";
    };

    exporters.collectd.enable = true;
    exporters.collectd.openFirewall = true;
    
    exporters.nginx.enable = true;

  };

  services.nginx = {
    enable = true;
    
    virtualHosts."prometheus.serv.zentralwerk.org" = {
    # serverAliases = [ "registry.serv.zentralwerk.org" ];
      enableACME = true;
      enableSSL = true;
      # forceSSL = true;
      locations.".well-known/acme-challenge/" = {
            root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
      };
      locations."/" = {
            proxyPass = "http://localhost:9090";
      };
    };
  };


  system.stateVersion = "19.03"; # Did you read the comment?

}