From 3571d962fa2babbfc53d5d53a857eb3e12070219 Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 17 Dec 2022 00:47:47 +0100 Subject: [PATCH] prometheus: add alert2muc --- flake.lock | 70 ++++++++++++++++++++++++++++++++--- flake.nix | 7 +++- hosts/prometheus/default.nix | 17 +++------ hosts/prometheus/secrets.yaml | 6 ++- 4 files changed, 81 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 8f67b160..f25be350 100644 --- a/flake.lock +++ b/flake.lock @@ -23,12 +23,34 @@ "url": "https://gitea.nek0.eu/nek0/affection" } }, - "bevy-julia": { + "alert2muc": { "inputs": { "naersk": "naersk", "nixpkgs": [ "nixos" ], + "utils": "utils" + }, + "locked": { + "lastModified": 1671235085, + "narHash": "sha256-ii7LsyYrnm3puQrCpfsYvIjVpLoPW5qhBmVdSybvTUA=", + "ref": "refs/heads/main", + "rev": "2cf4e1dbc0c6ceb96387f2d6445b784abc537f8f", + "revCount": 12, + "type": "git", + "url": "https://gitea.c3d2.de/astro/alert2muc" + }, + "original": { + "type": "git", + "url": "https://gitea.c3d2.de/astro/alert2muc" + } + }, + "bevy-julia": { + "inputs": { + "naersk": "naersk_2", + "nixpkgs": [ + "nixos" + ], "rust-overlay": [ "rust-overlay" ] @@ -251,6 +273,28 @@ } }, "naersk": { + "inputs": { + "nixpkgs": [ + "alert2muc", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1671096816, + "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=", + "owner": "nix-community", + "repo": "naersk", + "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "naersk_2": { "inputs": { "nixpkgs": "nixpkgs" }, @@ -268,7 +312,7 @@ "type": "github" } }, - "naersk_2": { + "naersk_3": { "inputs": { "nixpkgs": [ "nixos" @@ -288,7 +332,7 @@ "type": "github" } }, - "naersk_3": { + "naersk_4": { "inputs": { "nixpkgs": [ "ticker", @@ -527,6 +571,7 @@ "root": { "inputs": { "affection-src": "affection-src", + "alert2muc": "alert2muc", "bevy-julia": "bevy-julia", "bevy-mandelbrot": "bevy-mandelbrot", "caveman": "caveman", @@ -536,7 +581,7 @@ "heliwatch": "heliwatch", "hydra-ca": "hydra-ca", "microvm": "microvm", - "naersk": "naersk_2", + "naersk": "naersk_3", "nixos": "nixos", "nixos-hardware": "nixos-hardware", "nixos-mobilizon": "nixos-mobilizon", @@ -732,7 +777,7 @@ "fenix": [ "fenix" ], - "naersk": "naersk_3", + "naersk": "naersk_4", "nixpkgs": [ "nixos" ], @@ -796,6 +841,21 @@ "url": "https://gitea.c3d2.de/astro/tracer" } }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "yammat": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 78420d9c..f6c4c062 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ flake-utils.follows = "flake-utils"; }; }; + alert2muc = { + url = "git+https://gitea.c3d2.de/astro/alert2muc"; + inputs.nixpkgs.follows = "nixos"; + }; bevy-mandelbrot = { # url = "github:matelab/bevy_mandelbrot"; url = "git+https://gitea.c3d2.de/astro/bevy-mandelbrot.git?ref=main"; @@ -174,7 +178,7 @@ }; }; - outputs = inputs@{ self, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, nixos-unstable-simd, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }: + outputs = inputs@{ self, alert2muc, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, nixos-unstable-simd, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }: let inherit (nixos) lib; @@ -702,6 +706,7 @@ prometheus = nixosSystem' { modules = [ self.nixosModules.cluster-options + alert2muc.nixosModules.default ./hosts/prometheus ]; }; diff --git a/hosts/prometheus/default.nix b/hosts/prometheus/default.nix index f994e9c1..9688b83c 100644 --- a/hosts/prometheus/default.nix +++ b/hosts/prometheus/default.nix @@ -36,7 +36,7 @@ "receivers" = [{ "name" = "xmpp"; "webhook_configs" = with config.services.prometheus.xmpp-alerts.settings; [{ - "url" = "http://${listen_address}:${toString listen_port}/alert"; + "url" = "http://127.0.0.1:9022/"; }]; }]; }; @@ -163,17 +163,11 @@ }; webExternalUrl = "https://prometheus.serv.zentralwerk.org/"; + }; - xmpp-alerts = { - enable = true; - settings = { - jid = "alerta@jabber.c3d2.de"; - password_command = "cat ${config.sops.secrets."alertmanager/xmpp-password".path}"; - to_jid = "admins@chat.c3d2.de"; - listen_address = "127.0.0.1"; - listen_port = 9199; - }; - }; + services.alert2muc = { + enable = true; + configFile = config.sops.secrets."alert2muc/config".path; }; services.nginx = { @@ -204,6 +198,7 @@ defaultSopsFile = ./secrets.yaml; secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User; secrets."alertmanager/xmpp-password".owner = config.systemd.services.prometheus-xmpp-alerts.serviceConfig.User; + secrets."alert2muc/config".owner = config.services.alert2muc.user; }; system.stateVersion = "22.11"; diff --git a/hosts/prometheus/secrets.yaml b/hosts/prometheus/secrets.yaml index 29bce232..038ee873 100644 --- a/hosts/prometheus/secrets.yaml +++ b/hosts/prometheus/secrets.yaml @@ -1,5 +1,7 @@ alertmanager: xmpp-password: ENC[AES256_GCM,data:v+pRv/q4Z/ZT18PBxxKrq9P9QNbjN14edSeMCo5If6Y=,iv:oIdXFPdppgV7uTWY/eKSK9T2vDXW2Uur9iwnftQB+dQ=,tag:QD2MB3ZeMlvuGIMIpHI97Q==,type:str] +alert2muc: + config: ENC[AES256_GCM,data:hdVL+/bC67dP/MDfL+Jd7tq09IuP0l3uigi+kFdV6H6KVVj5XcqtTWd7ZUe6s5lo+ZHWx6QGwliSASNFyLWhF2TV6PGFnT/qQyKmQoY+R9nxeuJ8A8wib21F6qVSoiTHMxg0R13d2/Y1LqZdpsa+2KNdSe1UiBD6/LaIDxMd9rQizVUrnSQ5IDm0BNPhdlFfEvRYJO9TWkgQ0sfmt5Q7,iv:1yLsZLtUtfhJ+1+1w5lBSZ4TsDzmGgUFyA5XpJ/WZH4=,tag:78F5sgrrMezSuh8xbqTLiQ==,type:str] nginx: httpAuth: ENC[AES256_GCM,data:PS7icDVNB4g7XBMP7mMSbalkvQ==,iv:0GOfGl97k1AjkRxm2x2f4LpeQOuJcFqAHgdRrbceW6U=,tag:GX5L0wI5zwHwuls7ZOPlOQ==,type:str] sops: @@ -26,8 +28,8 @@ sops: dkpOeVJIVnJtNDM5M0RQaWRudUcxOG8KZnHCLuyPFdx4j1WY6fk8nqMeACmpYZzU EpNqjoBswCkUnaRMVcj5lrHvHDjdbQ0Ypn3s/YvI4UBsXMnnv9UD7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-10T21:16:19Z" - mac: ENC[AES256_GCM,data:yZyBuZE5Gb6TSViqZaugZeloGxbsspc1oDMVVaoNZ7fcDXT7ELg85qWTokLV5PcySeh2IUpDtaqt+QV8tqHlWbREOHHWi+gwBGfBWww7k+H6h9+Vj3hpydPBBohklMpYYWK0F8fAuJjLhE6Usv96N8/CnCv4NJUIjK33pca5vMY=,iv:s8jumWZMU52PKHq0FAdl8IDv7aSym9cOG0W/cSn9XUI=,tag:Rh3oCJ2jucubvqRs7A+abQ==,type:str] + lastmodified: "2022-12-16T23:40:12Z" + mac: ENC[AES256_GCM,data:GXW0hMq84q5DrbV9YLNu5fvgAwFuBoq3cK7fD+FYHdnX1hq/6pTF2ksu7K7M9DE4yetXx7RKBWERm/1DShpV7Qe0jP/+kh31uwhCws6Ay0l14UDT52lL8uQ/jDHKv6ghG4/Q58u1Hvj/xZas34YmYxxJoyEzzCbMSfSgWh6GSMM=,iv:GuBCWI6s9yLhz3tEarZ1gbtXC+gUOVlbc43bezb9nbU=,tag:2bE8yOu87ooLdqjU5Ex1MQ==,type:str] pgp: - created_at: "2022-11-27T00:27:03Z" enc: |-