summaryrefslogtreecommitdiffstats
path: root/lass/2configs/monitoring/server.nix
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-01-30 22:56:43 +0100
committerlassulus <lass@lassul.us>2017-01-30 22:56:43 +0100
commit1d2c058d78f9cb5d4a51dd2ffb1bfd4b09623055 (patch)
tree053ba89252fe11e23e49787d463e11fcae17f11e /lass/2configs/monitoring/server.nix
parentf0a345d79b0ab80d2e38baddba7f19e40241c79a (diff)
l 2 monitoring: introduce {client,server}.nix
Diffstat (limited to 'lass/2configs/monitoring/server.nix')
-rw-r--r--lass/2configs/monitoring/server.nix59
1 files changed, 59 insertions, 0 deletions
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
new file mode 100644
index 000000000..335820bc7
--- /dev/null
+++ b/lass/2configs/monitoring/server.nix
@@ -0,0 +1,59 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+{
+ services.influxdb = {
+ enable = true;
+ };
+
+ services.influxdb.extraConfig = {
+ meta.hostname = config.krebs.build.host.name;
+ # meta.logging-enabled = true;
+ http.bind-address = ":8086";
+ admin.bind-address = ":8083";
+ monitoring = {
+ enabled = false;
+ # write-interval = "24h";
+ };
+ };
+
+ lass.kapacitor =
+ let
+ echoToIrc = pkgs.writeDash "echo_irc" ''
+ set -euf
+ data="$(${pkgs.jq}/bin/jq -r .message)"
+ export LOGNAME=prism-alarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
+ '';
+ in {
+ enable = true;
+ alarms = {
+ test2 = ''
+ batch
+ |query(${"'''"}
+ SELECT mean("usage_user") AS mean
+ FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
+ ${"'''"})
+ .every(3m)
+ .period(1m)
+ .groupBy('host')
+ |alert()
+ .crit(lambda: "mean" > 90)
+ // Whenever we get an alert write it to a file.
+ .log('/tmp/alerts.log')
+ .exec('${echoToIrc}')
+ '';
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
+ { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
+ ];
+ services.grafana = {
+ enable = true;
+ addr = "0.0.0.0";
+ auth.anonymous.enable = true;
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+}