diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/2configs/monitoring/client.nix | 32 | ||||
-rw-r--r-- | lass/2configs/monitoring/server.nix | 59 |
2 files changed, 91 insertions, 0 deletions
diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix new file mode 100644 index 000000000..eebf2f2e9 --- /dev/null +++ b/lass/2configs/monitoring/client.nix @@ -0,0 +1,32 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +{ + lass.telegraf = { + enable = true; + outputs = '' + [outputs.influxdb] + urls = ["http://prism:8086"] + database = "all_data" + user_agent = "telegraf" + ''; + inputs = [ + '' + [cpu] + percpu = false + totalcpu = true + drop = ["cpu_time"] + '' + '' + [[inputs.mem]] + '' + '' + [[inputs.ping]] + urls = ["8.8.8.8"] + '' + ]; + }; + systemd.services.telegraf.path = with pkgs; [ + iputils + lm_sensors + ]; +} diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix new file mode 100644 index 000000000..335820bc7 --- /dev/null +++ b/lass/2configs/monitoring/server.nix @@ -0,0 +1,59 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +{ + services.influxdb = { + enable = true; + }; + + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":8086"; + admin.bind-address = ":8083"; + monitoring = { + enabled = false; + # write-interval = "24h"; + }; + }; + + lass.kapacitor = + let + echoToIrc = pkgs.writeDash "echo_irc" '' + set -euf + data="$(${pkgs.jq}/bin/jq -r .message)" + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null + ''; + in { + enable = true; + alarms = { + test2 = '' + batch + |query(${"'''"} + SELECT mean("usage_user") AS mean + FROM "${config.lass.kapacitor.check_db}"."default"."cpu" + ${"'''"}) + .every(3m) + .period(1m) + .groupBy('host') + |alert() + .crit(lambda: "mean" > 90) + // Whenever we get an alert write it to a file. + .log('/tmp/alerts.log') + .exec('${echoToIrc}') + ''; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } + ]; + services.grafana = { + enable = true; + addr = "0.0.0.0"; + auth.anonymous.enable = true; + security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} + }; +} |