mdlayher-homelab/nixos/servnerr-3/prometheus.nix

{ pkgs, ... }:

let
  # Scrape a target with the specified module, interval, and list of targets.
  blackboxScrape = (module: blackboxScrapeJobName module module);

  # Same as blackboxScrape, but allow customizing the job name.
  blackboxScrapeJobName = (job: module: interval: targets: {
    job_name = "blackbox_${job}";
    scrape_interval = "${interval}";
    metrics_path = "/probe";
    params = { module = [ "${module}" ]; };
    # blackbox_exporter location is hardcoded.
    relabel_configs = relabelTarget "servnerr-3:9115";
    static_configs = [{ inherit targets; }];
  });

  # Produces a relabeling configuration that replaces the instance label with
  # the HTTP target parameter.
  relabelTarget = (target: [
    {
      source_labels = [ "__address__" ];
      target_label = "__param_target";
    }
    {
      source_labels = [ "__param_target__" ];
      target_label = "instance";
    }
    {
      target_label = "__address__";
      replacement = "${target}";
    }
  ]);

in {
  # Prometheus monitoring server and exporter configuration.
  services.prometheus = {
    enable = true;
    webExternalUrl = "https://prometheus.servnerr.com";

    extraFlags = [ "--storage.tsdb.retention=365d" ];

    # Use alertmanager running on monitoring machine.
    alertmanagers =
      [{ static_configs = [{ targets = [ "monitnerr-1:9093" ]; }]; }];

    exporters = {
      # Node exporter already enabled on all machines.

      blackbox = {
        enable = true;
        configFile = pkgs.writeText "blackbox.yml" ''
          modules:
            http_2xx:
              prober: http
            http_401:
              prober: http
              http:
                valid_status_codes: [401]
            ssh_banner:
              prober: tcp
              tcp:
                query_response:
                - expect: "^SSH-2.0-"
                  '';
      };

      # SNMP exporter with data file from release 0.17.0.
      snmp = {
        enable = true;
        configurationPath = builtins.fetchurl {
          url =
            "https://raw.githubusercontent.com/prometheus/snmp_exporter/f0ad4551a5c2023e383bc8dde2222f47dc760b83/snmp.yml";
          sha256 =
            "5c1febe100ce9140c8c59cf3c2a6346a1219dd0966d5cd2926498e88dcd69997";
        };
      };
    };

    # TODO: template out hostnames or consider DNSSD.
    scrapeConfigs = [
      # Blackbox exporter and associated targets.
      {
        job_name = "blackbox";
        static_configs = [{ targets = [ "servnerr-3:9115" ]; }];
      }
      (blackboxScrape "http_2xx" "15s" [ "https://grafana.servnerr.com" ])
      # Netlify can occasionally be flappy, so check it less often.
      (blackboxScrapeJobName "http_2xx_mdlayhercom" "http_2xx" "1m"
        [ "https://mdlayher.com" ])
      (blackboxScrape "http_401" "15s" [
        "https://alertmanager.servnerr.com"
        "https://plex.servnerr.com"
        "https://prometheus.servnerr.com"
      ])
      # The SSH banner check produces a fair amount of log spam, so only scrape
      # it once a minute.
      (blackboxScrape "ssh_banner" "1m" [
        "monitnerr-1:22"
        "nerr-3:22"
        "routnerr-2:22"
        "servnerr-3:22"
        "unifi.servnerr.com:22"
      ])
      {
        job_name = "coredns";
        static_configs = [{ targets = [ "routnerr-2:9153" ]; }];
      }
      {
        job_name = "corerad";
        static_configs = [{ targets = [ "routnerr-2:9430" ]; }];
      }
      {
        job_name = "node";
        static_configs = [{
          targets = [
            "monitnerr-1:9100"
            "nerr-3:9100"
            "routnerr-2:9100"
            "servnerr-3:9100"
          ];
        }];
      }
      {
        job_name = "obs";
        static_configs = [{ targets = [ "nerr-3:9407" ]; }];
      }
      # SNMP relabeling configuration required to properly replace the instance
      # names and query the correct devices.
      {
        job_name = "snmp";
        metrics_path = "/snmp";
        params = { module = [ "if_mib" ]; };
        relabel_configs = relabelTarget "servnerr-3:9116";
        static_configs = [{
          targets =
            [ "switch-livingroom01" "switch-office01" "ap-livingroom02" ];
        }];
      }
      {
        job_name = "wireguard";
        static_configs = [{ targets = [ "routnerr-2:9586" ]; }];
      }
    ];
  };
}
nixos/servnerr-3: fix nix-linter issues 2020-04-27 18:50:29 +00:00			`{ pkgs, ... }:`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00			`let`
			`# Scrape a target with the specified module, interval, and list of targets.`
nixos: nixfmt 2020-04-28 18:12:30 +00:00			`blackboxScrape = (module: blackboxScrapeJobName module module);`
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00
			`# Same as blackboxScrape, but allow customizing the job name.`
			`blackboxScrapeJobName = (job: module: interval: targets: {`
			`job_name = "blackbox_${job}";`
			`scrape_interval = "${interval}";`
			`metrics_path = "/probe";`
			`params = { module = [ "${module}" ]; };`
			`# blackbox_exporter location is hardcoded.`
			`relabel_configs = relabelTarget "servnerr-3:9115";`
nixos/servnerr-3: fix nix-linter issues 2020-04-27 18:50:29 +00:00			`static_configs = [{ inherit targets; }];`
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00			`});`

			`# Produces a relabeling configuration that replaces the instance label with`
			`# the HTTP target parameter.`
			`relabelTarget = (target: [`
			`{`
			`source_labels = [ "__address__" ];`
			`target_label = "__param_target";`
			`}`
			`{`
			`source_labels = [ "__param_target__" ];`
			`target_label = "instance";`
			`}`
			`{`
			`target_label = "__address__";`
			`replacement = "${target}";`
			`}`
			`]);`

			`in {`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`# Prometheus monitoring server and exporter configuration.`
			`services.prometheus = {`
			`enable = true;`
			`webExternalUrl = "https://prometheus.servnerr.com";`

nixos/servnerr-3: nixfmt prometheus config 2020-05-18 01:06:35 +00:00			`extraFlags = [ "--storage.tsdb.retention=365d" ];`
nixos/servnerr-3: retain Prometheus data for one year 2020-05-08 16:06:47 +00:00
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`# Use alertmanager running on monitoring machine.`
			`alertmanagers =`
			`[{ static_configs = [{ targets = [ "monitnerr-1:9093" ]; }]; }];`

			`exporters = {`
nixos/lib: factor out node exporter configuration 2020-04-26 18:42:41 +00:00			`# Node exporter already enabled on all machines.`
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00
			`blackbox = {`
			`enable = true;`
			`configFile = pkgs.writeText "blackbox.yml" ''`
			`modules:`
			`http_2xx:`
			`prober: http`
			`http_401:`
			`prober: http`
			`http:`
			`valid_status_codes: [401]`
			`ssh_banner:`
			`prober: tcp`
			`tcp:`
			`query_response:`
			`- expect: "^SSH-2.0-"`
			`'';`
			`};`

nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`# SNMP exporter with data file from release 0.17.0.`
			`snmp = {`
			`enable = true;`
			`configurationPath = builtins.fetchurl {`
			`url =`
			`"https://raw.githubusercontent.com/prometheus/snmp_exporter/f0ad4551a5c2023e383bc8dde2222f47dc760b83/snmp.yml";`
			`sha256 =`
			`"5c1febe100ce9140c8c59cf3c2a6346a1219dd0966d5cd2926498e88dcd69997";`
			`};`
			`};`
			`};`

nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00			`# TODO: template out hostnames or consider DNSSD.`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`scrapeConfigs = [`
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00			`# Blackbox exporter and associated targets.`
			`{`
			`job_name = "blackbox";`
			`static_configs = [{ targets = [ "servnerr-3:9115" ]; }];`
			`}`
			`(blackboxScrape "http_2xx" "15s" [ "https://grafana.servnerr.com" ])`
			`# Netlify can occasionally be flappy, so check it less often.`
			`(blackboxScrapeJobName "http_2xx_mdlayhercom" "http_2xx" "1m"`
			`[ "https://mdlayher.com" ])`
			`(blackboxScrape "http_401" "15s" [`
			`"https://alertmanager.servnerr.com"`
			`"https://plex.servnerr.com"`
			`"https://prometheus.servnerr.com"`
			`])`
			`# The SSH banner check produces a fair amount of log spam, so only scrape`
			`# it once a minute.`
			`(blackboxScrape "ssh_banner" "1m" [`
			`"monitnerr-1:22"`
			`"nerr-3:22"`
			`"routnerr-2:22"`
			`"servnerr-3:22"`
			`"unifi.servnerr.com:22"`
			`])`
			`{`
			`job_name = "coredns";`
			`static_configs = [{ targets = [ "routnerr-2:9153" ]; }];`
			`}`
			`{`
			`job_name = "corerad";`
			`static_configs = [{ targets = [ "routnerr-2:9430" ]; }];`
			`}`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`{`
			`job_name = "node";`
			`static_configs = [{`
			`targets = [`
			`"monitnerr-1:9100"`
			`"nerr-3:9100"`
			`"routnerr-2:9100"`
			`"servnerr-3:9100"`
			`];`
			`}];`
			`}`
nixos/servnerr-3: add obs Prometheus job 2020-05-08 16:47:44 +00:00			`{`
			`job_name = "obs";`
			`static_configs = [{ targets = [ "nerr-3:9407" ]; }];`
			`}`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`# SNMP relabeling configuration required to properly replace the instance`
			`# names and query the correct devices.`
			`{`
			`job_name = "snmp";`
			`metrics_path = "/snmp";`
			`params = { module = [ "if_mib" ]; };`
nixos/servnerr-3: set up blackbox_exporter 2020-04-26 20:01:05 +00:00			`relabel_configs = relabelTarget "servnerr-3:9116";`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`static_configs = [{`
			`targets =`
			`[ "switch-livingroom01" "switch-office01" "ap-livingroom02" ];`
			`}];`
			`}`
nixos/servnerr-3: scrape wireguard exporter on router 2020-04-30 20:01:39 +00:00			`{`
			`job_name = "wireguard";`
			`static_configs = [{ targets = [ "routnerr-2:9586" ]; }];`
			`}`
nixos/servnerr-3: break out prometheus configuration 2020-04-26 18:40:00 +00:00			`];`
			`};`
			`}`