2022-07-10 13:25:53 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
{
|
|
|
|
imports =
|
|
|
|
[
|
|
|
|
./hardware-configuration.nix
|
|
|
|
];
|
2022-07-11 22:37:26 +02:00
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
2022-07-10 13:25:53 +02:00
|
|
|
networking.hostName = "monitoring";
|
|
|
|
networking.useDHCP = false;
|
2022-07-11 22:37:26 +02:00
|
|
|
networking.interfaces.ens18.ipv4.addresses = [
|
|
|
|
{address = "10.42.10.7"; prefixLength = 24; }
|
|
|
|
];
|
|
|
|
networking.interfaces.ens18.ipv6.addresses = [
|
|
|
|
{address = "2a01:4f8:1c0c:8221::7"; prefixLength = 64; }
|
|
|
|
{address = "2a01:4f8:1c0c:8221::1984"; prefixLength = 64; }
|
|
|
|
];
|
2022-07-10 13:25:53 +02:00
|
|
|
networking.defaultGateway = { address = "10.42.10.1"; interface = "ens18"; };
|
|
|
|
networking.defaultGateway6 = { address = "2a01:4f8:1c0c:8221::1"; interface = "ens18"; };
|
|
|
|
networking.nameservers = [ "2a01:4f8:1c0c:8221::1" "10.42.10.1" ];
|
2022-07-12 01:40:18 +02:00
|
|
|
|
|
|
|
networking.hosts = {
|
|
|
|
# Vlan
|
|
|
|
"10.42.10.1" = [ "gw.services.net.bula22.de" ];
|
|
|
|
"10.42.42.1" = [ "gw.management.net.bula22.de" ];
|
|
|
|
"10.42.151.1" = [ "gw.technik-iot.net.bula22.de" ];
|
|
|
|
"10.42.201.1" = [ "gw.technik.net.bula22.de" ];
|
|
|
|
"10.42.203.1" = [ "gw.hospital.net.bula22.de" ];
|
|
|
|
"10.42.204.1" = [ "gw.zoll.net.bula22.de" ];
|
|
|
|
"10.42.205.1" = [ "gw.leitstelle.net.bula22.de" ];
|
|
|
|
"10.42.206.1" = [ "gw.verwaltung.net.bula22.de" ];
|
|
|
|
"10.42.208.1" = [ "gw.yolo.net.bula22.de" ];
|
|
|
|
"10.42.209.1" = [ "gw.infojurte.net.bula22.de" ];
|
|
|
|
"10.42.210.1" = [ "gw.international.net.bula22.de" ];
|
|
|
|
"10.42.211.1" = [ "gw.programmtresen.net.bula22.de" ];
|
|
|
|
"10.42.212.1" = [ "gw.open-office.net.bula22.de" ];
|
|
|
|
|
|
|
|
# Management
|
|
|
|
"10.42.42.10" = [ "wlan-controller.bula22.de" ];
|
|
|
|
"10.42.42.11" = [ "sw-zentral-1.bula22.de" ];
|
|
|
|
"10.42.42.12" = [ "sw-zentral-2.bula22.de" ];
|
|
|
|
"10.42.42.13" = [ "sw-verwaltung.bula22.de" ];
|
|
|
|
"10.42.42.14" = [ "sw-zoll-container.bula22.de" ];
|
|
|
|
"10.42.42.15" = [ "sw-zoll-zelt.bula22.de" ];
|
|
|
|
"10.42.42.16" = [ "sw-programmtresen.bula22.de" ];
|
|
|
|
"10.42.42.17" = [ "sw-international.bula22.de" ];
|
|
|
|
"10.42.42.18" = [ "sw-leitstelle.bula22.de" ];
|
|
|
|
"10.42.42.19" = [ "sw-infojurte.bula22.de" ];
|
|
|
|
"10.42.42.20" = [ "sw-technik-zelt.bula22.de" ];
|
|
|
|
"10.42.42.21" = [ "sw-technik-container.bula22.de" ];
|
|
|
|
"10.42.42.22" = [ "sw-hospital.bula22.de" ];
|
|
|
|
"10.42.42.23" = [ "sw-fuf.bula22.de" ];
|
|
|
|
"10.42.42.24" = [ "sw-waschhaus.bula22.de" ];
|
|
|
|
"10.42.42.25" = [ "sw-buehne.bula22.de" ];
|
|
|
|
"10.42.42.26" = [ "sw-trabantenstadt.bula22.de" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.prometheus.exporters.blackbox = {
|
|
|
|
enable = true;
|
|
|
|
listenAddress = "[::1]";
|
|
|
|
port = 9115;
|
|
|
|
configFile = ./blackbox.yml;
|
|
|
|
};
|
2022-07-10 13:25:53 +02:00
|
|
|
services.prometheus.exporters.node.enable = true;
|
|
|
|
services.prometheus.alertmanager = {
|
|
|
|
enable = true;
|
|
|
|
listenAddress = "[::1]";
|
|
|
|
port = 9093;
|
2022-07-11 22:37:26 +02:00
|
|
|
configuration = {
|
|
|
|
route = {
|
|
|
|
receiver = "default";
|
|
|
|
group_by = [ "instance" ];
|
|
|
|
};
|
|
|
|
receivers = [
|
|
|
|
{
|
|
|
|
name = "default";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2022-07-10 13:25:53 +02:00
|
|
|
};
|
|
|
|
services.prometheus = {
|
|
|
|
enable = true;
|
|
|
|
listenAddress = "[::1]";
|
|
|
|
scrapeConfigs = [
|
|
|
|
{
|
|
|
|
job_name = "prometheus";
|
|
|
|
scrape_interval = "20s";
|
|
|
|
scheme = "http";
|
|
|
|
static_configs = [
|
|
|
|
{
|
|
|
|
targets = [
|
|
|
|
"[::1]:9090"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
{
|
|
|
|
job_name = "node-exporter";
|
|
|
|
scrape_interval = "20s";
|
|
|
|
static_configs = [
|
|
|
|
{
|
|
|
|
targets = [
|
|
|
|
"[::1]:9100"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
2022-07-12 01:40:18 +02:00
|
|
|
{
|
|
|
|
job_name = "blackbox";
|
2022-07-12 01:58:11 +02:00
|
|
|
scrape_interval = "20s";
|
2022-07-12 01:40:18 +02:00
|
|
|
metrics_path = "/probe";
|
|
|
|
params = {
|
|
|
|
module = [ "icmp" ];
|
|
|
|
};
|
|
|
|
static_configs = [
|
|
|
|
{
|
|
|
|
targets = [
|
|
|
|
# Internet Probes
|
|
|
|
"clerie.de"
|
|
|
|
"vcp.de"
|
|
|
|
"bundeslager.vcp.de"
|
|
|
|
|
|
|
|
# Vlan Probes
|
|
|
|
"gw.services.net.bula22.de"
|
|
|
|
"gw.management.net.bula22.de"
|
|
|
|
"gw.technik-iot.net.bula22.de"
|
|
|
|
"gw.technik.net.bula22.de"
|
|
|
|
"gw.hospital.net.bula22.de"
|
|
|
|
"gw.zoll.net.bula22.de"
|
|
|
|
"gw.leitstelle.net.bula22.de"
|
|
|
|
"gw.verwaltung.net.bula22.de"
|
|
|
|
"gw.yolo.net.bula22.de"
|
|
|
|
"gw.infojurte.net.bula22.de"
|
|
|
|
"gw.international.net.bula22.de"
|
|
|
|
"gw.programmtresen.net.bula22.de"
|
|
|
|
"gw.open-office.net.bula22.de"
|
|
|
|
|
|
|
|
# Management Probes
|
|
|
|
"wlan-controller.bula22.de"
|
|
|
|
"sw-zentral-1.bula22.de"
|
|
|
|
"sw-zentral-2.bula22.de"
|
|
|
|
"sw-verwaltung.bula22.de"
|
|
|
|
"sw-zoll-container.bula22.de"
|
|
|
|
"sw-zoll-zelt.bula22.de"
|
|
|
|
"sw-programmtresen.bula22.de"
|
|
|
|
"sw-international.bula22.de"
|
|
|
|
"sw-leitstelle.bula22.de"
|
|
|
|
"sw-infojurte.bula22.de"
|
|
|
|
"sw-technik-zelt.bula22.de"
|
|
|
|
"sw-technik-container.bula22.de"
|
|
|
|
"sw-hospital.bula22.de"
|
|
|
|
"sw-fuf.bula22.de"
|
|
|
|
"sw-waschhaus.bula22.de"
|
|
|
|
"sw-buehne.bula22.de"
|
|
|
|
"sw-trabantenstadt.bula22.de"
|
|
|
|
|
|
|
|
# Service Probes
|
|
|
|
"router.bula22.de"
|
|
|
|
"radius.bula22.de"
|
|
|
|
"yate.bula22.de"
|
|
|
|
"monitoring.bula22.de"
|
|
|
|
"dns.bula22.de"
|
|
|
|
"nerd.bula22.de"
|
|
|
|
"pre-router.bula22.de"
|
|
|
|
"nixdeploy.bula22.de"
|
|
|
|
|
|
|
|
# External Service Probes
|
|
|
|
"vcp-bula-mon.bula22.de"
|
|
|
|
"vcp-bula-telko.bula22.de"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
relabel_configs = [
|
|
|
|
{
|
|
|
|
source_labels = [ "__address__" ];
|
|
|
|
target_label = "__param_target";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
source_labels = [ "__param_target" ];
|
|
|
|
target_label = "instance";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
target_label = "__address__";
|
|
|
|
replacement = "[::1]:9115";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
2022-07-16 19:34:10 +02:00
|
|
|
{
|
|
|
|
job_name = "dns";
|
|
|
|
scrape_interval = "5s";
|
|
|
|
static_configs = [
|
|
|
|
{
|
|
|
|
targets = [
|
|
|
|
"dns.bula22.de:9253"
|
|
|
|
"dns.bula22.de:9353"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
2022-07-10 13:25:53 +02:00
|
|
|
];
|
|
|
|
alertmanagers = [
|
|
|
|
{
|
|
|
|
static_configs = [ {
|
|
|
|
targets = [
|
|
|
|
"[::1]:9093"
|
|
|
|
];
|
|
|
|
} ];
|
|
|
|
}
|
|
|
|
];
|
2022-07-11 22:37:26 +02:00
|
|
|
rules = [ (readFile ./alertmanager-rules.yml) ];
|
2022-07-10 13:25:53 +02:00
|
|
|
};
|
|
|
|
services.grafana = {
|
|
|
|
enable = true;
|
|
|
|
domain = "grafana.bula22.de";
|
|
|
|
rootUrl = "https://grafana.bula22.de";
|
|
|
|
port = 3001;
|
|
|
|
addr = "::1";
|
|
|
|
auth.anonymous.enable = true;
|
|
|
|
provision = {
|
|
|
|
enable = true;
|
|
|
|
datasources = [
|
|
|
|
{
|
|
|
|
type = "prometheus";
|
|
|
|
name = "Prometheus";
|
|
|
|
url = "http://[::1]:9090";
|
|
|
|
isDefault = true;
|
|
|
|
}
|
|
|
|
];
|
2022-07-11 22:37:26 +02:00
|
|
|
dashboards = [];
|
2022-07-10 13:25:53 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"prometheus.bula22.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://[::1]:9090/";
|
|
|
|
};
|
|
|
|
"grafana.bula22.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://[::1]:3001/";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2022-07-11 22:37:26 +02:00
|
|
|
|
|
|
|
system.stateVersion = "22.05";
|
2022-07-10 13:25:53 +02:00
|
|
|
}
|