{
pkgs,
lib,
config,
...
}:
let
inherit (lib) mkEnableOption mkIf;
alerts =
pkgs.runCommand "mimir-alerts-checked"
{
src = ./alerts;
nativeBuildInputs = with pkgs; [ prometheus.cli ];
}
''
promtool check rules $src/*
mkdir $out
cp -R $src $out/anonymous/
'';
template_alert = ./templates;
in
{
environment.etc."alertmanager/templates".source = template_alert;
services.mimir = {
enable = true;
configuration = {
multitenancy_enabled = false;
target = "all,alertmanager";
usage_stats.enabled = false;
limits = {
ingestion_rate = 1000000; # can't set to unlimited :(
out_of_order_time_window = "12h";
max_global_series_per_user = 0; # unlimited
max_label_value_length = 10000; # we have pgscv queries that are LONG
};
server = {
http_listen_port = 9009;
http_listen_address = "127.0.0.1";
grpc_listen_port = 9096;
grpc_listen_address = "127.0.0.1";
};
blocks_storage = {
backend = "filesystem";
};
ingester = {
ring = {
instance_addr = "127.0.0.1";
kvstore = {
store = "memberlist";
};
replication_factor = 1;
};
};
alertmanager_storage.backend = "filesystem";
alertmanager = {
sharding_ring = {
replication_factor = 1;
instance_addr = "127.0.0.1";
};
utf8_strict_mode = true;
fallback_config_file = pkgs.writers.writeYAML "alertmanager.yaml" {
route = {
group_by = ["alertname"];
receiver = "telegram";
group_wait = "30s";
group_interval = "1m";
repeat_interval = "3m";
};
receivers = [
{
name = "telegram";
telegram_configs = [{
bot_token_file = config.sops.secrets."services/telegrambot/token".path;
chat_id = -1002579132187;
}];
}
];
templates = [
"/etc/alertmanager/templates/*.tmpl"
];
};
};
ruler = {
alertmanager_url = "http://localhost/alertmanager";
ring = {
instance_addr = "127.0.0.1";
};
};
ruler_storage = {
backend = "local";
local.directory = alerts;
};
memberlist = {
bind_addr = [ "127.0.0.1" ];
};
};
};
services.nginx = {
upstreams.mimir = {
servers."127.0.0.1:${toString config.services.mimir.configuration.server.http_listen_port}" = { };
extraConfig = "keepalive 20;";
};
virtualHosts."mimir.noc.eh22.intern" = {
locations."/api/v1/push" = {
proxyPass = "http://mimir";
basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
};
locations."/" = {
proxyPass = "http://mimir/";
basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
};
};
virtualHosts."localhost" = {
locations."/" = {
proxyPass = "http://mimir/";
};
};
};
}