nox/systems/monitoring.noc.eh22.intern/mimir.nix

{
  pkgs,
  lib,
  config,
  ...
}:
let
  inherit (lib) mkEnableOption mkIf;
  alerts =
    pkgs.runCommand "mimir-alerts-checked"
      {
        src = ./alerts;
        nativeBuildInputs = with pkgs; [ prometheus.cli ];
      }
      ''
        promtool check rules $src/*
        mkdir $out
        cp -R $src $out/anonymous/
      '';
  template_alert = ./templates;
in
{
  environment.etc."alertmanager/templates".source = template_alert;

  services.mimir = {
    enable = true;
    configuration = {
      multitenancy_enabled = false;
      target = "all,alertmanager";
      usage_stats.enabled = false;

      limits = {
        ingestion_rate = 1000000; # can't set to unlimited :(
        out_of_order_time_window = "12h";
        max_global_series_per_user = 0; # unlimited
        max_label_value_length = 10000; # we have pgscv queries that are LONG
      };

      server = {
        http_listen_port = 9009;
        http_listen_address = "127.0.0.1";
        grpc_listen_port = 9096;
        grpc_listen_address = "127.0.0.1";
      };

      blocks_storage = {
        backend = "filesystem";
      };

      ingester = {
        ring = {
          instance_addr = "127.0.0.1";
          kvstore = {
            store = "memberlist";
          };
          replication_factor = 1;
        };
      };

      alertmanager_storage.backend = "filesystem";
      alertmanager = {
        sharding_ring = {
          replication_factor = 1;
          instance_addr = "127.0.0.1";
        };
        utf8_strict_mode = true;
        fallback_config_file = pkgs.writers.writeYAML "alertmanager.yaml" {
            route = {
              group_by = ["alertname"];
              receiver = "telegram";
              group_wait = "30s";
              group_interval = "1m";
              repeat_interval = "3m";
            };
            receivers = [
              {
                name = "telegram";
                telegram_configs = [{
                  bot_token_file = config.sops.secrets."services/telegrambot/token".path;
                  chat_id = -1002579132187;
                }];
              }
            ];
            templates = [
              "/etc/alertmanager/templates/*.tmpl"
            ];
          };
      };
      
      ruler = {
        alertmanager_url = "http://localhost/alertmanager";
        ring = {
          instance_addr = "127.0.0.1";
        };
      };
      ruler_storage = {
        backend = "local";
        local.directory = alerts;
      };

      memberlist = {
        bind_addr = [ "127.0.0.1" ];
      };
    };
  };

  services.nginx = {
    upstreams.mimir = {
      servers."127.0.0.1:${toString config.services.mimir.configuration.server.http_listen_port}" = { };
      extraConfig = "keepalive 20;";
    };

    virtualHosts."mimir.noc.eh22.intern" = {
      locations."/api/v1/push" = {
        proxyPass = "http://mimir";
        basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
      };
      locations."/" = {
        proxyPass = "http://mimir/";
        basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
      };
    };

    virtualHosts."localhost" = {
      locations."/" = {
        proxyPass = "http://mimir/";
      };
    };
  };
}