colmena initial implementation for sandbox and monitor

2025-07-06 21:25:57 +02:00 · 2025-07-06 21:25:57 +02:00 · 5feb74d56d
commit 5feb74d56d
parent a90630ecb6
40 changed files with 27629 additions and 141 deletions
--- a/machines/monitor/alertmanager.nix
+++ b/machines/monitor/alertmanager.nix
@ -0,0 +1,63 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  alertmanagerEnv = config.sops.secrets."alertmanager/env".path;
+in {
+  sops.secrets."alertmanager/env" = {
+    sopsFile = ../../secrets/secrets.yaml;
+    mode = "0440";
+  };
+
+  services.prometheus.alertmanager = {
+    enable = true;
+    openFirewall = true;
+    environmentFile = alertmanagerEnv;
+
+    webExternalUrl = "http://monitor.lab:9093"; # optional but helpful
+    configuration = {
+      route = {
+        receiver = "null";
+        group_by = ["alertname"];
+        group_wait = "10s";
+        group_interval = "5m";
+        repeat_interval = "4h";
+
+        routes = [
+          {
+            receiver = "telegram";
+            matchers = [
+              "severity =~ \"warning|critical\""
+            ];
+            group_wait = "10s";
+            continue = true;
+          }
+        ];
+      };
+
+      receivers = [
+        {name = "null";}
+        {
+          name = "telegram";
+          telegram_configs = [
+            {
+              api_url = "https://api.telegram.org";
+              bot_token = "$TELEGRAM_BOT_TOKEN";
+              chat_id = -1002642560007;
+              message_thread_id = 4;
+              parse_mode = "HTML";
+              send_resolved = true;
+              message = "{{ template \"telegram.message\". }}";
+            }
+          ];
+        }
+      ];
+
+      templates = [
+        (pkgs.writeText "telegram.tmpl" (builtins.readFile ./provisioning/templates/telegram.tmpl))
+        # (pkgs.writeText "telegram.markdown.v2.tmpl" (builtins.readFile ./provisioning/templates/telegram.markdown.v2.tmpl))
+      ];
+    };
+  };
+}