From c3e644d0f597218a6e419a8c779789e302f40e0e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:09:12 +0200 Subject: l yellow.r: add lass-android to download keys --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 23746d210..8e710322f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -386,6 +386,7 @@ with import ; lass-icarus.pubkey lass-daedalus.pubkey lass-helios.pubkey + lass-android.pubkey makefu.pubkey wine-mors.pubkey ]; -- cgit v1.3.1 From 33283cb99c9a9494f8530542f1ab72a432b1709c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:14:54 +0200 Subject: l: remove prometheus monitoring --- lass/1systems/prism/config.nix | 1 - lass/2configs/default.nix | 1 - lass/2configs/monitoring/node-exporter.nix | 15 -- lass/2configs/monitoring/prometheus-server.nix | 217 ------------------------- 4 files changed, 234 deletions(-) delete mode 100644 lass/2configs/monitoring/node-exporter.nix delete mode 100644 lass/2configs/monitoring/prometheus-server.nix (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 8e710322f..6ff900719 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -139,7 +139,6 @@ with import ; - { # quasi bepasty.nix imports = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 9dc2eed21..7ee83c174 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,7 +8,6 @@ with import ; ./gc.nix ./mc.nix ./vim.nix - ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix deleted file mode 100644 index 561e3a25c..000000000 --- a/lass/2configs/monitoring/node-exporter.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } - ]; - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ - "systemd" - ]; - }; - }; -} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix deleted file mode 100644 index b7083c776..000000000 --- a/lass/2configs/monitoring/prometheus-server.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - #networking = { - # firewall.allowedTCPPorts = [ - # 3000 # grafana - # 9090 # prometheus - # 9093 # alertmanager - # ]; - # useDHCP = true; - #}; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } - ]; - - services = { - prometheus = { - enable = true; - extraFlags = [ - "-storage.local.retention 8760h" - "-storage.local.series-file-shrink-ratio 0.3" - "-storage.local.memory-chunks 2097152" - "-storage.local.max-chunks-to-persist 1048576" - "-storage.local.index-cache-size.fingerprint-to-metric 2097152" - "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" - "-storage.local.index-cache-size.label-name-to-label-values 2097152" - "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" - ]; - alertmanagerURL = [ "http://localhost:9093" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" - } - ALERT node_load1_90percent - IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Running on high load.", - description = "{{$labels.alias}} is running with > 90% total load for at least 1h." - } - ALERT node_cpu_util_90percent - IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: High CPU utilization.", - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." - } - ALERT node_ram_using_90percent - IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 - FOR 30m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Using lots of RAM.", - description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", - } - ALERT node_swap_using_80percent - IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 - FOR 10m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Running out of swap soon.", - description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." - } - '' - ]; - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "10s"; - static_configs = [ - { - targets = [ - ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); - #labels = { - # alias = "prometheus.example.com"; - #}; - } - ]; - } - ]; - alertmanager = { - enable = true; - listenAddress = "0.0.0.0"; - configuration = { - "global" = { - "smtp_smarthost" = "smtp.example.com:587"; - "smtp_from" = "alertmanager@example.com"; - }; - "route" = { - "group_by" = [ "alertname" "alias" ]; - "group_wait" = "30s"; - "group_interval" = "2m"; - "repeat_interval" = "4h"; - "receiver" = "team-admins"; - }; - "receivers" = [ - { - "name" = "team-admins"; - "email_configs" = [ - { - "to" = "devnull@example.com"; - } - ]; - "webhook_configs" = [ - { - "url" = "http://127.0.0.1:14813/prometheus-alerts"; - "send_resolved" = true; - } - ]; - } - ]; - }; - }; - }; - grafana = { - enable = true; - addr = "0.0.0.0"; - domain = "grafana.example.com"; - rootUrl = "https://grafana.example.com/"; - auth.anonymous.enable = true; - auth.anonymous.org_role = "Admin"; - }; - }; - services.logstash = { - enable = true; - inputConfig = '' - http { - port => 14813 - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([alerts]) { - ruby { - code => ' - lines = [] - event["alerts"].each {|p| - lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - irc { - channels => [ "#noise" ] - host => "irc.r" - nick => "alarm" - codec => "json_lines" - format => "%{output}" - } - ''; - #plugins = [ ]; - }; -} -- cgit v1.3.1 From 4c602540d076f6b305e449ecf9690e6e423159a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:15:09 +0200 Subject: l prism.r: RIP onondaga --- lass/1systems/prism/config.nix | 19 ------------------- 1 file changed, 19 deletions(-) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6ff900719..b307627d6 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -109,25 +109,6 @@ with import ; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } -- cgit v1.3.1 From 4de0d6a5be8d007b8bc41141cd363a09aad22ca9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:17:35 +0200 Subject: l prism.r: add palo to download keys --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b307627d6..b3b7ac0df 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -266,6 +266,7 @@ with import ; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" ]; } { -- cgit v1.3.1