Merge branch '363.fix-http-alerting' into 'develop'

Fix https alerting See merge request !210

Merge branch '363.fix-http-alerting' into 'develop'
824daa2f · Florian Sesser · 04f44fd7 · 6bc3ff70 · 824daa2f · 824daa2f
Commit 824daa2f authored 3 years ago by Florian Sesser
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -5,6 +5,7 @@
 , "monitoringvpnEndpoint": "192.168.67.24:51820"
 , "passValue": 1000000
 , "issuerDomains": ["payments.localdev"]
+, "monitoringDomains": ["monitoring.localdev"]
 , "letsEncryptAdminEmail": "florian@privatestorage.io"
 , "allowedChargeOrigins": [
    "http://localhost:5000"

--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -116,7 +116,7 @@ let
                nodeExporterTargets
                paymentExporterTargets
                blackboxExporterHttpsTargets;
-        inherit (grid-config) letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = false;
        monitoringvpnIPv4 = "172.23.23.1";

--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -8,6 +8,10 @@
    "payments.privatestorage.io"
  , "payments.private.storage"
  ]
+, "monitoringDomains": [
+    "monitoring.privatestorage.io"
+  , "monitoring.private.storage"
+  ]
 , "letsEncryptAdminEmail": "jean-paul@privatestorage.io"
 , "allowedChargeOrigins": [
    "https://privatestorage.io"

--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -49,7 +49,7 @@ let
                nodeExporterTargets
                paymentExporterTargets
                blackboxExporterHttpsTargets;
-        inherit (grid-config) letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = true;
        monitoringvpnIPv4 = "172.23.23.1";

--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -8,6 +8,10 @@
    "payments.privatestorage-staging.com"
  , "payments.extra.privatestorage-staging.com"
  ]
+, "monitoringDomains": [
+    "monitoring.privatestorage-staging.com"
+  , "monitoring.extra.privatestorage-staging.com"
+  ]
 , "letsEncryptAdminEmail": "jean-paul@privatestorage.io"
 , "allowedChargeOrigins": [
    "http://localhost:5000"

--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -62,7 +62,7 @@ let
                nodeExporterTargets
                paymentExporterTargets
                blackboxExporterHttpsTargets;
-        inherit (grid-config) letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = true;
        monitoringvpnIPv4 = "172.23.23.1";

--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -11,6 +11,7 @@
  # See ``customize-issuer.nix``.
 , monitoringvpnIPv4
 , letsEncryptAdminEmail
+, monitoringDomains

  # A list of VPN IP addresses as strings indicating which clients will be
  # allowed onto the VPN.
@@ -119,7 +120,7 @@ in {
    inherit letsEncryptAdminEmail;
    inherit googleOAuthClientID;
    inherit enableSlackAlert;
-    domain = "${config.networking.hostName}.${config.networking.domain}";
+    domains = monitoringDomains;
  };

  system.stateVersion = stateVersion;

--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -111,7 +111,6 @@ in {
      # We'll refer to this collection of domains by the first domain in the
      # list.
      domain = builtins.head cfg.domains;
-      certServiceName = "acme-${domain}";
      # Payment server internal http port (arbitrary, non-priviledged):
      internalHttpPort = "1061";


--- a/nixos/modules/monitoring/server/grafana-dashboards/services-overview.json
+++ b/nixos/modules/monitoring/server/grafana-dashboards/services-overview.json
@@ -104,7 +104,7 @@
        "alertThreshold": true
      },
      "percentage": false,
-      "pluginVersion": "7.5.10",
+      "pluginVersion": "7.5.11",
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
@@ -245,7 +245,7 @@
        "alertThreshold": true
      },
      "percentage": false,
-      "pluginVersion": "7.5.10",
+      "pluginVersion": "7.5.11",
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
@@ -256,7 +256,7 @@
      "targets": [
        {
          "exemplar": true,
-          "expr": "count by (instance) (probe_success == 0)",
+          "expr": "count by (instance) (probe_http_status_code!=200 and probe_http_status_code!=401 and probe_http_status_code!=404)",
          "interval": "",
          "legendFormat": "{{instance}}",
          "refId": "A"
@@ -387,7 +387,7 @@
        "alertThreshold": true
      },
      "percentage": false,
-      "pluginVersion": "7.5.10",
+      "pluginVersion": "7.5.11",
      "pointradius": 2,
      "points": false,
      "renderer": "flot",

--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -20,10 +20,10 @@ let

 in {
  options.services.private-storage.monitoring.grafana = {
-    domain = lib.mkOption
-    { type = lib.types.str;
-      example = "grafana.grid.private.storage";
-      description = "The FQDN of the Grafana host";
+    domains = lib.mkOption
+    { type = lib.types.listOf lib.types.str;
+      example = [ "grafana.grid.private.storage" ];
+      description = "The domain names at which the server is reachable.";
    };
    prometheusUrl = lib.mkOption
    { type = lib.types.str;
@@ -79,13 +79,18 @@ in {
    };
  };

-  config = {
+  config =
+    let
+      # We'll refer to this collection of domains by the first domain in the list.
+      domain = builtins.head cfg.domains;
+
+    in {
    # Port 80 for ACME ssl retrieval only. 443 for nginx -> grafana.
    networking.firewall.allowedTCPPorts = [ 80 443 ];

    services.grafana = {
      enable = true;
-      domain = cfg.domain;
+      inherit domain; 
      port = 2342;
      addr = "127.0.0.1";

@@ -144,7 +149,7 @@ in {
          is_default = true;
          send_reminder = false;
          settings = {
-            username = "${cfg.domain}";
+            username = "${domain}";
            uploadImage = true;
          };
          secure_settings = {
@@ -170,7 +175,8 @@ in {
      # Only allow PFS-enabled ciphers with AES256:
      sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

-      virtualHosts.${config.services.grafana.domain} = {
+      virtualHosts."${domain}" = {
+        serverAliases = builtins.tail cfg.domains;
        enableACME = true;
        forceSSL = true;
        locations."/" = {