diff --git a/build/flake.lock b/build/flake.lock index 05fcb8df..d0e70da6 100644 --- a/build/flake.lock +++ b/build/flake.lock @@ -34,11 +34,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1734897875, - "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "lastModified": 1739900653, + "narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=", "owner": "zhaofengli", "repo": "colmena", - "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab", "type": "github" }, "original": { @@ -76,11 +76,11 @@ ] }, "locked": { - "lastModified": 1739634831, - "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", "owner": "nix-community", "repo": "disko", - "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", "type": "github" }, "original": { @@ -351,11 +351,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739719496, - "narHash": "sha256-emht/teBZSA+uod0i30X50l7Xt+7+ta09hIEPo3srTU=", + "lastModified": 1739923778, + "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "447e1660723ce6690f9250b45689e14c29d220ff", + "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", "type": "github" }, "original": { diff --git a/build/pluto/prometheus/exporters/blackbox.nix b/build/pluto/prometheus/exporters/blackbox.nix index abdbbabc..ae481c58 100644 --- a/build/pluto/prometheus/exporters/blackbox.nix +++ b/build/pluto/prometheus/exporters/blackbox.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: let - mkProbe = module: targets: { + mkStaticProbe = module: targets: { job_name = "blackbox-${module}"; metrics_path = "/probe"; params = { @@ -19,12 +19,36 @@ let } { target_label = "__address__"; - replacement = "localhost:9115"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; } ]; }; -in + mkDnsSdProbe = module: dns_sd_config: { + job_name = "blackbox-${module}"; + metrics_path = "/probe"; + params = { + module = [ module ]; + }; + dns_sd_configs = [ + dns_sd_config + ]; + relabel_configs = [ + { + source_labels = [ "__address__" ]; + target_label = "__param_target"; + } + { + source_labels = [ "__meta_dns_name" ]; + target_label = "instance"; + } + { + target_label = "__address__"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; + } + ]; + }; +in { services.prometheus = { exporters.blackbox = { @@ -37,12 +61,31 @@ in tcp.tls = true; http.headers.User-Agent = "blackbox-exporter"; }; + + # From https://github.com/prometheus/blackbox_exporter/blob/53e78c2b3535ecedfd072327885eeba2e9e51ea2/example.yml#L120-L133 + modules.smtp_starttls = { + prober = "tcp"; + timeout = "5s"; + tcp = { + query_response = [ + { expect = "^220 ([^ ]+) ESMTP (.+)$"; } + { send = "EHLO prober\r"; } + { expect = "^250-STARTTLS"; } + { send = "STARTTLS\r"; } + { expect = "^220"; } + { starttls = true; } + { send = "EHLO prober\r"; } + { expect = "^250-AUTH"; } + { send = "QUIT\r"; } + ]; + }; + }; } ); }; scrapeConfigs = [ - (mkProbe "https_success" [ + (mkStaticProbe "https_success" [ "https://cache.nixos.org" "https://channels.nixos.org" "https://common-styles.nixos.org" @@ -61,6 +104,13 @@ in "https://www.nixos.org" "https://tracker.security.nixos.org" ]) + (mkDnsSdProbe "smtp_starttls" { + names = [ + "mail-test.nixos.org" + ]; + type = "MX"; + port = 25; + }) ]; ruleFiles = [ @@ -88,6 +138,15 @@ in labels.severity = "warning"; annotations.summary = "Endpoint {{ $labels.instance }} is unreachable"; } + { + alert = "MxUnreachable"; + expr = '' + probe_success{job="blackbox-smtp_starttls"} == 0 + ''; + for = "15m"; + labels.severity = "warning"; + annotations.summary = "Mail server {{ $labels.instance }} is unreachable"; + } ]; } ];