diff --git a/modules/dashboards/dmarc.json b/modules/dashboards/dmarc.json new file mode 100644 index 0000000..5e606ee --- /dev/null +++ b/modules/dashboards/dmarc.json @@ -0,0 +1,671 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 8, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 8, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Total", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 8 + }, + "id": 11, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_compliant_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "# compliant", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 0.0001 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 8 + }, + "id": 13, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_reject_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "title": "# reject", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 0.0001 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 8 + }, + "id": 10, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_quarantine_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "title": "# quarantine", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "red", + "value": null + }, + { + "color": "green", + "value": 100 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 16 + }, + "id": 6, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_compliant_total[$__range]))/sum(increase(dmarc_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "% compliant", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 0.0001 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 16 + }, + "id": 12, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_reject_total[$__range]))/sum(increase(dmarc_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "title": "% reject", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 0.0001 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 16 + }, + "id": 14, + "interval": "1h", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_quarantine_total[$__range]))/sum(increase(dmarc_total[$__range]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "title": "% quarantine", + "type": "stat" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 2, + "interval": "1h", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_compliant_total[$__rate_interval])) by (reporter)", + "interval": "", + "legendFormat": "Compliant by {{reporter}}", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(increase(dmarc_reject_total[$__rate_interval])) by (reporter)", + "hide": false, + "interval": "", + "legendFormat": "Reject by {{reporter}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "# by reporter", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 33 + }, + "hiddenSeries": false, + "id": 4, + "interval": "1h", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(increase(dmarc_compliant_total[$__rate_interval])) by (dkim_domain)", + "interval": "", + "legendFormat": "Compliant from {{dkim_domain}}", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(increase(dmarc_reject_total[$__rate_interval])) by (dkim_domain)", + "hide": false, + "interval": "", + "legendFormat": "Rejected from {{dkim_domain}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "# by sender domain", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-30d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "dmarc dashboard", + "uid": "dWAaq-cnk", + "version": 11 +} \ No newline at end of file diff --git a/modules/grafana.nix b/modules/grafana.nix index 80c83b3..717f45e 100644 --- a/modules/grafana.nix +++ b/modules/grafana.nix @@ -78,6 +78,15 @@ ]; }]; } + { + job_name = "dmarc"; + scrape_interval = "15s"; + static_configs = [{ + targets = [ + "10.0.2.3:${toString config.services.prometheus.exporters.dmarc.port}" + ]; + }]; + } ]; }; diff --git a/profiles/storage.nix b/profiles/storage.nix index 090cea8..c561bd9 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -26,6 +26,9 @@ nixCacheKey = { key = "nix/cache_secret_key"; }; + dmarcExporterPassword = { + key = "dmarc_exporter/password"; + }; }; custom = { @@ -75,6 +78,23 @@ services.openssh.enable = true; }; + services.prometheus.exporters.dmarc = { + enable = true; + debug = true; + imap = { + host = "mail.banditlair.com"; + username = "paultrial@banditlair.com"; + passwordFile = "/run/credentials/prometheus-dmarc-exporter.service/password"; + }; + folders = { + inbox = "dmarc_reports"; + done = "Archives.dmarc_report_processed"; + error = "Archives.dmarc_report_error"; + }; + }; + systemd.services.prometheus-dmarc-exporter.serviceConfig.LoadCredential = + "password:${config.sops.secrets.dmarcExporterPassword.path}"; + networking.firewall.allowedTCPPorts = [ 80 443 18080 ]; networking.firewall.interfaces.vlan4001.allowedTCPPorts = [ config.services.loki.configuration.server.http_listen_port ]; diff --git a/secrets.enc.yml b/secrets.enc.yml index 4c14306..90cacc5 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -27,6 +27,8 @@ email: marie: ENC[AES256_GCM,data:XM1Gt2fY0GqOq+J3+CQflnWPLMmILqTWviWxzkrluovweQ+iMWmfGAS9o2K/GAS1Rr0G3P4NFmhPe6YL,iv:g9Y3WClUzvE4bkXaV82q2/cFME20KvsIV1T/q0ysBIo=,tag:Gc5rE/WubuD66uz+8OOclQ==,type:str] alice: ENC[AES256_GCM,data:wLnrPro2FIsT+i5rpcmen63waTE6RBF/aw5yUz6BmsMRXCMmJyoLxrGgB4faIaBEnRNT68iozP8dSCIG,iv:2Tjvz/5JMBby+OBAYShIAz7Tl3gSQAYmUepJcHM9my0=,tag:ulrfLiTBExN5D9hjg3rgSA==,type:str] monit: ENC[AES256_GCM,data:p/Vtc9MM8BeNF2V3l0VL82oOk0JUeKY/hAqPtW45Sdm8hiZbCNdF68jurvoI2oBu8b0d2Fer0n4ybAQJ,iv:R7PhqwaWaxx7g1gyYnh0UdoQILYHKuFG84AGghiOJ9g=,tag:S/IpeyVHLzHyqPDHIxAT8w==,type:str] +dmarc_exporter: + password: ENC[AES256_GCM,data:eWTv3x0uDhvW8U9ZW/FTNIEkDB0vhMoauZWNju2xZoIV2MhBeOwBHQ==,iv:+GQji5bqDCXOyt8+Vjsb08UW5zaA0KLGMQqhRBQUxcg=,tag:FvRoUrabkEn0PA8DZLIayA==,type:str] monit: mailserver_config: ENC[AES256_GCM,data:LLYTJ0sg5WoJxJg2/9LgD8xAs6ZKuXv8F3ZaEyhW+9spsLbyNibFh9lBxkW009/zyfnI4AU6Fq2WbIWTQKXvCgUWUNr2VCs1BJZkIgijzqJ7edovIcokvm47+eDjeYO2VXBvovtlsryo1BIl+RLulbWFn9Y6fDZbZm4esSL1Vcq9SsSGcMpw8cvUHdWjn7c=,iv:ZfJWtUBPwraKNf5HnVxUCkfvp/xYQwSOK4+4GmWWwn4=,tag:HFboSw/TVczjfGnL1/K29g==,type:str] wiki: @@ -57,8 +59,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-10-19T04:39:50Z" - mac: ENC[AES256_GCM,data:EVAuXn/AK8ntHymfA9gOgo7d0MZUdGJvt7nrm4nt4IlKQCigBjaF5JRslcbGrzOnw5/hRHC1iVj9YqzkOC1iV00y/k7mNK5wxR1c0+NcFFm/HmJRnxH2Dncs2faJ25q6tmZBLG2iSlesXoiR0CAlMywIJDkpYh/bBRHJoc1NqC0=,iv:px8sFUbAu5KjLe3H8mfKxSSlkxLm1xuWAyTLwDkI/v0=,tag:/3KnzWNtNuIPV5ZjHu4fxA==,type:str] + lastmodified: "2022-11-07T15:15:00Z" + mac: ENC[AES256_GCM,data:YBMmTgwhCAzLx4a07IFgehry9YyWDijloEYafYBsWSvyJMWl5ilwL75rIKEeWFNDjg2qc1prxwhypZIux79y9c9VsScJvcjbt8mR0lpce3ov0n8V2APP84ypiboiedCcBq0AgoW+wDW/jNupKfRs2jyUwRyuTnh4pM2qqFmOtEo=,iv:72Q09ge81Ngpv+9toujTi85lz7EZjz6PXeSshSdG+zA=,tag:EmyXMETtfXQFJ37M1wCutw==,type:str] pgp: - created_at: "2021-11-29T00:57:34Z" enc: |