# Alertmanager Configuration for Orion Platform — TEMPLATE
# Docs: https://prometheus.io/docs/alerting/latest/configuration/
#
# This is the IN-REPO TEMPLATE. The real file on each host lives at
# monitoring/alertmanager/alertmanager.yml (gitignored, never committed).
# Copy this file to that path and fill in the CHANGEME values per
# docs/deployment/hetzner-server-setup.md.

global:
  resolve_timeout: 5m

  # ─── SMTP Configuration (mail1.myservices.hosting relay) ────────────
  # Migrated from SendGrid to mail1.myservices.hosting on 2026-??-?? —
  # same SMTP backend the app uses (see /admin/settings).
  #
  # smtp_from is set to alerts@wizard.lu for inbox routing clarity. Most
  # SMTP relays allow the From: header to differ from the authenticated
  # user, BUT some require them to match. If you see "550 sender not
  # authorized" in the alertmanager logs after a reload, either:
  #   1. Configure alerts@wizard.lu as a send-as alias on the support@
  #      mailbox in your mail hosting control panel, or
  #   2. Change smtp_from to 'support@wizard.lu' (less clear in inbox).
  smtp_smarthost: 'mail1.myservices.hosting:587'
  smtp_from: 'alerts@wizard.lu'
  smtp_auth_username: 'support@wizard.lu'
  smtp_auth_password: 'CHANGEME'                 # The /admin/settings SMTP password. NEVER commit a real value.
  smtp_require_tls: true

route:
  # Group alerts by name and severity
  group_by: ['alertname', 'severity']
  group_wait: 30s
  group_interval: 5m
  repeat_interval: 4h
  receiver: 'email-warnings'

  routes:
    # Critical alerts: repeat every 1 hour
    - match:
        severity: critical
      receiver: 'email-critical'
      repeat_interval: 1h

    # Warning alerts: repeat every 4 hours
    - match:
        severity: warning
      receiver: 'email-warnings'
      repeat_interval: 4h

receivers:
  - name: 'email-critical'
    email_configs:
      - to: 'admin@wizard.lu'                    # Recipient mailbox for critical alerts
        send_resolved: true
        headers:
          Subject: '[CRITICAL] Orion: {{ .GroupLabels.alertname }}'

  - name: 'email-warnings'
    email_configs:
      - to: 'admin@wizard.lu'                    # Recipient mailbox for warning alerts
        send_resolved: true
        headers:
          Subject: '[WARNING] Orion: {{ .GroupLabels.alertname }}'

# Inhibition rules — suppress warnings when critical is already firing
inhibit_rules:
  - source_match:
      severity: 'critical'
    target_match:
      severity: 'warning'
    equal: ['alertname', 'instance']