global: smtp_smarthost: 'localhost:587' smtp_from: 'alerts@homeaudit.local' smtp_auth_username: 'alerts@homeaudit.local' smtp_auth_password: 'your_email_password' route: group_by: ['alertname', 'cluster', 'service'] group_wait: 10s group_interval: 10s repeat_interval: 1h receiver: 'default' routes: - match: severity: critical receiver: 'critical-alerts' group_wait: 0s group_interval: 5m repeat_interval: 30m - match: alertname: TraefikAuthenticationCompromiseAttempt receiver: 'security-alerts' group_wait: 0s repeat_interval: 15m receivers: - name: 'default' email_configs: - to: 'admin@homeaudit.local' subject: '[MONITORING] {{ .GroupLabels.alertname }}' body: | {{ range .Alerts }} Alert: {{ .Annotations.summary }} Description: {{ .Annotations.description }} Severity: {{ .Labels.severity }} Instance: {{ .Labels.instance }} {{ end }} - name: 'critical-alerts' email_configs: - to: 'admin@homeaudit.local' subject: '[CRITICAL] {{ .GroupLabels.alertname }}' body: | 🚨 CRITICAL ALERT 🚨 {{ range .Alerts }} Alert: {{ .Annotations.summary }} Description: {{ .Annotations.description }} Instance: {{ .Labels.instance }} Time: {{ .StartsAt }} {{ end }} - name: 'security-alerts' email_configs: - to: 'security@homeaudit.local' subject: '[SECURITY ALERT] Possible Authentication Attack' body: | 🔒 SECURITY ALERT 🔒 Possible brute force or credential stuffing attack detected! {{ range .Alerts }} Description: {{ .Annotations.description }} Service: {{ .Labels.service }} Instance: {{ .Labels.instance }} Time: {{ .StartsAt }} {{ end }} Immediate action may be required to block attacking IPs. inhibit_rules: - source_match: severity: 'critical' target_match: severity: 'warning' equal: ['alertname', 'cluster', 'service']