Migrate the Tails infra monitoring to Prometheus

Reference: TPA-RFC-73: Tails infra merge roadmap - Monitoring

Blocked by:

• TPA-RFC-77: plan Merge of Tails' and Tor's Pupp... (#41948 - closed)

To-do

• add the Prometheus servers to the Tails VPN → puppet-control!204
• add profile::prometheus::node_exporter to all Tails nodes:
  • stone.tails.net (the "masterless" node, can't rely on exported resources for firewalling)
  • Jenkins agents (blocked by prometheus-alerts!91 (merged))
  • all the rest
• remove the feature::prometheus feature-flag
• migrate:
  • OpenPGP keys → tails!2614
  • websites → puppet-control!228, puppet-control!230
  • .onion websites → tpo/tpa/puppet-control!231
  • SMTP
  • .onion SMTP
  • DNS
  • Tails mirrors speeds
  • Tails image download
  • TLS certs
  • APT repos' {packages,references}.db sizes
  • Backups (currently monitored as Systemd services) → #42602 (closed)
  • Broken time-based APT snapshots (see thread, maybe defer to a separate issue)
• retire ecours.tails.net
• configure unattended-upgrades to not send email (see this thread)