]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { config, pkgs, lib, name, ... }: |
3bc32d9e IB |
2 | let |
3 | myplugins = pkgs.runCommand "buildplugins" { | |
4 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | |
5 | } '' | |
6 | mkdir $out | |
7 | cp ${./plugins}/* $out/ | |
8 | patchShebangs $out | |
9 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
10 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
b11f0e17 | 11 | pkgs.curl pkgs.jq |
3bc32d9e IB |
12 | ]} |
13 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
14 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | |
15 | ]} | |
9f202523 IB |
16 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ |
17 | pkgs.postgresql | |
18 | ]} | |
6015a3b5 IB |
19 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ |
20 | pkgs.gnugrep pkgs.coreutils pkgs.redis | |
21 | ]} | |
22 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | |
23 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | |
24 | ]} | |
16b80abd IB |
25 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ |
26 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | |
27 | ]} | |
3bc32d9e | 28 | ''; |
eb071dd4 IB |
29 | toObjects = pkgs.callPackage ./to_objects.nix {}; |
30 | commonConfig = { | |
31 | eldiron = { | |
32 | processWarn = "250"; processAlert = "400"; | |
33 | loadWarn = "8.0"; loadAlert = "10.0"; | |
34 | }; | |
35 | backup-2 = { | |
36 | processWarn = "50"; processAlert = "60"; | |
37 | loadWarn = "1.0"; loadAlert = "2.0"; | |
38 | }; | |
39 | }; | |
40 | commonObjects = pkgs.callPackage ./objects_common.nix ({ | |
ab8f306d | 41 | hostFQDN = config.hostEnv.FQDN; |
eb071dd4 IB |
42 | sudo = "/run/wrappers/bin/sudo"; |
43 | } // builtins.getAttr name commonConfig); | |
44 | hostObjects = | |
45 | let | |
46 | specific_file = ./. + "/objects_" + name + ".nix"; | |
9f202523 | 47 | in |
16b80abd | 48 | lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file { inherit config; }); |
3bc32d9e IB |
49 | in |
50 | { | |
51 | options = { | |
9f202523 IB |
52 | myServices.monitoring = { |
53 | enable = lib.mkOption { | |
54 | type = lib.types.bool; | |
55 | default = false; | |
56 | description = '' | |
57 | Whether to enable monitoring. | |
58 | ''; | |
59 | }; | |
3bc32d9e IB |
60 | }; |
61 | }; | |
62 | ||
63 | config = lib.mkIf config.myServices.monitoring.enable { | |
d2e703c5 | 64 | services.duplyBackup.profiles.monitoring = { |
6a8252b1 IB |
65 | rootDir = config.services.naemon.varDir; |
66 | }; | |
3bc32d9e IB |
67 | security.sudo.extraRules = [ |
68 | { | |
69 | commands = [ | |
70 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | |
71 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | |
72 | ]; | |
73 | users = [ "naemon" ]; | |
74 | runAs = "root"; | |
75 | } | |
9f202523 IB |
76 | { |
77 | commands = [ | |
9f202523 IB |
78 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } |
79 | ]; | |
80 | users = [ "naemon" ]; | |
16b80abd IB |
81 | runAs = "ALL"; |
82 | } | |
83 | { | |
84 | commands = [ | |
85 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
86 | ]; | |
87 | users = [ "naemon" ]; | |
9f202523 IB |
88 | runAs = "postgres"; |
89 | } | |
90 | { | |
91 | commands = [ | |
6015a3b5 | 92 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } |
9f6a7862 IB |
93 | ]; |
94 | users = [ "naemon" ]; | |
95 | runAs = "mysql"; | |
96 | } | |
6015a3b5 IB |
97 | { |
98 | commands = [ | |
16b80abd | 99 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } |
6015a3b5 IB |
100 | ]; |
101 | users = [ "naemon" ]; | |
16b80abd | 102 | runAs = "openldap"; |
6015a3b5 | 103 | } |
9f6a7862 IB |
104 | { |
105 | commands = [ | |
16b80abd | 106 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } |
9f202523 IB |
107 | ]; |
108 | users = [ "naemon" ]; | |
16b80abd | 109 | runAs = "redis"; |
9f202523 | 110 | } |
3bc32d9e IB |
111 | ]; |
112 | environment.etc."mdadm.conf" = { | |
113 | enable = true; | |
114 | mode = "0644"; | |
115 | user = "root"; | |
ab8f306d | 116 | text = "MAILADDR ${config.myEnv.monitoring.email}"; |
3bc32d9e IB |
117 | }; |
118 | ||
119 | # needed since extraResource is not in the closure | |
120 | systemd.services.naemon.path = [ myplugins ]; | |
121 | services.naemon = { | |
122 | enable = true; | |
123 | extraConfig = '' | |
124 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live | |
125 | use_syslog=1 | |
126 | log_initial_states=1 | |
127 | date_format=iso8601 | |
ab8f306d | 128 | admin_email=${config.myEnv.monitoring.email} |
3bc32d9e IB |
129 | |
130 | obsess_over_services=1 | |
131 | ocsp_command=notify-master | |
132 | ''; | |
133 | extraResource = '' | |
134 | $USER2$=${myplugins} | |
ab8f306d IB |
135 | $USER200$=${config.myEnv.monitoring.status_url} |
136 | $USER201$=${config.myEnv.monitoring.status_token} | |
3bc32d9e | 137 | ''; |
eb071dd4 | 138 | objectDefs = toObjects commonObjects + toObjects hostObjects; |
3bc32d9e IB |
139 | }; |
140 | }; | |
141 | } |