]>
Commit | Line | Data |
---|---|---|
acab8301 IB |
1 | { sudo, pkgs, lib, config }: |
2 | let | |
3 | cfg = config.myServices.monitoring; | |
4 | in | |
5 | { | |
6 | notify-secondary = { | |
7 | resources = { | |
8 | USER200 = config.myEnv.monitoring.status_url; | |
9 | USER201 = config.myEnv.monitoring.status_token; | |
10 | }; | |
11 | commands = { | |
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | |
13 | }; | |
14 | chunk = '' | |
15 | cp ${./plugins}/send_nrdp.sh $out | |
16 | patchShebangs $out/send_nrdp.sh | |
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
18 | pkgs.curl pkgs.jq | |
19 | ]} | |
20 | ''; | |
21 | }; | |
22 | notify-primary = { | |
23 | resources = { | |
24 | USER206 = config.myEnv.monitoring.slack_channel; | |
25 | USER207 = config.myEnv.monitoring.slack_url; | |
26 | USER210 = config.myEnv.monitoring.eban.user; | |
27 | USER211 = config.myEnv.monitoring.eban.password; | |
28 | }; | |
29 | commands = { | |
30 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
31 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
32 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
33 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
34 | notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\""; | |
35 | notify-host-eban-url = "STATUS_NAME=\"Server\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" HOSTSTATE=\"$HOSTSTATE$\" $USER2$/notify_eban_url"; | |
36 | notify-service-eban-url = "STATUS_NAME=\"$_SERVICEWEBSTATUS_NAME$\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" SERVICESTATE=\"$SERVICESTATE$\" $USER2$/notify_eban_url"; | |
37 | }; | |
38 | chunk = '' | |
39 | cp ${./plugins}/{notify_by_email,notify_by_slack,notify_eban_url} $out | |
40 | patchShebangs $out/{notify_by_email,notify_by_slack,notify_eban_url} | |
41 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | |
42 | pkgs.mailutils | |
43 | ]} | |
44 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | |
45 | pkgs.curl pkgs.jq | |
46 | ]} | |
47 | wrapProgram $out/notify_eban_url --prefix PATH : ${lib.makeBinPath [ | |
48 | pkgs.curl | |
49 | ]} | |
50 | ''; | |
51 | }; | |
52 | bandwidth = { | |
53 | commands = { | |
54 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | |
55 | }; | |
56 | chunk = '' | |
57 | cp ${./plugins}/check_bandwidth $out/ | |
58 | patchShebangs $out/check_bandwidth | |
59 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | |
60 | pkgs.iproute pkgs.bc | |
61 | ]} | |
62 | ''; | |
63 | }; | |
64 | command = { | |
65 | commands = { | |
66 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | |
67 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | |
68 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | |
69 | }; | |
70 | chunk = '' | |
71 | cp ${./plugins}/check_command $out/ | |
72 | patchShebangs $out/check_command | |
73 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
74 | ''; | |
75 | }; | |
76 | dns = { | |
77 | commands = { | |
78 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | |
79 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | |
80 | }; | |
81 | }; | |
82 | emails = { | |
83 | resources = { | |
84 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
85 | }; | |
86 | commands = { | |
87 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | |
88 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | |
89 | }; | |
90 | chunk = let | |
91 | send_mails = pkgs.runCommand "send_mails" { | |
92 | buildInputs = [ pkgs.makeWrapper ]; | |
93 | } '' | |
94 | mkdir -p $out/bin | |
95 | cp ${./send_mails} $out/bin/send_mails | |
96 | patchShebangs $out | |
97 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | |
98 | pkgs.mailutils | |
99 | ]} | |
100 | ''; | |
101 | in '' | |
102 | cp ${./plugins}/check_emails $out/ | |
103 | patchShebangs $out/check_emails | |
104 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | |
105 | pkgs.openssh send_mails | |
106 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | |
107 | pkgs.perlPackages.TimeDate | |
108 | ]} | |
109 | ''; | |
110 | }; | |
111 | eriomem = { | |
112 | resources = { | |
113 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | |
114 | }; | |
115 | commands = { | |
116 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | |
117 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | |
118 | }; | |
119 | chunk = '' | |
120 | cp ${./plugins}/check_eriomem $out/ | |
121 | patchShebangs $out/check_eriomem | |
122 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | |
123 | pkgs.s3cmd pkgs.python3 | |
124 | ]} | |
125 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | |
126 | patchShebangs $out/check_backup_eriomem_age | |
127 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | |
128 | pkgs.duplicity | |
129 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | |
130 | ''; | |
131 | }; | |
132 | file_date = { | |
133 | commands = { | |
134 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | |
135 | }; | |
136 | chunk = '' | |
137 | cp ${./plugins}/check_last_file_date $out/ | |
138 | patchShebangs $out/check_last_file_date | |
139 | ''; | |
140 | sudo = myplugins: { | |
141 | commands = [ | |
142 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
143 | ]; | |
144 | runAs = "ALL"; | |
145 | }; | |
146 | }; | |
147 | ftp = { | |
148 | commands = { | |
149 | check_ftp_database = "$USER2$/check_ftp_database"; | |
150 | }; | |
151 | chunk = '' | |
152 | cp ${./plugins}/check_ftp_database $out/ | |
153 | patchShebangs $out/check_ftp_database | |
154 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | |
155 | pkgs.lftp | |
156 | ]} | |
157 | ''; | |
158 | }; | |
159 | git = { | |
160 | resources = { | |
161 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
162 | }; | |
163 | commands = { | |
164 | check_git = "$USER2$/check_git $USER203$"; | |
165 | }; | |
166 | chunk = '' | |
167 | cp ${./plugins}/check_git $out/ | |
168 | patchShebangs $out/check_git | |
169 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | |
170 | pkgs.git pkgs.openssh | |
171 | ]} | |
172 | ''; | |
173 | }; | |
174 | http = { | |
175 | resources = { | |
176 | USER202 = config.myEnv.monitoring.http_user_password; | |
177 | }; | |
178 | commands = { | |
179 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
180 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
181 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
182 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | |
183 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | |
184 | }; | |
185 | }; | |
186 | imap = { | |
187 | resources = { | |
188 | USER204 = config.myEnv.monitoring.imap_login; | |
189 | USER205 = config.myEnv.monitoring.imap_password; | |
190 | }; | |
191 | commands = { | |
192 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | |
193 | }; | |
194 | chunk = '' | |
195 | cp ${./plugins}/check_imap_connection $out/ | |
196 | patchShebangs $out/check_imap_connection | |
197 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | |
198 | pkgs.openssl | |
199 | ]} | |
200 | ''; | |
201 | }; | |
202 | megaraid = let | |
203 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | |
204 | in { | |
205 | commands = { | |
206 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | |
207 | }; | |
208 | chunk = let | |
209 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | |
210 | plugin = pkgs.fetchurl { | |
211 | name = "check_megaraid_sas"; | |
212 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | |
213 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | |
214 | }; | |
215 | } '' | |
216 | mkdir $out | |
217 | cp $plugin $out/check_megaraid_sas | |
218 | chmod +x $out/check_megaraid_sas | |
219 | patchShebangs $out | |
220 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | |
221 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | |
222 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | |
223 | ''; | |
224 | in '' | |
225 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | |
226 | patchShebangs $out/check_megaraid_sas | |
227 | ''; | |
228 | sudo = _: { | |
229 | commands = [ | |
230 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | |
231 | ]; | |
232 | runAs = "root"; | |
233 | }; | |
234 | }; | |
235 | memory = { | |
236 | commands = { | |
237 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | |
238 | }; | |
239 | chunk = '' | |
240 | cp ${./plugins}/check_mem.sh $out/ | |
241 | patchShebangs $out/check_mem.sh | |
242 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
243 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | |
244 | ]} | |
245 | ''; | |
246 | }; | |
247 | mysql = { | |
248 | commands = { | |
249 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | |
250 | }; | |
251 | chunk = '' | |
252 | cp ${./plugins}/check_mysql_replication $out/ | |
253 | patchShebangs $out/check_mysql_replication | |
254 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | |
255 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | |
256 | ]} | |
257 | ''; | |
258 | sudo = myplugins: { | |
259 | commands = [ | |
260 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | |
261 | ]; | |
262 | runAs = "mysql"; | |
263 | }; | |
264 | }; | |
265 | openldap = { | |
266 | commands = { | |
267 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | |
268 | }; | |
269 | chunk = '' | |
270 | cp ${./plugins}/check_openldap_replication $out/ | |
271 | patchShebangs $out/check_openldap_replication | |
272 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | |
273 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | |
274 | ]} | |
275 | ''; | |
276 | sudo = myplugins: { | |
277 | commands = [ | |
278 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | |
279 | ]; | |
280 | runAs = "openldap"; | |
281 | }; | |
282 | }; | |
283 | ovh = { | |
284 | resources = { | |
285 | USER209 = builtins.concatStringsSep "," [ | |
286 | config.myEnv.monitoring.ovh_sms.endpoint | |
287 | config.myEnv.monitoring.ovh_sms.application_key | |
288 | config.myEnv.monitoring.ovh_sms.application_secret | |
289 | config.myEnv.monitoring.ovh_sms.consumer_key | |
290 | config.myEnv.monitoring.ovh_sms.account | |
291 | ]; | |
292 | }; | |
293 | commands = { | |
294 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | |
295 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | |
296 | }; | |
297 | chunk = '' | |
298 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | |
299 | patchShebangs $out/check_backup_ovh_age | |
300 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | |
301 | pkgs.duplicity | |
302 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | |
303 | cp ${./plugins}/check_ovh_sms $out/ | |
304 | patchShebangs $out/check_ovh_sms | |
305 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | |
306 | (pkgs.python3.withPackages (ps: [ps.ovh])) | |
307 | ]} | |
308 | ''; | |
309 | }; | |
310 | postgresql = { | |
311 | commands = { | |
312 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
e64a4968 | 313 | check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; |
acab8301 IB |
314 | }; |
315 | chunk = let | |
316 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | |
317 | then config.myServices.databasesReplication.postgresql.mainPackage | |
318 | else if config.myServices.databases.enable | |
319 | then config.myServices.databases.postgresql.package | |
320 | else pkgs.postgresql; | |
321 | in '' | |
322 | cp ${./plugins}/check_postgres_replication $out/ | |
323 | patchShebangs $out/check_postgres_replication | |
324 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | |
325 | postgresqlBinary | |
326 | ]} | |
e64a4968 IB |
327 | cp ${./plugins}/check_postgres_database_count $out/ |
328 | patchShebangs $out/check_postgres_database_count | |
329 | wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [ | |
330 | postgresqlBinary | |
331 | ]} | |
acab8301 IB |
332 | ''; |
333 | ||
334 | sudo = myplugins: { | |
335 | commands = [ | |
336 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
337 | ]; | |
338 | runAs = "postgres"; | |
339 | }; | |
340 | }; | |
341 | redis = { | |
342 | commands = { | |
343 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | |
344 | }; | |
345 | chunk = '' | |
346 | cp ${./plugins}/check_redis_replication $out/ | |
347 | patchShebangs $out/check_redis_replication | |
348 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | |
349 | pkgs.gnugrep pkgs.coreutils pkgs.redis | |
350 | ]} | |
351 | ''; | |
352 | sudo = myplugins: { | |
353 | commands = [ | |
354 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | |
355 | ]; | |
356 | runAs = "redis"; | |
357 | }; | |
358 | }; | |
359 | tcp = { | |
360 | commands = { | |
361 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | |
362 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | |
363 | }; | |
364 | }; | |
365 | zfs = { | |
366 | commands = { | |
367 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | |
f46b2c61 | 368 | check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400"; |
acab8301 IB |
369 | }; |
370 | chunk = let | |
371 | zfsPlugin = pkgs.fetchurl { | |
372 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | |
373 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | |
374 | }; | |
375 | in '' | |
376 | cp ${zfsPlugin} $out/check_zpool.sh | |
377 | chmod +x $out/check_zpool.sh | |
378 | patchShebangs $out/check_zpool.sh | |
379 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | |
380 | pkgs.which pkgs.zfs pkgs.gawk | |
381 | ]} | |
f46b2c61 IB |
382 | cp ${./plugins}/check_zfs_snapshot $out |
383 | patchShebangs $out/check_zfs_snapshot | |
384 | wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [ | |
385 | pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep | |
386 | ]} | |
acab8301 IB |
387 | ''; |
388 | }; | |
389 | } |