]>
Commit | Line | Data |
---|---|---|
acab8301 IB |
1 | { sudo, pkgs, lib, config }: |
2 | let | |
3 | cfg = config.myServices.monitoring; | |
4 | in | |
5 | { | |
6 | notify-secondary = { | |
7 | resources = { | |
8 | USER200 = config.myEnv.monitoring.status_url; | |
9 | USER201 = config.myEnv.monitoring.status_token; | |
10 | }; | |
11 | commands = { | |
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | |
13 | }; | |
14 | chunk = '' | |
15 | cp ${./plugins}/send_nrdp.sh $out | |
16 | patchShebangs $out/send_nrdp.sh | |
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
18 | pkgs.curl pkgs.jq | |
19 | ]} | |
20 | ''; | |
21 | }; | |
22 | notify-primary = { | |
23 | resources = { | |
24 | USER206 = config.myEnv.monitoring.slack_channel; | |
25 | USER207 = config.myEnv.monitoring.slack_url; | |
acab8301 IB |
26 | }; |
27 | commands = { | |
28 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
29 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
30 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
31 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
32 | notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\""; | |
acab8301 IB |
33 | }; |
34 | chunk = '' | |
1d6cac04 IB |
35 | cp ${./plugins}/{notify_by_email,notify_by_slack} $out |
36 | patchShebangs $out/{notify_by_email,notify_by_slack} | |
acab8301 IB |
37 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ |
38 | pkgs.mailutils | |
39 | ]} | |
40 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | |
41 | pkgs.curl pkgs.jq | |
42 | ]} | |
acab8301 IB |
43 | ''; |
44 | }; | |
45 | bandwidth = { | |
46 | commands = { | |
47 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | |
48 | }; | |
49 | chunk = '' | |
50 | cp ${./plugins}/check_bandwidth $out/ | |
51 | patchShebangs $out/check_bandwidth | |
52 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | |
53 | pkgs.iproute pkgs.bc | |
54 | ]} | |
55 | ''; | |
56 | }; | |
57 | command = { | |
58 | commands = { | |
59 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | |
60 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | |
61 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | |
62 | }; | |
63 | chunk = '' | |
64 | cp ${./plugins}/check_command $out/ | |
65 | patchShebangs $out/check_command | |
66 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
67 | ''; | |
68 | }; | |
69 | dns = { | |
70 | commands = { | |
71 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | |
72 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | |
73 | }; | |
74 | }; | |
75 | emails = { | |
76 | resources = { | |
77 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
78 | }; | |
79 | commands = { | |
80 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | |
81 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | |
82 | }; | |
83 | chunk = let | |
84 | send_mails = pkgs.runCommand "send_mails" { | |
85 | buildInputs = [ pkgs.makeWrapper ]; | |
86 | } '' | |
87 | mkdir -p $out/bin | |
88 | cp ${./send_mails} $out/bin/send_mails | |
89 | patchShebangs $out | |
90 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | |
91 | pkgs.mailutils | |
92 | ]} | |
93 | ''; | |
94 | in '' | |
95 | cp ${./plugins}/check_emails $out/ | |
96 | patchShebangs $out/check_emails | |
97 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | |
98 | pkgs.openssh send_mails | |
99 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | |
100 | pkgs.perlPackages.TimeDate | |
101 | ]} | |
102 | ''; | |
103 | }; | |
104 | eriomem = { | |
105 | resources = { | |
106 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | |
107 | }; | |
108 | commands = { | |
109 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | |
110 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | |
111 | }; | |
112 | chunk = '' | |
113 | cp ${./plugins}/check_eriomem $out/ | |
114 | patchShebangs $out/check_eriomem | |
115 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | |
116 | pkgs.s3cmd pkgs.python3 | |
117 | ]} | |
118 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | |
119 | patchShebangs $out/check_backup_eriomem_age | |
120 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | |
121 | pkgs.duplicity | |
122 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | |
123 | ''; | |
124 | }; | |
125 | file_date = { | |
126 | commands = { | |
127 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | |
128 | }; | |
129 | chunk = '' | |
130 | cp ${./plugins}/check_last_file_date $out/ | |
131 | patchShebangs $out/check_last_file_date | |
132 | ''; | |
133 | sudo = myplugins: { | |
134 | commands = [ | |
135 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
136 | ]; | |
137 | runAs = "ALL"; | |
138 | }; | |
139 | }; | |
140 | ftp = { | |
141 | commands = { | |
142 | check_ftp_database = "$USER2$/check_ftp_database"; | |
143 | }; | |
144 | chunk = '' | |
145 | cp ${./plugins}/check_ftp_database $out/ | |
146 | patchShebangs $out/check_ftp_database | |
147 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | |
148 | pkgs.lftp | |
149 | ]} | |
150 | ''; | |
151 | }; | |
152 | git = { | |
153 | resources = { | |
154 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
155 | }; | |
156 | commands = { | |
157 | check_git = "$USER2$/check_git $USER203$"; | |
158 | }; | |
159 | chunk = '' | |
160 | cp ${./plugins}/check_git $out/ | |
161 | patchShebangs $out/check_git | |
162 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | |
163 | pkgs.git pkgs.openssh | |
164 | ]} | |
165 | ''; | |
166 | }; | |
167 | http = { | |
168 | resources = { | |
169 | USER202 = config.myEnv.monitoring.http_user_password; | |
170 | }; | |
171 | commands = { | |
172 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
173 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
174 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
175 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | |
176 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | |
177 | }; | |
178 | }; | |
179 | imap = { | |
180 | resources = { | |
181 | USER204 = config.myEnv.monitoring.imap_login; | |
182 | USER205 = config.myEnv.monitoring.imap_password; | |
183 | }; | |
184 | commands = { | |
185 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | |
186 | }; | |
187 | chunk = '' | |
188 | cp ${./plugins}/check_imap_connection $out/ | |
189 | patchShebangs $out/check_imap_connection | |
190 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | |
191 | pkgs.openssl | |
192 | ]} | |
193 | ''; | |
194 | }; | |
195 | megaraid = let | |
196 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | |
197 | in { | |
198 | commands = { | |
199 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | |
200 | }; | |
201 | chunk = let | |
202 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | |
203 | plugin = pkgs.fetchurl { | |
204 | name = "check_megaraid_sas"; | |
205 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | |
206 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | |
207 | }; | |
208 | } '' | |
209 | mkdir $out | |
210 | cp $plugin $out/check_megaraid_sas | |
211 | chmod +x $out/check_megaraid_sas | |
212 | patchShebangs $out | |
213 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | |
214 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | |
215 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | |
216 | ''; | |
217 | in '' | |
218 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | |
219 | patchShebangs $out/check_megaraid_sas | |
220 | ''; | |
221 | sudo = _: { | |
222 | commands = [ | |
223 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | |
224 | ]; | |
225 | runAs = "root"; | |
226 | }; | |
227 | }; | |
228 | memory = { | |
229 | commands = { | |
230 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | |
231 | }; | |
232 | chunk = '' | |
233 | cp ${./plugins}/check_mem.sh $out/ | |
234 | patchShebangs $out/check_mem.sh | |
235 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
236 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | |
237 | ]} | |
238 | ''; | |
239 | }; | |
240 | mysql = { | |
241 | commands = { | |
242 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | |
243 | }; | |
244 | chunk = '' | |
245 | cp ${./plugins}/check_mysql_replication $out/ | |
246 | patchShebangs $out/check_mysql_replication | |
247 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | |
248 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | |
249 | ]} | |
250 | ''; | |
251 | sudo = myplugins: { | |
252 | commands = [ | |
253 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | |
254 | ]; | |
255 | runAs = "mysql"; | |
256 | }; | |
257 | }; | |
258 | openldap = { | |
259 | commands = { | |
260 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | |
261 | }; | |
262 | chunk = '' | |
263 | cp ${./plugins}/check_openldap_replication $out/ | |
264 | patchShebangs $out/check_openldap_replication | |
265 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | |
266 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | |
267 | ]} | |
268 | ''; | |
269 | sudo = myplugins: { | |
270 | commands = [ | |
271 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | |
272 | ]; | |
273 | runAs = "openldap"; | |
274 | }; | |
275 | }; | |
276 | ovh = { | |
277 | resources = { | |
278 | USER209 = builtins.concatStringsSep "," [ | |
279 | config.myEnv.monitoring.ovh_sms.endpoint | |
280 | config.myEnv.monitoring.ovh_sms.application_key | |
281 | config.myEnv.monitoring.ovh_sms.application_secret | |
282 | config.myEnv.monitoring.ovh_sms.consumer_key | |
283 | config.myEnv.monitoring.ovh_sms.account | |
284 | ]; | |
285 | }; | |
286 | commands = { | |
287 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | |
288 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | |
289 | }; | |
290 | chunk = '' | |
291 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | |
292 | patchShebangs $out/check_backup_ovh_age | |
293 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | |
294 | pkgs.duplicity | |
295 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | |
296 | cp ${./plugins}/check_ovh_sms $out/ | |
297 | patchShebangs $out/check_ovh_sms | |
298 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | |
299 | (pkgs.python3.withPackages (ps: [ps.ovh])) | |
300 | ]} | |
301 | ''; | |
302 | }; | |
303 | postgresql = { | |
304 | commands = { | |
305 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
e64a4968 | 306 | check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; |
acab8301 IB |
307 | }; |
308 | chunk = let | |
309 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | |
310 | then config.myServices.databasesReplication.postgresql.mainPackage | |
311 | else if config.myServices.databases.enable | |
312 | then config.myServices.databases.postgresql.package | |
313 | else pkgs.postgresql; | |
314 | in '' | |
315 | cp ${./plugins}/check_postgres_replication $out/ | |
316 | patchShebangs $out/check_postgres_replication | |
317 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | |
318 | postgresqlBinary | |
319 | ]} | |
e64a4968 IB |
320 | cp ${./plugins}/check_postgres_database_count $out/ |
321 | patchShebangs $out/check_postgres_database_count | |
322 | wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [ | |
323 | postgresqlBinary | |
324 | ]} | |
acab8301 IB |
325 | ''; |
326 | ||
327 | sudo = myplugins: { | |
328 | commands = [ | |
329 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
330 | ]; | |
331 | runAs = "postgres"; | |
332 | }; | |
333 | }; | |
334 | redis = { | |
335 | commands = { | |
336 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | |
337 | }; | |
338 | chunk = '' | |
339 | cp ${./plugins}/check_redis_replication $out/ | |
340 | patchShebangs $out/check_redis_replication | |
341 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | |
342 | pkgs.gnugrep pkgs.coreutils pkgs.redis | |
343 | ]} | |
344 | ''; | |
345 | sudo = myplugins: { | |
346 | commands = [ | |
347 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | |
348 | ]; | |
349 | runAs = "redis"; | |
350 | }; | |
351 | }; | |
352 | tcp = { | |
353 | commands = { | |
354 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | |
355 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | |
356 | }; | |
357 | }; | |
358 | zfs = { | |
359 | commands = { | |
360 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | |
f46b2c61 | 361 | check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400"; |
acab8301 IB |
362 | }; |
363 | chunk = let | |
364 | zfsPlugin = pkgs.fetchurl { | |
365 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | |
366 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | |
367 | }; | |
368 | in '' | |
369 | cp ${zfsPlugin} $out/check_zpool.sh | |
370 | chmod +x $out/check_zpool.sh | |
371 | patchShebangs $out/check_zpool.sh | |
372 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | |
373 | pkgs.which pkgs.zfs pkgs.gawk | |
374 | ]} | |
f46b2c61 IB |
375 | cp ${./plugins}/check_zfs_snapshot $out |
376 | patchShebangs $out/check_zfs_snapshot | |
377 | wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [ | |
378 | pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep | |
379 | ]} | |
acab8301 IB |
380 | ''; |
381 | }; | |
382 | } |