]>
Commit | Line | Data |
---|---|---|
1 | { sudo, pkgs, lib, config }: | |
2 | let | |
3 | cfg = config.myServices.monitoring; | |
4 | in | |
5 | { | |
6 | notify-secondary = { | |
7 | resources = { | |
8 | USER200 = config.myEnv.monitoring.status_url; | |
9 | USER201 = config.myEnv.monitoring.status_token; | |
10 | }; | |
11 | commands = { | |
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | |
13 | }; | |
14 | chunk = '' | |
15 | cp ${./plugins}/send_nrdp.sh $out | |
16 | patchShebangs $out/send_nrdp.sh | |
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
18 | pkgs.curl pkgs.jq | |
19 | ]} | |
20 | ''; | |
21 | }; | |
22 | notify-primary = { | |
23 | resources = { | |
24 | USER210 = config.myEnv.monitoring.apprise_urls; | |
25 | }; | |
26 | commands = { | |
27 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
28 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
29 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
30 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
31 | notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\""; | |
32 | notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\""; | |
33 | }; | |
34 | chunk = '' | |
35 | cp ${./plugins}/{notify_by_email,notify_by_apprise} $out | |
36 | patchShebangs $out/{notify_by_email,notify_by_apprise} | |
37 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | |
38 | pkgs.mailutils | |
39 | ]} | |
40 | wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [ | |
41 | pkgs.apprise | |
42 | ]} | |
43 | ''; | |
44 | }; | |
45 | bandwidth = { | |
46 | commands = { | |
47 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | |
48 | }; | |
49 | chunk = '' | |
50 | cp ${./plugins}/check_bandwidth $out/ | |
51 | patchShebangs $out/check_bandwidth | |
52 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | |
53 | pkgs.iproute pkgs.bc | |
54 | ]} | |
55 | ''; | |
56 | }; | |
57 | command = { | |
58 | commands = { | |
59 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | |
60 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | |
61 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | |
62 | }; | |
63 | chunk = '' | |
64 | cp ${./plugins}/check_command $out/ | |
65 | patchShebangs $out/check_command | |
66 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
67 | ''; | |
68 | }; | |
69 | dns = { | |
70 | commands = { | |
71 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | |
72 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | |
73 | }; | |
74 | }; | |
75 | mdadm = { | |
76 | commands = { | |
77 | check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root"; | |
78 | }; | |
79 | sudo = _: { | |
80 | commands = [ | |
81 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | |
82 | ]; | |
83 | runAs = "root"; | |
84 | }; | |
85 | }; | |
86 | postfix = { | |
87 | commands = { | |
88 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; | |
89 | }; | |
90 | sudo = _: { | |
91 | commands = [ | |
92 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | |
93 | ]; | |
94 | runAs = "root"; | |
95 | }; | |
96 | }; | |
97 | emails = { | |
98 | resources = { | |
99 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
100 | }; | |
101 | commands = { | |
102 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | |
103 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | |
104 | }; | |
105 | chunk = let | |
106 | send_mails = pkgs.runCommand "send_mails" { | |
107 | buildInputs = [ pkgs.makeWrapper ]; | |
108 | } '' | |
109 | mkdir -p $out/bin | |
110 | cp ${./send_mails} $out/bin/send_mails | |
111 | patchShebangs $out | |
112 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | |
113 | pkgs.mailutils | |
114 | ]} | |
115 | ''; | |
116 | in '' | |
117 | cp ${./plugins}/check_emails $out/ | |
118 | patchShebangs $out/check_emails | |
119 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | |
120 | pkgs.openssh send_mails | |
121 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | |
122 | pkgs.perlPackages.TimeDate | |
123 | ]} | |
124 | ''; | |
125 | }; | |
126 | eriomem = { | |
127 | resources = { | |
128 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | |
129 | }; | |
130 | commands = { | |
131 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | |
132 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | |
133 | }; | |
134 | chunk = '' | |
135 | cp ${./plugins}/check_eriomem $out/ | |
136 | patchShebangs $out/check_eriomem | |
137 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | |
138 | pkgs.s3cmd pkgs.python38 | |
139 | ]} | |
140 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | |
141 | patchShebangs $out/check_backup_eriomem_age | |
142 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | |
143 | pkgs.duplicity | |
144 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | |
145 | ''; | |
146 | }; | |
147 | file_date = { | |
148 | commands = { | |
149 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | |
150 | }; | |
151 | chunk = '' | |
152 | cp ${./plugins}/check_last_file_date $out/ | |
153 | patchShebangs $out/check_last_file_date | |
154 | ''; | |
155 | sudo = myplugins: { | |
156 | commands = [ | |
157 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
158 | ]; | |
159 | runAs = "ALL"; | |
160 | }; | |
161 | }; | |
162 | ftp = { | |
163 | commands = { | |
164 | check_ftp_database = "$USER2$/check_ftp_database"; | |
165 | }; | |
166 | chunk = '' | |
167 | cp ${./plugins}/check_ftp_database $out/ | |
168 | patchShebangs $out/check_ftp_database | |
169 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | |
170 | pkgs.lftp | |
171 | ]} | |
172 | ''; | |
173 | }; | |
174 | git = { | |
175 | resources = { | |
176 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
177 | }; | |
178 | commands = { | |
179 | check_git = "$USER2$/check_git $USER203$"; | |
180 | }; | |
181 | chunk = '' | |
182 | cp ${./plugins}/check_git $out/ | |
183 | patchShebangs $out/check_git | |
184 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | |
185 | pkgs.git pkgs.openssh | |
186 | ]} | |
187 | ''; | |
188 | }; | |
189 | http = { | |
190 | resources = { | |
191 | USER202 = config.myEnv.monitoring.http_user_password; | |
192 | }; | |
193 | commands = { | |
194 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
195 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
196 | check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
197 | check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
198 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
199 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | |
200 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | |
201 | }; | |
202 | }; | |
203 | imap = { | |
204 | resources = { | |
205 | USER204 = config.myEnv.monitoring.imap_login; | |
206 | USER205 = config.myEnv.monitoring.imap_password; | |
207 | }; | |
208 | commands = { | |
209 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | |
210 | }; | |
211 | chunk = '' | |
212 | cp ${./plugins}/check_imap_connection $out/ | |
213 | patchShebangs $out/check_imap_connection | |
214 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | |
215 | pkgs.openssl | |
216 | ]} | |
217 | ''; | |
218 | }; | |
219 | megaraid = let | |
220 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | |
221 | in { | |
222 | commands = { | |
223 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | |
224 | }; | |
225 | chunk = let | |
226 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | |
227 | plugin = pkgs.fetchurl { | |
228 | name = "check_megaraid_sas"; | |
229 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | |
230 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | |
231 | }; | |
232 | } '' | |
233 | mkdir $out | |
234 | cp $plugin $out/check_megaraid_sas | |
235 | chmod +x $out/check_megaraid_sas | |
236 | patchShebangs $out | |
237 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | |
238 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | |
239 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | |
240 | ''; | |
241 | in '' | |
242 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | |
243 | patchShebangs $out/check_megaraid_sas | |
244 | ''; | |
245 | sudo = _: { | |
246 | commands = [ | |
247 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | |
248 | ]; | |
249 | runAs = "root"; | |
250 | }; | |
251 | }; | |
252 | memory = { | |
253 | commands = { | |
254 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | |
255 | }; | |
256 | chunk = '' | |
257 | cp ${./plugins}/check_mem.sh $out/ | |
258 | patchShebangs $out/check_mem.sh | |
259 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
260 | pkgs.gnugrep pkgs.gawk pkgs.procps | |
261 | ]} | |
262 | ''; | |
263 | }; | |
264 | mysql = { | |
265 | commands = { | |
266 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | |
267 | }; | |
268 | chunk = '' | |
269 | cp ${./plugins}/check_mysql_replication $out/ | |
270 | patchShebangs $out/check_mysql_replication | |
271 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | |
272 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | |
273 | ]} | |
274 | ''; | |
275 | sudo = myplugins: { | |
276 | commands = [ | |
277 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | |
278 | ]; | |
279 | runAs = "mysql"; | |
280 | }; | |
281 | }; | |
282 | openldap = { | |
283 | commands = { | |
284 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | |
285 | }; | |
286 | chunk = '' | |
287 | cp ${./plugins}/check_openldap_replication $out/ | |
288 | patchShebangs $out/check_openldap_replication | |
289 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | |
290 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | |
291 | ]} | |
292 | ''; | |
293 | sudo = myplugins: { | |
294 | commands = [ | |
295 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | |
296 | ]; | |
297 | runAs = "openldap"; | |
298 | }; | |
299 | }; | |
300 | ovh = { | |
301 | resources = { | |
302 | USER209 = builtins.concatStringsSep "," [ | |
303 | config.myEnv.monitoring.ovh_sms.endpoint | |
304 | config.myEnv.monitoring.ovh_sms.application_key | |
305 | config.myEnv.monitoring.ovh_sms.application_secret | |
306 | config.myEnv.monitoring.ovh_sms.consumer_key | |
307 | config.myEnv.monitoring.ovh_sms.account | |
308 | ]; | |
309 | }; | |
310 | commands = { | |
311 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | |
312 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | |
313 | }; | |
314 | chunk = '' | |
315 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | |
316 | patchShebangs $out/check_backup_ovh_age | |
317 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | |
318 | pkgs.duplicity | |
319 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | |
320 | cp ${./plugins}/check_ovh_sms $out/ | |
321 | patchShebangs $out/check_ovh_sms | |
322 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | |
323 | (pkgs.python38.withPackages (ps: [ps.ovh])) | |
324 | ]} | |
325 | ''; | |
326 | }; | |
327 | postgresql = { package }: { | |
328 | commands = { | |
329 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
330 | check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
331 | }; | |
332 | chunk = '' | |
333 | cp ${./plugins}/check_postgres_replication $out/ | |
334 | patchShebangs $out/check_postgres_replication | |
335 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | |
336 | package | |
337 | ]} | |
338 | cp ${./plugins}/check_postgres_database_count $out/ | |
339 | patchShebangs $out/check_postgres_database_count | |
340 | wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [ | |
341 | package | |
342 | ]} | |
343 | ''; | |
344 | ||
345 | sudo = myplugins: { | |
346 | commands = [ | |
347 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
348 | ]; | |
349 | runAs = "postgres"; | |
350 | }; | |
351 | }; | |
352 | redis = { | |
353 | commands = { | |
354 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | |
355 | }; | |
356 | chunk = '' | |
357 | cp ${./plugins}/check_redis_replication $out/ | |
358 | patchShebangs $out/check_redis_replication | |
359 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | |
360 | pkgs.gnugrep pkgs.coreutils pkgs.redis | |
361 | ]} | |
362 | ''; | |
363 | sudo = myplugins: { | |
364 | commands = [ | |
365 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | |
366 | ]; | |
367 | runAs = "redis"; | |
368 | }; | |
369 | }; | |
370 | tcp = { | |
371 | commands = { | |
372 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | |
373 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | |
374 | }; | |
375 | }; | |
376 | zfs = { | |
377 | commands = { | |
378 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | |
379 | check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400"; | |
380 | }; | |
381 | chunk = let | |
382 | zfsPlugin = pkgs.fetchurl { | |
383 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | |
384 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | |
385 | }; | |
386 | in '' | |
387 | cp ${zfsPlugin} $out/check_zpool.sh | |
388 | chmod +x $out/check_zpool.sh | |
389 | patchShebangs $out/check_zpool.sh | |
390 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | |
391 | pkgs.which pkgs.zfs pkgs.gawk | |
392 | ]} | |
393 | cp ${./plugins}/check_zfs_snapshot $out | |
394 | patchShebangs $out/check_zfs_snapshot | |
395 | wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [ | |
396 | pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep | |
397 | ]} | |
398 | ''; | |
399 | }; | |
400 | } |