]>
Commit | Line | Data |
---|---|---|
1 | { config, myconfig, pkgs, lib, name, hostFQDN, ... }: | |
2 | let | |
3 | myplugins = pkgs.runCommand "buildplugins" { | |
4 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | |
5 | } '' | |
6 | mkdir $out | |
7 | cp ${./plugins}/* $out/ | |
8 | patchShebangs $out | |
9 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
10 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
11 | pkgs.curl pkgs.jq | |
12 | ]} | |
13 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
14 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | |
15 | ]} | |
16 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | |
17 | pkgs.postgresql | |
18 | ]} | |
19 | ''; | |
20 | defaultObjects = | |
21 | let specific_file = ./conf + "/specific_" + name + ".cfg"; | |
22 | in | |
23 | builtins.readFile ./conf/local_services.cfg | |
24 | + builtins.readFile ./conf/timeperiods.cfg | |
25 | + builtins.readFile ./conf/services.cfg | |
26 | + builtins.readFile ./conf/contacts.cfg | |
27 | + builtins.readFile ./conf/hosts.cfg | |
28 | + '' | |
29 | define command { | |
30 | command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$" | |
31 | command_name notify-master | |
32 | } | |
33 | define service { | |
34 | service_description No mdadm array is degraded | |
35 | use local-service | |
36 | check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root | |
37 | } | |
38 | ||
39 | define service { | |
40 | name local-service | |
41 | use generic-service | |
42 | host_name ${hostFQDN} | |
43 | check_interval 5 | |
44 | max_check_attempts 4 | |
45 | register 0 | |
46 | retry_interval 1 | |
47 | } | |
48 | define host { | |
49 | host_name ${hostFQDN} | |
50 | alias ${hostFQDN} | |
51 | address ${hostFQDN} | |
52 | use linux-server | |
53 | } | |
54 | '' | |
55 | + lib.strings.optionalString (builtins.pathExists specific_file) (builtins.readFile specific_file); | |
56 | in | |
57 | { | |
58 | options = { | |
59 | myServices.monitoring = { | |
60 | enable = lib.mkOption { | |
61 | type = lib.types.bool; | |
62 | default = false; | |
63 | description = '' | |
64 | Whether to enable monitoring. | |
65 | ''; | |
66 | }; | |
67 | }; | |
68 | }; | |
69 | ||
70 | config = lib.mkIf config.myServices.monitoring.enable { | |
71 | services.duplyBackup.profiles.monitoring = { | |
72 | rootDir = config.services.naemon.varDir; | |
73 | }; | |
74 | security.sudo.extraRules = [ | |
75 | { | |
76 | commands = [ | |
77 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | |
78 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | |
79 | ]; | |
80 | users = [ "naemon" ]; | |
81 | runAs = "root"; | |
82 | } | |
83 | { | |
84 | commands = [ | |
85 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
86 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
87 | ]; | |
88 | users = [ "naemon" ]; | |
89 | runAs = "postgres"; | |
90 | } | |
91 | { | |
92 | commands = [ | |
93 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
94 | ]; | |
95 | users = [ "naemon" ]; | |
96 | runAs = "backup"; | |
97 | } | |
98 | ]; | |
99 | environment.etc."mdadm.conf" = { | |
100 | enable = true; | |
101 | mode = "0644"; | |
102 | user = "root"; | |
103 | text = "MAILADDR ${myconfig.env.monitoring.email}"; | |
104 | }; | |
105 | ||
106 | # needed since extraResource is not in the closure | |
107 | systemd.services.naemon.path = [ myplugins ]; | |
108 | services.naemon = { | |
109 | enable = true; | |
110 | extraConfig = '' | |
111 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live | |
112 | use_syslog=1 | |
113 | log_initial_states=1 | |
114 | date_format=iso8601 | |
115 | admin_email=${myconfig.env.monitoring.email} | |
116 | ||
117 | obsess_over_services=1 | |
118 | ocsp_command=notify-master | |
119 | ''; | |
120 | extraResource = '' | |
121 | $USER2$=${myplugins} | |
122 | $USER200$=${myconfig.env.monitoring.status_url} | |
123 | $USER201$=${myconfig.env.monitoring.status_token} | |
124 | ''; | |
125 | objectDefs = defaultObjects; | |
126 | }; | |
127 | }; | |
128 | } |