]>
Commit | Line | Data |
---|---|---|
1 | { sudo, pkgs, lib, config }: | |
2 | let | |
3 | cfg = config.myServices.monitoring; | |
4 | in | |
5 | { | |
6 | notify-secondary = { | |
7 | resources = { | |
8 | USER200 = config.myEnv.monitoring.status_url; | |
9 | USER201 = config.myEnv.monitoring.status_token; | |
10 | }; | |
11 | commands = { | |
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | |
13 | }; | |
14 | chunk = '' | |
15 | cp ${./plugins}/send_nrdp.sh $out | |
16 | patchShebangs $out/send_nrdp.sh | |
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | |
18 | pkgs.curl pkgs.jq | |
19 | ]} | |
20 | ''; | |
21 | }; | |
22 | notify-primary = { | |
23 | resources = { | |
24 | USER210 = config.myEnv.monitoring.apprise_urls; | |
25 | }; | |
26 | commands = { | |
27 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
28 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
29 | # $OVE is to force naemon to run via shell instead of execve which fails here | |
30 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | |
31 | notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\""; | |
32 | notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\""; | |
33 | }; | |
34 | chunk = '' | |
35 | cp ${./plugins}/{notify_by_email,notify_by_apprise} $out | |
36 | patchShebangs $out/{notify_by_email,notify_by_apprise} | |
37 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | |
38 | pkgs.mailutils | |
39 | ]} | |
40 | wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [ | |
41 | pkgs.apprise | |
42 | ]} | |
43 | ''; | |
44 | }; | |
45 | bandwidth = { | |
46 | commands = { | |
47 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | |
48 | }; | |
49 | chunk = '' | |
50 | cp ${./plugins}/check_bandwidth $out/ | |
51 | patchShebangs $out/check_bandwidth | |
52 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | |
53 | pkgs.iproute pkgs.bc | |
54 | ]} | |
55 | ''; | |
56 | }; | |
57 | command = { | |
58 | commands = { | |
59 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | |
60 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | |
61 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | |
62 | }; | |
63 | chunk = '' | |
64 | cp ${./plugins}/check_command $out/ | |
65 | patchShebangs $out/check_command | |
66 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | |
67 | ''; | |
68 | }; | |
69 | dns = { | |
70 | commands = { | |
71 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | |
72 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | |
73 | }; | |
74 | }; | |
75 | emails = { | |
76 | resources = { | |
77 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
78 | }; | |
79 | commands = { | |
80 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | |
81 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | |
82 | }; | |
83 | chunk = let | |
84 | send_mails = pkgs.runCommand "send_mails" { | |
85 | buildInputs = [ pkgs.makeWrapper ]; | |
86 | } '' | |
87 | mkdir -p $out/bin | |
88 | cp ${./send_mails} $out/bin/send_mails | |
89 | patchShebangs $out | |
90 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | |
91 | pkgs.mailutils | |
92 | ]} | |
93 | ''; | |
94 | in '' | |
95 | cp ${./plugins}/check_emails $out/ | |
96 | patchShebangs $out/check_emails | |
97 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | |
98 | pkgs.openssh send_mails | |
99 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | |
100 | pkgs.perlPackages.TimeDate | |
101 | ]} | |
102 | ''; | |
103 | }; | |
104 | eriomem = { | |
105 | resources = { | |
106 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | |
107 | }; | |
108 | commands = { | |
109 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | |
110 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | |
111 | }; | |
112 | chunk = '' | |
113 | cp ${./plugins}/check_eriomem $out/ | |
114 | patchShebangs $out/check_eriomem | |
115 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | |
116 | pkgs.s3cmd pkgs.python38 | |
117 | ]} | |
118 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | |
119 | patchShebangs $out/check_backup_eriomem_age | |
120 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | |
121 | pkgs.duplicity | |
122 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | |
123 | ''; | |
124 | }; | |
125 | file_date = { | |
126 | commands = { | |
127 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | |
128 | }; | |
129 | chunk = '' | |
130 | cp ${./plugins}/check_last_file_date $out/ | |
131 | patchShebangs $out/check_last_file_date | |
132 | ''; | |
133 | sudo = myplugins: { | |
134 | commands = [ | |
135 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | |
136 | ]; | |
137 | runAs = "ALL"; | |
138 | }; | |
139 | }; | |
140 | ftp = { | |
141 | commands = { | |
142 | check_ftp_database = "$USER2$/check_ftp_database"; | |
143 | }; | |
144 | chunk = '' | |
145 | cp ${./plugins}/check_ftp_database $out/ | |
146 | patchShebangs $out/check_ftp_database | |
147 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | |
148 | pkgs.lftp | |
149 | ]} | |
150 | ''; | |
151 | }; | |
152 | git = { | |
153 | resources = { | |
154 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | |
155 | }; | |
156 | commands = { | |
157 | check_git = "$USER2$/check_git $USER203$"; | |
158 | }; | |
159 | chunk = '' | |
160 | cp ${./plugins}/check_git $out/ | |
161 | patchShebangs $out/check_git | |
162 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | |
163 | pkgs.git pkgs.openssh | |
164 | ]} | |
165 | ''; | |
166 | }; | |
167 | http = { | |
168 | resources = { | |
169 | USER202 = config.myEnv.monitoring.http_user_password; | |
170 | }; | |
171 | commands = { | |
172 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
173 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
174 | check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
175 | check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
176 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | |
177 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | |
178 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | |
179 | }; | |
180 | }; | |
181 | imap = { | |
182 | resources = { | |
183 | USER204 = config.myEnv.monitoring.imap_login; | |
184 | USER205 = config.myEnv.monitoring.imap_password; | |
185 | }; | |
186 | commands = { | |
187 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | |
188 | }; | |
189 | chunk = '' | |
190 | cp ${./plugins}/check_imap_connection $out/ | |
191 | patchShebangs $out/check_imap_connection | |
192 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | |
193 | pkgs.openssl | |
194 | ]} | |
195 | ''; | |
196 | }; | |
197 | megaraid = let | |
198 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | |
199 | in { | |
200 | commands = { | |
201 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | |
202 | }; | |
203 | chunk = let | |
204 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | |
205 | plugin = pkgs.fetchurl { | |
206 | name = "check_megaraid_sas"; | |
207 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | |
208 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | |
209 | }; | |
210 | } '' | |
211 | mkdir $out | |
212 | cp $plugin $out/check_megaraid_sas | |
213 | chmod +x $out/check_megaraid_sas | |
214 | patchShebangs $out | |
215 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | |
216 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | |
217 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | |
218 | ''; | |
219 | in '' | |
220 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | |
221 | patchShebangs $out/check_megaraid_sas | |
222 | ''; | |
223 | sudo = _: { | |
224 | commands = [ | |
225 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | |
226 | ]; | |
227 | runAs = "root"; | |
228 | }; | |
229 | }; | |
230 | memory = { | |
231 | commands = { | |
232 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | |
233 | }; | |
234 | chunk = '' | |
235 | cp ${./plugins}/check_mem.sh $out/ | |
236 | patchShebangs $out/check_mem.sh | |
237 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | |
238 | pkgs.gnugrep pkgs.gawk pkgs.procps | |
239 | ]} | |
240 | ''; | |
241 | }; | |
242 | mysql = { | |
243 | commands = { | |
244 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | |
245 | }; | |
246 | chunk = '' | |
247 | cp ${./plugins}/check_mysql_replication $out/ | |
248 | patchShebangs $out/check_mysql_replication | |
249 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | |
250 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | |
251 | ]} | |
252 | ''; | |
253 | sudo = myplugins: { | |
254 | commands = [ | |
255 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | |
256 | ]; | |
257 | runAs = "mysql"; | |
258 | }; | |
259 | }; | |
260 | openldap = { | |
261 | commands = { | |
262 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | |
263 | }; | |
264 | chunk = '' | |
265 | cp ${./plugins}/check_openldap_replication $out/ | |
266 | patchShebangs $out/check_openldap_replication | |
267 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | |
268 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | |
269 | ]} | |
270 | ''; | |
271 | sudo = myplugins: { | |
272 | commands = [ | |
273 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | |
274 | ]; | |
275 | runAs = "openldap"; | |
276 | }; | |
277 | }; | |
278 | ovh = { | |
279 | resources = { | |
280 | USER209 = builtins.concatStringsSep "," [ | |
281 | config.myEnv.monitoring.ovh_sms.endpoint | |
282 | config.myEnv.monitoring.ovh_sms.application_key | |
283 | config.myEnv.monitoring.ovh_sms.application_secret | |
284 | config.myEnv.monitoring.ovh_sms.consumer_key | |
285 | config.myEnv.monitoring.ovh_sms.account | |
286 | ]; | |
287 | }; | |
288 | commands = { | |
289 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | |
290 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | |
291 | }; | |
292 | chunk = '' | |
293 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | |
294 | patchShebangs $out/check_backup_ovh_age | |
295 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | |
296 | pkgs.duplicity | |
297 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | |
298 | cp ${./plugins}/check_ovh_sms $out/ | |
299 | patchShebangs $out/check_ovh_sms | |
300 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | |
301 | (pkgs.python38.withPackages (ps: [ps.ovh])) | |
302 | ]} | |
303 | ''; | |
304 | }; | |
305 | postgresql = { | |
306 | commands = { | |
307 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
308 | check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | |
309 | }; | |
310 | chunk = let | |
311 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | |
312 | then config.myServices.databasesReplication.postgresql.mainPackage | |
313 | else if config.myServices.databases.enable | |
314 | then config.myServices.databases.postgresql.package | |
315 | else pkgs.postgresql; | |
316 | in '' | |
317 | cp ${./plugins}/check_postgres_replication $out/ | |
318 | patchShebangs $out/check_postgres_replication | |
319 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | |
320 | postgresqlBinary | |
321 | ]} | |
322 | cp ${./plugins}/check_postgres_database_count $out/ | |
323 | patchShebangs $out/check_postgres_database_count | |
324 | wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [ | |
325 | postgresqlBinary | |
326 | ]} | |
327 | ''; | |
328 | ||
329 | sudo = myplugins: { | |
330 | commands = [ | |
331 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | |
332 | ]; | |
333 | runAs = "postgres"; | |
334 | }; | |
335 | }; | |
336 | redis = { | |
337 | commands = { | |
338 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | |
339 | }; | |
340 | chunk = '' | |
341 | cp ${./plugins}/check_redis_replication $out/ | |
342 | patchShebangs $out/check_redis_replication | |
343 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | |
344 | pkgs.gnugrep pkgs.coreutils pkgs.redis | |
345 | ]} | |
346 | ''; | |
347 | sudo = myplugins: { | |
348 | commands = [ | |
349 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | |
350 | ]; | |
351 | runAs = "redis"; | |
352 | }; | |
353 | }; | |
354 | tcp = { | |
355 | commands = { | |
356 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | |
357 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | |
358 | }; | |
359 | }; | |
360 | zfs = { | |
361 | commands = { | |
362 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | |
363 | check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400"; | |
364 | }; | |
365 | chunk = let | |
366 | zfsPlugin = pkgs.fetchurl { | |
367 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | |
368 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | |
369 | }; | |
370 | in '' | |
371 | cp ${zfsPlugin} $out/check_zpool.sh | |
372 | chmod +x $out/check_zpool.sh | |
373 | patchShebangs $out/check_zpool.sh | |
374 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | |
375 | pkgs.which pkgs.zfs pkgs.gawk | |
376 | ]} | |
377 | cp ${./plugins}/check_zfs_snapshot $out | |
378 | patchShebangs $out/check_zfs_snapshot | |
379 | wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [ | |
380 | pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep | |
381 | ]} | |
382 | ''; | |
383 | }; | |
384 | } |