1 { sudo, pkgs, lib, config }:
3 cfg = config.myServices.monitoring;
8 USER200 = config.myEnv.monitoring.status_url;
9 USER201 = config.myEnv.monitoring.status_token;
12 notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
15 cp ${./plugins}/send_nrdp.sh $out
16 patchShebangs $out/send_nrdp.sh
17 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
24 USER210 = config.myEnv.monitoring.apprise_urls;
27 # $OVE is to force naemon to run via shell instead of execve which fails here
28 notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
29 # $OVE is to force naemon to run via shell instead of execve which fails here
30 notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
31 notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\"";
32 notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\"";
35 cp ${./plugins}/{notify_by_email,notify_by_apprise} $out
36 patchShebangs $out/{notify_by_email,notify_by_apprise}
37 wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
40 wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [
47 check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
50 cp ${./plugins}/check_bandwidth $out/
51 patchShebangs $out/check_bandwidth
52 wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
59 check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
60 check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
61 check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
64 cp ${./plugins}/check_command $out/
65 patchShebangs $out/check_command
66 wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
71 check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
72 check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
77 check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root";
81 { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
88 check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
92 { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
99 USER203 = config.secrets.fullPaths."naemon/id_rsa";
102 check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
103 check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
106 send_mails = pkgs.runCommand "send_mails" {
107 buildInputs = [ pkgs.makeWrapper ];
110 cp ${./send_mails} $out/bin/send_mails
112 wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [
117 cp ${./plugins}/check_emails $out/
118 patchShebangs $out/check_emails
119 wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [
120 pkgs.openssh send_mails
121 ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
122 pkgs.perlPackages.TimeDate
128 USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys);
131 check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
132 check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
135 cp ${./plugins}/check_eriomem $out/
136 patchShebangs $out/check_eriomem
137 wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
138 pkgs.s3cmd pkgs.python38
140 cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age
141 patchShebangs $out/check_backup_eriomem_age
142 wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
144 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
149 check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
152 cp ${./plugins}/check_last_file_date $out/
153 patchShebangs $out/check_last_file_date
157 { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
164 check_ftp_database = "$USER2$/check_ftp_database";
167 cp ${./plugins}/check_ftp_database $out/
168 patchShebangs $out/check_ftp_database
169 wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
176 USER203 = config.secrets.fullPaths."naemon/id_rsa";
179 check_git = "$USER2$/check_git $USER203$";
182 cp ${./plugins}/check_git $out/
183 patchShebangs $out/check_git
184 wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
185 pkgs.git pkgs.openssh
191 USER202 = config.myEnv.monitoring.http_user_password;
194 check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
195 check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
196 check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
197 check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
198 check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
199 check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
200 check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
205 USER204 = config.myEnv.monitoring.imap_login;
206 USER205 = config.myEnv.monitoring.imap_password;
209 check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
212 cp ${./plugins}/check_imap_connection $out/
213 patchShebangs $out/check_imap_connection
214 wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
220 megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; });
223 check_megaraid = "$USER2$/check_megaraid_sas --sudo";
226 megaCliPlugin = pkgs.runCommand "megaCliPlugin" {
227 plugin = pkgs.fetchurl {
228 name = "check_megaraid_sas";
229 url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24";
230 sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p";
234 cp $plugin $out/check_megaraid_sas
235 chmod +x $out/check_megaraid_sas
237 substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64
238 substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli'
239 sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas
242 cp ${megaCliPlugin}/check_megaraid_sas $out/
243 patchShebangs $out/check_megaraid_sas
247 { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; }
254 check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
257 cp ${./plugins}/check_mem.sh $out/
258 patchShebangs $out/check_mem.sh
259 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
260 pkgs.gnugrep pkgs.gawk pkgs.procps
266 check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
269 cp ${./plugins}/check_mysql_replication $out/
270 patchShebangs $out/check_mysql_replication
271 wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
272 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
277 { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
284 check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
287 cp ${./plugins}/check_openldap_replication $out/
288 patchShebangs $out/check_openldap_replication
289 wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
290 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
295 { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
302 USER209 = builtins.concatStringsSep "," [
303 config.myEnv.monitoring.ovh_sms.endpoint
304 config.myEnv.monitoring.ovh_sms.application_key
305 config.myEnv.monitoring.ovh_sms.application_secret
306 config.myEnv.monitoring.ovh_sms.consumer_key
307 config.myEnv.monitoring.ovh_sms.account
311 check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
312 check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
315 cp ${./plugins}/check_backup_age $out/check_backup_ovh_age
316 patchShebangs $out/check_backup_ovh_age
317 wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
319 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
320 cp ${./plugins}/check_ovh_sms $out/
321 patchShebangs $out/check_ovh_sms
322 wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
323 (pkgs.python38.withPackages (ps: [ps.ovh]))
327 postgresql = { package }: {
329 check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
330 check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
333 cp ${./plugins}/check_postgres_replication $out/
334 patchShebangs $out/check_postgres_replication
335 wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
338 cp ${./plugins}/check_postgres_database_count $out/
339 patchShebangs $out/check_postgres_database_count
340 wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [
347 { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
354 check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
357 cp ${./plugins}/check_redis_replication $out/
358 patchShebangs $out/check_redis_replication
359 wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
360 pkgs.gnugrep pkgs.coreutils pkgs.redis
365 { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
372 check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
373 check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
378 check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90";
379 check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400";
382 zfsPlugin = pkgs.fetchurl {
383 url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh";
384 sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf";
387 cp ${zfsPlugin} $out/check_zpool.sh
388 chmod +x $out/check_zpool.sh
389 patchShebangs $out/check_zpool.sh
390 wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [
391 pkgs.which pkgs.zfs pkgs.gawk
393 cp ${./plugins}/check_zfs_snapshot $out
394 patchShebangs $out/check_zfs_snapshot
395 wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [
396 pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep