]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/monitoring/myplugins.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move notification systems to apprise
[perso/Immae/Config/Nix.git] / modules / private / monitoring / myplugins.nix
1 { sudo, pkgs, lib, config }:
2 let
3 cfg = config.myServices.monitoring;
4 in
5 {
6 notify-secondary = {
7 resources = {
8 USER200 = config.myEnv.monitoring.status_url;
9 USER201 = config.myEnv.monitoring.status_token;
10 };
11 commands = {
12 notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
13 };
14 chunk = ''
15 cp ${./plugins}/send_nrdp.sh $out
16 patchShebangs $out/send_nrdp.sh
17 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
18 pkgs.curl pkgs.jq
19 ]}
20 '';
21 };
22 notify-primary = {
23 resources = {
24 USER210 = config.myEnv.monitoring.apprise_urls;
25 };
26 commands = {
27 # $OVE is to force naemon to run via shell instead of execve which fails here
28 notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
29 # $OVE is to force naemon to run via shell instead of execve which fails here
30 notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
31 notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\"";
32 notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\"";
33 };
34 chunk = ''
35 cp ${./plugins}/{notify_by_email,notify_by_apprise} $out
36 patchShebangs $out/{notify_by_email,notify_by_apprise}
37 wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
38 pkgs.mailutils
39 ]}
40 wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [
41 pkgs.apprise
42 ]}
43 '';
44 };
45 bandwidth = {
46 commands = {
47 check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
48 };
49 chunk = ''
50 cp ${./plugins}/check_bandwidth $out/
51 patchShebangs $out/check_bandwidth
52 wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
53 pkgs.iproute pkgs.bc
54 ]}
55 '';
56 };
57 command = {
58 commands = {
59 check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
60 check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
61 check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
62 };
63 chunk = ''
64 cp ${./plugins}/check_command $out/
65 patchShebangs $out/check_command
66 wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
67 '';
68 };
69 dns = {
70 commands = {
71 check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
72 check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
73 };
74 };
75 emails = {
76 resources = {
77 USER203 = config.secrets.fullPaths."naemon/id_rsa";
78 };
79 commands = {
80 check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
81 check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
82 };
83 chunk = let
84 send_mails = pkgs.runCommand "send_mails" {
85 buildInputs = [ pkgs.makeWrapper ];
86 } ''
87 mkdir -p $out/bin
88 cp ${./send_mails} $out/bin/send_mails
89 patchShebangs $out
90 wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [
91 pkgs.mailutils
92 ]}
93 '';
94 in ''
95 cp ${./plugins}/check_emails $out/
96 patchShebangs $out/check_emails
97 wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [
98 pkgs.openssh send_mails
99 ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
100 pkgs.perlPackages.TimeDate
101 ]}
102 '';
103 };
104 eriomem = {
105 resources = {
106 USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys);
107 };
108 commands = {
109 check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
110 check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
111 };
112 chunk = ''
113 cp ${./plugins}/check_eriomem $out/
114 patchShebangs $out/check_eriomem
115 wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
116 pkgs.s3cmd pkgs.python38
117 ]}
118 cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age
119 patchShebangs $out/check_backup_eriomem_age
120 wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
121 pkgs.duplicity
122 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
123 '';
124 };
125 file_date = {
126 commands = {
127 check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
128 };
129 chunk = ''
130 cp ${./plugins}/check_last_file_date $out/
131 patchShebangs $out/check_last_file_date
132 '';
133 sudo = myplugins: {
134 commands = [
135 { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
136 ];
137 runAs = "ALL";
138 };
139 };
140 ftp = {
141 commands = {
142 check_ftp_database = "$USER2$/check_ftp_database";
143 };
144 chunk = ''
145 cp ${./plugins}/check_ftp_database $out/
146 patchShebangs $out/check_ftp_database
147 wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
148 pkgs.lftp
149 ]}
150 '';
151 };
152 git = {
153 resources = {
154 USER203 = config.secrets.fullPaths."naemon/id_rsa";
155 };
156 commands = {
157 check_git = "$USER2$/check_git $USER203$";
158 };
159 chunk = ''
160 cp ${./plugins}/check_git $out/
161 patchShebangs $out/check_git
162 wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
163 pkgs.git pkgs.openssh
164 ]}
165 '';
166 };
167 http = {
168 resources = {
169 USER202 = config.myEnv.monitoring.http_user_password;
170 };
171 commands = {
172 check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
173 check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
174 check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
175 check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
176 check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
177 check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
178 check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
179 };
180 };
181 imap = {
182 resources = {
183 USER204 = config.myEnv.monitoring.imap_login;
184 USER205 = config.myEnv.monitoring.imap_password;
185 };
186 commands = {
187 check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
188 };
189 chunk = ''
190 cp ${./plugins}/check_imap_connection $out/
191 patchShebangs $out/check_imap_connection
192 wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
193 pkgs.openssl
194 ]}
195 '';
196 };
197 megaraid = let
198 megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; });
199 in {
200 commands = {
201 check_megaraid = "$USER2$/check_megaraid_sas --sudo";
202 };
203 chunk = let
204 megaCliPlugin = pkgs.runCommand "megaCliPlugin" {
205 plugin = pkgs.fetchurl {
206 name = "check_megaraid_sas";
207 url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24";
208 sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p";
209 };
210 } ''
211 mkdir $out
212 cp $plugin $out/check_megaraid_sas
213 chmod +x $out/check_megaraid_sas
214 patchShebangs $out
215 substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64
216 substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli'
217 sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas
218 '';
219 in ''
220 cp ${megaCliPlugin}/check_megaraid_sas $out/
221 patchShebangs $out/check_megaraid_sas
222 '';
223 sudo = _: {
224 commands = [
225 { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; }
226 ];
227 runAs = "root";
228 };
229 };
230 memory = {
231 commands = {
232 check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
233 };
234 chunk = ''
235 cp ${./plugins}/check_mem.sh $out/
236 patchShebangs $out/check_mem.sh
237 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
238 pkgs.gnugrep pkgs.gawk pkgs.procps
239 ]}
240 '';
241 };
242 mysql = {
243 commands = {
244 check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
245 };
246 chunk = ''
247 cp ${./plugins}/check_mysql_replication $out/
248 patchShebangs $out/check_mysql_replication
249 wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
250 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
251 ]}
252 '';
253 sudo = myplugins: {
254 commands = [
255 { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
256 ];
257 runAs = "mysql";
258 };
259 };
260 openldap = {
261 commands = {
262 check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
263 };
264 chunk = ''
265 cp ${./plugins}/check_openldap_replication $out/
266 patchShebangs $out/check_openldap_replication
267 wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
268 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
269 ]}
270 '';
271 sudo = myplugins: {
272 commands = [
273 { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
274 ];
275 runAs = "openldap";
276 };
277 };
278 ovh = {
279 resources = {
280 USER209 = builtins.concatStringsSep "," [
281 config.myEnv.monitoring.ovh_sms.endpoint
282 config.myEnv.monitoring.ovh_sms.application_key
283 config.myEnv.monitoring.ovh_sms.application_secret
284 config.myEnv.monitoring.ovh_sms.consumer_key
285 config.myEnv.monitoring.ovh_sms.account
286 ];
287 };
288 commands = {
289 check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
290 check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
291 };
292 chunk = ''
293 cp ${./plugins}/check_backup_age $out/check_backup_ovh_age
294 patchShebangs $out/check_backup_ovh_age
295 wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
296 pkgs.duplicity
297 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
298 cp ${./plugins}/check_ovh_sms $out/
299 patchShebangs $out/check_ovh_sms
300 wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
301 (pkgs.python38.withPackages (ps: [ps.ovh]))
302 ]}
303 '';
304 };
305 postgresql = {
306 commands = {
307 check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
308 check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
309 };
310 chunk = let
311 postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable
312 then config.myServices.databasesReplication.postgresql.mainPackage
313 else if config.myServices.databases.enable
314 then config.myServices.databases.postgresql.package
315 else pkgs.postgresql;
316 in ''
317 cp ${./plugins}/check_postgres_replication $out/
318 patchShebangs $out/check_postgres_replication
319 wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
320 postgresqlBinary
321 ]}
322 cp ${./plugins}/check_postgres_database_count $out/
323 patchShebangs $out/check_postgres_database_count
324 wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [
325 postgresqlBinary
326 ]}
327 '';
328
329 sudo = myplugins: {
330 commands = [
331 { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
332 ];
333 runAs = "postgres";
334 };
335 };
336 redis = {
337 commands = {
338 check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
339 };
340 chunk = ''
341 cp ${./plugins}/check_redis_replication $out/
342 patchShebangs $out/check_redis_replication
343 wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
344 pkgs.gnugrep pkgs.coreutils pkgs.redis
345 ]}
346 '';
347 sudo = myplugins: {
348 commands = [
349 { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
350 ];
351 runAs = "redis";
352 };
353 };
354 tcp = {
355 commands = {
356 check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
357 check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
358 };
359 };
360 zfs = {
361 commands = {
362 check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90";
363 check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400";
364 };
365 chunk = let
366 zfsPlugin = pkgs.fetchurl {
367 url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh";
368 sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf";
369 };
370 in ''
371 cp ${zfsPlugin} $out/check_zpool.sh
372 chmod +x $out/check_zpool.sh
373 patchShebangs $out/check_zpool.sh
374 wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [
375 pkgs.which pkgs.zfs pkgs.gawk
376 ]}
377 cp ${./plugins}/check_zfs_snapshot $out
378 patchShebangs $out/check_zfs_snapshot
379 wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [
380 pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep
381 ]}
382 '';
383 };
384 }
My infrastructure configuration