X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmonitoring%2Fdefault.nix;h=b3f8cbee734cf53f3c672e88171a2f036282fc4d;hb=6015a3b52c3b155ac444aeb39950c38a5e653101;hp=d99124e836da9511f957b227a34924580a27422f;hpb=5ea246baa7afa72c44e0afa5122eaa61eb9c7e5c;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index d99124e..b3f8cbe 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -1,4 +1,4 @@
-{ config, myconfig, pkgs, lib, ... }:
+{ config, myconfig, pkgs, lib, name, hostFQDN, ... }:
 let
   myplugins = pkgs.runCommand "buildplugins" {
     buildInputs = [ pkgs.makeWrapper pkgs.perl ];
@@ -8,25 +8,59 @@ let
     patchShebangs $out
     wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
     wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
-      pkgs.curl pkgs.which pkgs.coreutils
+      pkgs.curl pkgs.jq
     ]}
     wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
       pkgs.gnugrep pkgs.gawk pkgs.procps-ng
     ]}
+    wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
+      pkgs.postgresql
+    ]}
+    wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
+      pkgs.gnugrep pkgs.coreutils pkgs.redis
+    ]}
+    wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
+      pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
+    ]}
     '';
+  toObjects = pkgs.callPackage ./to_objects.nix {};
+  commonConfig = {
+    eldiron = {
+      processWarn = "250"; processAlert = "400";
+      loadWarn = "8.0"; loadAlert = "10.0";
+    };
+    backup-2 = {
+      processWarn = "50"; processAlert = "60";
+      loadWarn = "1.0"; loadAlert = "2.0";
+    };
+  };
+  commonObjects = pkgs.callPackage ./objects_common.nix ({
+    inherit hostFQDN;
+    sudo = "/run/wrappers/bin/sudo";
+  } // builtins.getAttr name commonConfig);
+  hostObjects =
+    let
+      specific_file = ./. + "/objects_" + name + ".nix";
+    in
+      lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file {});
 in
 {
   options = {
-    myServices.monitoring.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = ''
-        Whether to enable monitoring.
-      '';
+    myServices.monitoring = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = ''
+          Whether to enable monitoring.
+        '';
+      };
     };
   };
 
   config = lib.mkIf config.myServices.monitoring.enable {
+    services.duplyBackup.profiles.monitoring = {
+      rootDir = config.services.naemon.varDir;
+    };
     security.sudo.extraRules = [
       {
         commands = [
@@ -36,6 +70,37 @@ in
         users = [ "naemon" ];
         runAs = "root";
       }
+      {
+        commands = [
+          { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
+          { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+        ];
+        users = [ "naemon" ];
+        runAs = "postgres";
+      }
+      {
+        commands = [
+          { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
+          { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+        ];
+        users = [ "naemon" ];
+        runAs = "mysql";
+      }
+      {
+        commands = [
+          { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
+          { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+        ];
+        users = [ "naemon" ];
+        runAs = "redis";
+      }
+      {
+        commands = [
+          { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+        ];
+        users = [ "naemon" ];
+        runAs = "backup";
+      }
     ];
     environment.etc."mdadm.conf" = {
       enable = true;
@@ -63,49 +128,7 @@ in
         $USER200$=${myconfig.env.monitoring.status_url}
         $USER201$=${myconfig.env.monitoring.status_token}
       '';
-      objectDefs = builtins.readFile ./conf/local_services.cfg
-        + builtins.readFile ./conf/timeperiods.cfg
-        + builtins.readFile ./conf/services.cfg
-        + builtins.readFile ./conf/contacts.cfg
-        + builtins.readFile ./conf/hosts.cfg
-        + ''
-          define command {
-            command_line       ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
-            command_name       notify-master
-          }
-          define service {
-            service_description  No mdadm array is degraded
-            use                  local-service
-            check_command        check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
-          }
-
-          define service {
-            service_description  mailq is empty
-            use                  local-service
-            check_command        check_mailq
-          }
-
-          define command {
-            command_name        check_mailq
-            command_line        $USER1$/check_mailq -s -w 1 -c 2
-          }
-
-          define service {
-            name                local-service
-            use                 generic-service
-            host_name           eldiron.immae.eu
-            check_interval      5
-            max_check_attempts  4
-            register            0
-            retry_interval      1
-          }
-          define host {
-            host_name           eldiron.immae.eu
-            alias               eldiron.immae.eu
-            address             eldiron.immae.eu
-            use                 linux-server
-          }
-          '';
+      objectDefs = toObjects commonObjects + toObjects hostObjects;
     };
   };
 }