[perso/Immae/Config/Nix.git] / flakes / private / monitoring / myplugins.nix

{ sudo, pkgs, lib, config }:
let
  cfg = config.myServices.monitoring;
in
{
  notify-secondary = {
    resources = {
      USER200 = config.myEnv.monitoring.status_url;
      USER201 = config.myEnv.monitoring.status_token;
    };
    commands = {
      notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
    };
    chunk = ''
      cp ${./plugins}/send_nrdp.sh $out
      patchShebangs $out/send_nrdp.sh
      wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
        pkgs.curl pkgs.jq
      ]}
    '';
  };
  notify-primary = {
    resources = {
      USER210 = config.myEnv.monitoring.apprise_urls;
    };
    commands = {
      # $OVE is to force naemon to run via shell instead of execve which fails here
      notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
      # $OVE is to force naemon to run via shell instead of execve which fails here
      notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
      notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\"";
      notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\"";
    };
    chunk = ''
      cp ${./plugins}/{notify_by_email,notify_by_apprise} $out
      patchShebangs $out/{notify_by_email,notify_by_apprise}
      wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
        pkgs.mailutils
      ]}
      wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [
        pkgs.apprise
      ]}
    '';
  };
  bandwidth = {
    commands = {
      check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
    };
    chunk = ''
      cp ${./plugins}/check_bandwidth $out/
      patchShebangs $out/check_bandwidth
      wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
        pkgs.iproute pkgs.bc
      ]}
    '';
  };
  command = {
    commands = {
      check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
      check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
      check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
    };
    chunk = ''
      cp ${./plugins}/check_command $out/
      patchShebangs $out/check_command
      wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
    '';
  };
  dns = {
    commands = {
      check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
      check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
    };
  };
  mdadm = {
    commands = {
      check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root";
    };
    sudo = _: {
      commands = [
        { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "root";
    };
  };
  postfix = {
    commands = {
      check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
    };
    sudo = _: {
      commands = [
        { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "root";
    };
  };
  emails = {
    resources = {
      USER203 = config.secrets.fullPaths."naemon/id_rsa";
    };
    commands = {
      check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
      check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
    };
    chunk = let
      send_mails = pkgs.runCommand "send_mails" {
        buildInputs = [ pkgs.makeWrapper ];
      } ''
        mkdir -p $out/bin
        cp ${./send_mails} $out/bin/send_mails
        patchShebangs $out
        wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [
          pkgs.mailutils
        ]}
        '';
    in ''
      cp ${./plugins}/check_emails $out/
      patchShebangs $out/check_emails
      wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [
        pkgs.openssh send_mails
      ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
        pkgs.perlPackages.TimeDate
      ]}
    '';
  };
  eriomem = {
    resources = {
      USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys);
    };
    commands = {
      check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
      check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
    };
    chunk = ''
      cp ${./plugins}/check_eriomem $out/
      patchShebangs $out/check_eriomem
      wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
        pkgs.s3cmd pkgs.python38
      ]}
      cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age
      patchShebangs $out/check_backup_eriomem_age
      wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
        pkgs.duplicity
      ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
    '';
  };
  file_date = {
    commands = {
      check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
    };
    chunk = ''
      cp ${./plugins}/check_last_file_date $out/
      patchShebangs $out/check_last_file_date
    '';
    sudo = myplugins: {
      commands = [
        { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "ALL";
    };
  };
  ftp = {
    commands = {
      check_ftp_database = "$USER2$/check_ftp_database";
    };
    chunk = ''
      cp ${./plugins}/check_ftp_database $out/
      patchShebangs $out/check_ftp_database
      wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
        pkgs.lftp
      ]}
    '';
  };
  git = {
    resources = {
      USER203 = config.secrets.fullPaths."naemon/id_rsa";
    };
    commands = {
      check_git = "$USER2$/check_git $USER203$";
    };
    chunk = ''
      cp ${./plugins}/check_git $out/
      patchShebangs $out/check_git
      wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
        pkgs.git pkgs.openssh
      ]}
    '';
  };
  http = {
    resources = {
      USER202 = config.myEnv.monitoring.http_user_password;
    };
    commands = {
      check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
      check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
      check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
      check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
      check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
      check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
      check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
    };
  };
  imap = {
    resources = {
      USER204 = config.myEnv.monitoring.imap_login;
      USER205 = config.myEnv.monitoring.imap_password;
    };
    commands = {
      check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
    };
    chunk = ''
      cp ${./plugins}/check_imap_connection $out/
      patchShebangs $out/check_imap_connection
      wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
        pkgs.openssl
      ]}
    '';
  };
  megaraid = let
    megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; });
  in {
    commands = {
      check_megaraid = "$USER2$/check_megaraid_sas --sudo";
    };
    chunk = let
      megaCliPlugin = pkgs.runCommand "megaCliPlugin" {
        plugin = pkgs.fetchurl {
          name = "check_megaraid_sas";
          url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24";
          sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p";
        };
      } ''
        mkdir $out
        cp $plugin $out/check_megaraid_sas
        chmod +x $out/check_megaraid_sas
        patchShebangs $out
        substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64
        substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli'
        sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas
      '';
    in ''
      cp ${megaCliPlugin}/check_megaraid_sas $out/
      patchShebangs $out/check_megaraid_sas
    '';
    sudo = _: {
      commands = [
        { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "root";
    };
  };
  memory = {
    commands = {
      check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
    };
    chunk = ''
      cp ${./plugins}/check_mem.sh $out/
      patchShebangs $out/check_mem.sh
      wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
        pkgs.gnugrep pkgs.gawk pkgs.procps
      ]}
    '';
  };
  mysql = {
    commands = {
      check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
    };
    chunk = ''
      cp ${./plugins}/check_mysql_replication $out/
      patchShebangs $out/check_mysql_replication
      wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
        pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
      ]}
    '';
    sudo = myplugins: {
      commands = [
        { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "mysql";
    };
  };
  openldap = {
    commands = {
      check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
    };
    chunk = ''
      cp ${./plugins}/check_openldap_replication $out/
      patchShebangs $out/check_openldap_replication
      wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
        pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
      ]}
    '';
    sudo = myplugins: {
      commands = [
        { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "openldap";
    };
  };
  ovh = {
    resources = {
      USER209 = builtins.concatStringsSep "," [
        config.myEnv.monitoring.ovh_sms.endpoint
        config.myEnv.monitoring.ovh_sms.application_key
        config.myEnv.monitoring.ovh_sms.application_secret
        config.myEnv.monitoring.ovh_sms.consumer_key
        config.myEnv.monitoring.ovh_sms.account
      ];
    };
    commands = {
      check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
      check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
    };
    chunk = ''
      cp ${./plugins}/check_backup_age $out/check_backup_ovh_age
      patchShebangs $out/check_backup_ovh_age
      wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
        pkgs.duplicity
      ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
      cp ${./plugins}/check_ovh_sms $out/
      patchShebangs $out/check_ovh_sms
      wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
        (pkgs.python38.withPackages (ps: [ps.ovh]))
      ]}
    '';
  };
  postgresql = { package }: {
    commands = {
      check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
      check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
    };
    chunk = ''
      cp ${./plugins}/check_postgres_replication $out/
      patchShebangs $out/check_postgres_replication
      wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
        package
      ]}
      cp ${./plugins}/check_postgres_database_count $out/
      patchShebangs $out/check_postgres_database_count
      wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [
        package
      ]}
    '';

    sudo = myplugins: {
      commands = [
        { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "postgres";
    };
  };
  redis = {
    commands = {
      check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
    };
    chunk = ''
      cp ${./plugins}/check_redis_replication $out/
      patchShebangs $out/check_redis_replication
      wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
        pkgs.gnugrep pkgs.coreutils pkgs.redis
      ]}
    '';
    sudo = myplugins: {
      commands = [
        { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
      ];
      runAs = "redis";
    };
  };
  tcp = {
    commands = {
      check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
      check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
    };
  };
  zfs = {
    commands = {
      check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90";
      check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400";
    };
    chunk = let
      zfsPlugin = pkgs.fetchurl {
        url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh";
        sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf";
      };
    in ''
      cp ${zfsPlugin} $out/check_zpool.sh
      chmod +x $out/check_zpool.sh
      patchShebangs $out/check_zpool.sh
      wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [
        pkgs.which pkgs.zfs pkgs.gawk
      ]}
      cp ${./plugins}/check_zfs_snapshot $out
      patchShebangs $out/check_zfs_snapshot
      wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [
        pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep
      ]}
    '';
  };
}
Commit	Line	Data
acab8301 IB	1	{ sudo, pkgs, lib, config }:
	2	let
	3	cfg = config.myServices.monitoring;
	4	in
	5	{
	6	notify-secondary = {
	7	resources = {
	8	USER200 = config.myEnv.monitoring.status_url;
	9	USER201 = config.myEnv.monitoring.status_token;
	10	};
	11	commands = {
	12	notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ \| $SERVICEPERFDATA$\"";
	13	};
	14	chunk = ''
	15	cp ${./plugins}/send_nrdp.sh $out
	16	patchShebangs $out/send_nrdp.sh
	17	wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
	18	pkgs.curl pkgs.jq
	19	]}
	20	'';
	21	};
	22	notify-primary = {
	23	resources = {
1a64deeb	24	USER210 = config.myEnv.monitoring.apprise_urls;
acab8301 IB	25	};
	26	commands = {
	27	# $OVE is to force naemon to run via shell instead of execve which fails here
	28	notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
	29	# $OVE is to force naemon to run via shell instead of execve which fails here
	30	notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
1a64deeb IB	31	notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\"";
1a64deeb IB	32	notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\"";
acab8301 IB	33	};
acab8301 IB	34	chunk = ''
1a64deeb IB	35	cp ${./plugins}/{notify_by_email,notify_by_apprise} $out
1a64deeb IB	36	patchShebangs $out/{notify_by_email,notify_by_apprise}
acab8301 IB	37	wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
	38	pkgs.mailutils
	39	]}
1a64deeb IB	40	wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [
1a64deeb IB	41	pkgs.apprise
acab8301 IB	42	]}
	43	'';
	44	};
	45	bandwidth = {
	46	commands = {
	47	check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
	48	};
	49	chunk = ''
	50	cp ${./plugins}/check_bandwidth $out/
	51	patchShebangs $out/check_bandwidth
	52	wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
	53	pkgs.iproute pkgs.bc
	54	]}
	55	'';
	56	};
	57	command = {
	58	commands = {
	59	check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
	60	check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
	61	check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
	62	};
	63	chunk = ''
	64	cp ${./plugins}/check_command $out/
	65	patchShebangs $out/check_command
	66	wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
	67	'';
	68	};
	69	dns = {
	70	commands = {
	71	check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
	72	check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
	73	};
	74	};
1a64deeb IB	75	mdadm = {
	76	commands = {
	77	check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root";
	78	};
	79	sudo = _: {
	80	commands = [
	81	{ command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
	82	];
	83	runAs = "root";
	84	};
	85	};
	86	postfix = {
	87	commands = {
	88	check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
	89	};
	90	sudo = _: {
	91	commands = [
	92	{ command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
	93	];
	94	runAs = "root";
	95	};
	96	};
acab8301 IB	97	emails = {
	98	resources = {
	99	USER203 = config.secrets.fullPaths."naemon/id_rsa";
	100	};
	101	commands = {
	102	check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
	103	check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
	104	};
	105	chunk = let
	106	send_mails = pkgs.runCommand "send_mails" {
	107	buildInputs = [ pkgs.makeWrapper ];
	108	} ''
	109	mkdir -p $out/bin
	110	cp ${./send_mails} $out/bin/send_mails
	111	patchShebangs $out
	112	wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [
	113	pkgs.mailutils
	114	]}
	115	'';
	116	in ''
	117	cp ${./plugins}/check_emails $out/
	118	patchShebangs $out/check_emails
	119	wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [
	120	pkgs.openssh send_mails
	121	]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
	122	pkgs.perlPackages.TimeDate
	123	]}
	124	'';
	125	};
	126	eriomem = {
	127	resources = {
	128	USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys);
	129	};
	130	commands = {
	131	check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
	132	check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
	133	};
	134	chunk = ''
	135	cp ${./plugins}/check_eriomem $out/
	136	patchShebangs $out/check_eriomem
	137	wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
1a64deeb	138	pkgs.s3cmd pkgs.python38
acab8301 IB	139	]}
	140	cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age
	141	patchShebangs $out/check_backup_eriomem_age
	142	wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
	143	pkgs.duplicity
	144	]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
	145	'';
	146	};
	147	file_date = {
	148	commands = {
	149	check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
	150	};
	151	chunk = ''
	152	cp ${./plugins}/check_last_file_date $out/
	153	patchShebangs $out/check_last_file_date
	154	'';
	155	sudo = myplugins: {
	156	commands = [
	157	{ command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
	158	];
	159	runAs = "ALL";
	160	};
	161	};
	162	ftp = {
	163	commands = {
	164	check_ftp_database = "$USER2$/check_ftp_database";
	165	};
	166	chunk = ''
	167	cp ${./plugins}/check_ftp_database $out/
	168	patchShebangs $out/check_ftp_database
	169	wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
	170	pkgs.lftp
	171	]}
	172	'';
	173	};
	174	git = {
	175	resources = {
	176	USER203 = config.secrets.fullPaths."naemon/id_rsa";
	177	};
	178	commands = {
	179	check_git = "$USER2$/check_git $USER203$";
	180	};
	181	chunk = ''
	182	cp ${./plugins}/check_git $out/
	183	patchShebangs $out/check_git
	184	wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
	185	pkgs.git pkgs.openssh
	186	]}
	187	'';
	188	};
	189	http = {
	190	resources = {
	191	USER202 = config.myEnv.monitoring.http_user_password;
	192	};
	193	commands = {
	194	check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
	195	check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
1a64deeb IB	196	check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
1a64deeb IB	197	check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
acab8301 IB	198	check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
	199	check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
	200	check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
	201	};
	202	};
	203	imap = {
	204	resources = {
	205	USER204 = config.myEnv.monitoring.imap_login;
	206	USER205 = config.myEnv.monitoring.imap_password;
	207	};
	208	commands = {
	209	check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
	210	};
	211	chunk = ''
	212	cp ${./plugins}/check_imap_connection $out/
	213	patchShebangs $out/check_imap_connection
	214	wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
	215	pkgs.openssl
	216	]}
	217	'';
	218	};
	219	megaraid = let
	220	megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; });
	221	in {
	222	commands = {
	223	check_megaraid = "$USER2$/check_megaraid_sas --sudo";
	224	};
	225	chunk = let
	226	megaCliPlugin = pkgs.runCommand "megaCliPlugin" {
	227	plugin = pkgs.fetchurl {
	228	name = "check_megaraid_sas";
	229	url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24";
	230	sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p";
	231	};
	232	} ''
	233	mkdir $out
	234	cp $plugin $out/check_megaraid_sas
	235	chmod +x $out/check_megaraid_sas
	236	patchShebangs $out
	237	substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64
	238	substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli'
	239	sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas
	240	'';
	241	in ''
	242	cp ${megaCliPlugin}/check_megaraid_sas $out/
	243	patchShebangs $out/check_megaraid_sas
	244	'';
	245	sudo = _: {
	246	commands = [
	247	{ command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; }
	248	];
	249	runAs = "root";
	250	};
	251	};
	252	memory = {
	253	commands = {
	254	check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
	255	};
	256	chunk = ''
	257	cp ${./plugins}/check_mem.sh $out/
	258	patchShebangs $out/check_mem.sh
	259	wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
1a64deeb	260	pkgs.gnugrep pkgs.gawk pkgs.procps
acab8301 IB	261	]}
	262	'';
	263	};
	264	mysql = {
	265	commands = {
	266	check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
	267	};
	268	chunk = ''
	269	cp ${./plugins}/check_mysql_replication $out/
	270	patchShebangs $out/check_mysql_replication
	271	wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
	272	pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
	273	]}
	274	'';
	275	sudo = myplugins: {
	276	commands = [
	277	{ command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
	278	];
	279	runAs = "mysql";
	280	};
	281	};
	282	openldap = {
	283	commands = {
	284	check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
	285	};
	286	chunk = ''
	287	cp ${./plugins}/check_openldap_replication $out/
	288	patchShebangs $out/check_openldap_replication
	289	wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
	290	pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
	291	]}
	292	'';
	293	sudo = myplugins: {
	294	commands = [
	295	{ command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
	296	];
	297	runAs = "openldap";
	298	};
	299	};
	300	ovh = {
	301	resources = {
	302	USER209 = builtins.concatStringsSep "," [
	303	config.myEnv.monitoring.ovh_sms.endpoint
	304	config.myEnv.monitoring.ovh_sms.application_key
	305	config.myEnv.monitoring.ovh_sms.application_secret
	306	config.myEnv.monitoring.ovh_sms.consumer_key
	307	config.myEnv.monitoring.ovh_sms.account
	308	];
	309	};
	310	commands = {
	311	check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
	312	check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
	313	};
	314	chunk = ''
	315	cp ${./plugins}/check_backup_age $out/check_backup_ovh_age
	316	patchShebangs $out/check_backup_ovh_age
	317	wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
	318	pkgs.duplicity
	319	]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
	320	cp ${./plugins}/check_ovh_sms $out/
	321	patchShebangs $out/check_ovh_sms
	322	wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
1a64deeb	323	(pkgs.python38.withPackages (ps: [ps.ovh]))
acab8301 IB	324	]}
	325	'';
	326	};
1a64deeb	327	postgresql = { package }: {
acab8301 IB	328	commands = {
acab8301 IB	329	check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
e64a4968	330	check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
acab8301	331	};
1a64deeb	332	chunk = ''
acab8301 IB	333	cp ${./plugins}/check_postgres_replication $out/
	334	patchShebangs $out/check_postgres_replication
	335	wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
1a64deeb	336	package
acab8301	337	]}
e64a4968 IB	338	cp ${./plugins}/check_postgres_database_count $out/
	339	patchShebangs $out/check_postgres_database_count
	340	wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [
1a64deeb	341	package
e64a4968	342	]}
acab8301 IB	343	'';
	344
	345	sudo = myplugins: {
	346	commands = [
	347	{ command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
	348	];
	349	runAs = "postgres";
	350	};
	351	};
	352	redis = {
	353	commands = {
	354	check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
	355	};
	356	chunk = ''
	357	cp ${./plugins}/check_redis_replication $out/
	358	patchShebangs $out/check_redis_replication
	359	wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
	360	pkgs.gnugrep pkgs.coreutils pkgs.redis
	361	]}
	362	'';
	363	sudo = myplugins: {
	364	commands = [
	365	{ command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
	366	];
	367	runAs = "redis";
	368	};
	369	};
	370	tcp = {
	371	commands = {
	372	check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
	373	check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
	374	};
	375	};
	376	zfs = {
	377	commands = {
	378	check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90";
f46b2c61	379	check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400";
acab8301 IB	380	};
	381	chunk = let
	382	zfsPlugin = pkgs.fetchurl {
	383	url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh";
	384	sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf";
	385	};
	386	in ''
	387	cp ${zfsPlugin} $out/check_zpool.sh
	388	chmod +x $out/check_zpool.sh
	389	patchShebangs $out/check_zpool.sh
	390	wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [
	391	pkgs.which pkgs.zfs pkgs.gawk
	392	]}
f46b2c61 IB	393	cp ${./plugins}/check_zfs_snapshot $out
	394	patchShebangs $out/check_zfs_snapshot
	395	wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [
	396	pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep
	397	]}
acab8301 IB	398	'';
	399	};
	400	}