]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - flakes/naemon/flake.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Squash changes containing private information
[perso/Immae/Config/Nix.git] / flakes / naemon / flake.nix
1 {
2 outputs = { self }: {
3 nixosModule = self.nixosModules.naemon;
4 nixosModules.naemon = { config, lib, pkgs, ... }:
5 with lib;
6
7 let
8 cfg = config.services.naemon;
9
10 naemonConfig = pkgs.runCommand "naemon-config" {
11 objectsFile = pkgs.writeText "naemon_objects.cfg" cfg.objectDefs;
12 resourceFile = config.secrets.fullPaths."naemon/resources.cfg";
13 extraConfig = pkgs.writeText "extra.cfg" cfg.extraConfig;
14 inherit (cfg) logDir varDir runDir cacheDir;
15 } ''
16 substituteAll ${./naemon.cfg} $out
17 cat $extraConfig >> $out
18 '';
19 in
20 {
21 # Necessary for situations where flake gets included multiple times
22 key = builtins.hashString "sha256" (builtins.path { path = self.sourceInfo.outPath; name = "source"; });
23
24 options = {
25 services.naemon = {
26 enable = mkOption {
27 default = false;
28 description = "
29 Whether to use <link
30 xlink:href='http://www.naemon.org/'>Naemon</link> to monitor
31 your system or network.
32 ";
33 };
34
35 objectDefs = mkOption {
36 type = types.lines;
37 default = "";
38 description = "
39 A list of Naemon object configuration that must define
40 the hosts, host groups, services and contacts for the
41 network that you want Naemon to monitor.
42 ";
43 };
44
45 extraResource = mkOption {
46 type = types.lines;
47 default = "";
48 example = ''
49 # Sets $USER2$ to be the path to event handlers
50 #$USER2$=/usr/lib/monitoring-plugins/eventhandlers
51
52 # Store some usernames and passwords (hidden from the CGIs)
53 #$USER3$=someuser
54 #$USER4$=somepassword
55 '';
56 description = "
57 Lines to add to the resource file
58 # You can define $USERx$ macros in this file, which can in turn be used
59 # in command definitions in your host config file(s). $USERx$ macros are
60 # useful for storing sensitive information such as usernames, passwords,
61 # etc. They are also handy for specifying the path to plugins and
62 # event handlers - if you decide to move the plugins or event handlers to
63 # a different directory in the future, you can just update one or two
64 # $USERx$ macros, instead of modifying a lot of command definitions.
65 #
66 # Naemon supports up to 256 $USERx$ macros ($USER1$ through $USER256$)
67 #
68 # Resource files may also be used to store configuration directives for
69 # external data sources like MySQL...
70 #
71 ";
72 };
73
74 extraConfig = mkOption {
75 type = types.lines;
76 default = "";
77 description = "
78 Extra config to append to main config
79 ";
80 };
81
82 user = mkOption {
83 type = types.str;
84 default = "naemon";
85 description = "User for naemon";
86 };
87
88 group = mkOption {
89 type = types.str;
90 default = "naemon";
91 description = "Group for naemon";
92 };
93
94 varDir = mkOption {
95 type = types.path;
96 default = "/var/lib/naemon";
97 description = "The directory where naemon stores its data";
98 };
99
100 cacheDir = mkOption {
101 type = types.path;
102 default = "/var/cache/naemon";
103 description = "The directory where naemon stores its cache";
104 };
105
106 runDir = mkOption {
107 type = types.path;
108 default = "/run/naemon";
109 description = "The directory where naemon stores its runtime files";
110 };
111
112 logDir = mkOption {
113 type = types.path;
114 default = "/var/log/naemon";
115 description = "The directory where naemon stores its log files";
116 };
117
118 package = mkOption {
119 type = types.package;
120 default = pkgs.naemon.override {
121 inherit (cfg) varDir cacheDir logDir runDir user group;
122 };
123 description = ''
124 Naemon package to use
125 '';
126 };
127 };
128 };
129
130
131 config = mkIf cfg.enable {
132 secrets.keys = {
133 "naemon/resources.cfg" = {
134 user = cfg.user;
135 group = cfg.group;
136 permissions = "0400";
137 text = ''
138 $USER1$=${pkgs.monitoring-plugins}/libexec
139 ${cfg.extraResource}
140 '';
141 keyDependencies = [ pkgs.monitoring-plugins ];
142 };
143 };
144
145 users.users = optionalAttrs (cfg.user == "naemon") {
146 naemon = {
147 group = cfg.group;
148 uid = config.ids.uids.nagios;
149 extraGroups = [ "keys" ];
150 };
151 };
152 users.groups = optionalAttrs (cfg.user == "naemon") {
153 naemon = {
154 gid = config.ids.gids.nagios;
155 };
156 };
157
158 services.filesWatcher.naemon = {
159 paths = [ config.secrets.fullPaths."naemon/resources.cfg" ];
160 };
161 systemd.services.naemon = {
162 description = "Naemon monitoring daemon";
163 path = [ cfg.package ];
164 wantedBy = [ "multi-user.target" ];
165 after = [ "network.target" ];
166
167 preStart = "${cfg.package}/bin/naemon -vp ${naemonConfig}";
168 script = "${cfg.package}/bin/naemon --daemon ${naemonConfig}";
169 reload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
170 serviceConfig = {
171 User = cfg.user;
172 Restart = "always";
173 RestartSec = 2;
174 StandardOutput = "journal";
175 StandardError = "inherit";
176 PIDFile = "${cfg.runDir}/naemon.pid";
177 LogsDirectory = assert lib.strings.hasPrefix "/var/log/" cfg.logDir;
178 lib.strings.removePrefix "/var/log/" cfg.logDir;
179 CacheDirectory = assert lib.strings.hasPrefix "/var/cache/" cfg.cacheDir;
180 let unprefixed = lib.strings.removePrefix "/var/cache/" cfg.cacheDir;
181 in [ unprefixed "${unprefixed}/checkresults" ];
182 StateDirectory = assert lib.strings.hasPrefix "/var/lib/" cfg.varDir;
183 lib.strings.removePrefix "/var/lib/" cfg.varDir;
184 RuntimeDirectory = assert lib.strings.hasPrefix "/run/" cfg.runDir;
185 lib.strings.removePrefix "/run/" cfg.runDir;
186 };
187 };
188 };
189 };
190 };
191 }
My infrastructure configuration