]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - flakes/private/monitoring/myplugins.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add monitoring script with smartctl
[perso/Immae/Config/Nix.git] / flakes / private / monitoring / myplugins.nix
1 { sudo, pkgs, lib, config }:
2 let
3 cfg = config.myServices.monitoring;
4 in
5 {
6 notify-secondary = {
7 resources = {
8 USER200 = config.myEnv.monitoring.status_url;
9 USER201 = config.myEnv.monitoring.status_token;
10 };
11 commands = {
12 notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
13 };
14 chunk = ''
15 cp ${./plugins}/send_nrdp.sh $out
16 patchShebangs $out/send_nrdp.sh
17 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
18 pkgs.curl pkgs.jq
19 ]}
20 '';
21 };
22 notify-primary = {
23 resources = {
24 USER210 = config.myEnv.monitoring.apprise_urls;
25 };
26 commands = {
27 # $OVE is to force naemon to run via shell instead of execve which fails here
28 notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
29 # $OVE is to force naemon to run via shell instead of execve which fails here
30 notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
31 notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\"";
32 notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\"";
33 };
34 chunk = ''
35 cp ${./plugins}/{notify_by_email,notify_by_apprise} $out
36 patchShebangs $out/{notify_by_email,notify_by_apprise}
37 wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
38 pkgs.mailutils
39 ]}
40 wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [
41 pkgs.apprise
42 ]}
43 '';
44 };
45 bandwidth = {
46 commands = {
47 check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
48 };
49 chunk = ''
50 cp ${./plugins}/check_bandwidth $out/
51 patchShebangs $out/check_bandwidth
52 wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
53 pkgs.iproute pkgs.bc
54 ]}
55 '';
56 };
57 command = {
58 commands = {
59 check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
60 check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
61 check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
62 };
63 chunk = ''
64 cp ${./plugins}/check_command $out/
65 patchShebangs $out/check_command
66 wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
67 '';
68 };
69 dns = {
70 commands = {
71 check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
72 check_dns_soa = "$USER2$/check_dns_soa -H $ARG1$ -z $ARG2$ -M $ARG3$";
73 check_dnssec = "$USER2$/check_dnssec -z $ARG1$";
74 check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
75 };
76 chunk = let
77 soa_plugin = pkgs.fetchurl {
78 name = "check_dns_soa";
79 url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1429&cf_id=24";
80 sha256 = "sha256-Yy4XO19Fb7WdHZZmhUfyyAGBnxJyFWwc7U3HiWyE8wc=";
81 };
82 in ''
83 cp ${./plugins}/check_dnssec $out/
84 patchShebangs $out/check_dnssec
85 wrapProgram $out/check_dnssec --prefix PATH : ${lib.makeBinPath [
86 pkgs.bind.dnsutils pkgs.gnugrep pkgs.gawk pkgs.which pkgs.coreutils
87 ]}
88
89 cp ${soa_plugin} $out/check_dns_soa
90 chmod +xw $out/check_dns_soa
91 patchShebangs $out/check_dns_soa
92 sed -i -e 's/^use utils qw.*$/my %ERRORS = ("OK" => 0, "WARNING" => 1, "CRITICAL" => 2, "UNKNOWN" => 3);my $TIMEOUT = 10;/' -e '/^use lib /d' $out/check_dns_soa
93 wrapProgram $out/check_dns_soa --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
94 pkgs.perlPackages.NetDNS
95 ]}
96 '';
97 };
98 mdadm = {
99 commands = {
100 check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root";
101 };
102 sudo = _: {
103 commands = [
104 { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
105 ];
106 runAs = "root";
107 };
108 };
109 postfix = {
110 commands = {
111 check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
112 };
113 sudo = _: {
114 commands = [
115 { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
116 ];
117 runAs = "root";
118 };
119 };
120 emails = {
121 resources = {
122 USER203 = config.secrets.fullPaths."naemon/id_rsa";
123 };
124 commands = {
125 check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
126 check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
127 };
128 chunk = let
129 send_mails = pkgs.runCommand "send_mails" {
130 buildInputs = [ pkgs.makeWrapper ];
131 } ''
132 mkdir -p $out/bin
133 cp ${./send_mails} $out/bin/send_mails
134 patchShebangs $out
135 wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [
136 pkgs.mailutils
137 ]}
138 '';
139 in ''
140 cp ${./plugins}/check_emails $out/
141 patchShebangs $out/check_emails
142 wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [
143 pkgs.openssh send_mails
144 ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [
145 pkgs.perlPackages.TimeDate
146 ]}
147 '';
148 };
149 eriomem = {
150 resources = {
151 USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys);
152 };
153 commands = {
154 check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
155 check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
156 };
157 chunk = ''
158 cp ${./plugins}/check_eriomem $out/
159 patchShebangs $out/check_eriomem
160 wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
161 pkgs.s3cmd pkgs.python38
162 ]}
163 cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age
164 patchShebangs $out/check_backup_eriomem_age
165 wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
166 pkgs.duplicity
167 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
168 '';
169 };
170 file_date = {
171 commands = {
172 check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
173 };
174 chunk = ''
175 cp ${./plugins}/check_last_file_date $out/
176 patchShebangs $out/check_last_file_date
177 '';
178 sudo = myplugins: {
179 commands = [
180 { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
181 ];
182 runAs = "ALL";
183 };
184 };
185 ftp = {
186 commands = {
187 check_ftp_database = "$USER2$/check_ftp_database";
188 };
189 chunk = ''
190 cp ${./plugins}/check_ftp_database $out/
191 patchShebangs $out/check_ftp_database
192 wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
193 pkgs.lftp
194 ]}
195 '';
196 };
197 git = {
198 resources = {
199 USER203 = config.secrets.fullPaths."naemon/id_rsa";
200 };
201 commands = {
202 check_git = "$USER2$/check_git $USER203$";
203 };
204 chunk = ''
205 cp ${./plugins}/check_git $out/
206 patchShebangs $out/check_git
207 wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
208 pkgs.git pkgs.openssh
209 ]}
210 '';
211 };
212 http = {
213 resources = {
214 USER202 = config.myEnv.monitoring.http_user_password;
215 };
216 commands = {
217 check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
218 check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
219 check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
220 check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
221 check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
222 check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
223 check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
224 };
225 };
226 imap = {
227 resources = {
228 USER204 = config.myEnv.monitoring.imap_login;
229 USER205 = config.myEnv.monitoring.imap_password;
230 };
231 commands = {
232 check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
233 };
234 chunk = ''
235 cp ${./plugins}/check_imap_connection $out/
236 patchShebangs $out/check_imap_connection
237 wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
238 pkgs.openssl
239 ]}
240 '';
241 };
242 megaraid = let
243 megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; });
244 in {
245 commands = {
246 check_megaraid = "$USER2$/check_megaraid_sas --sudo";
247 };
248 chunk = let
249 megaCliPlugin = pkgs.runCommand "megaCliPlugin" {
250 plugin = pkgs.fetchurl {
251 name = "check_megaraid_sas";
252 url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24";
253 sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p";
254 };
255 } ''
256 mkdir $out
257 cp $plugin $out/check_megaraid_sas
258 chmod +x $out/check_megaraid_sas
259 patchShebangs $out
260 substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64
261 substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli'
262 sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas
263 '';
264 in ''
265 cp ${megaCliPlugin}/check_megaraid_sas $out/
266 patchShebangs $out/check_megaraid_sas
267 '';
268 sudo = _: {
269 commands = [
270 { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; }
271 ];
272 runAs = "root";
273 };
274 };
275 memory = {
276 commands = {
277 check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
278 };
279 chunk = ''
280 cp ${./plugins}/check_mem.sh $out/
281 patchShebangs $out/check_mem.sh
282 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
283 pkgs.gnugrep pkgs.gawk pkgs.procps
284 ]}
285 '';
286 };
287 smartctl = {
288 commands = {
289 check_smartctl = "$USER2$/check_smartctl -i auto -d $ARG1$";
290 };
291 chunk = let
292 smartPlugin = pkgs.fetchurl {
293 url = "https://www.claudiokuenzler.com/monitoring-plugins/check_smart.pl";
294 sha256 = "sha256-gxGkzyycUl+I3WziKhOnZSoQjpqbPqjbunfUQxmeb7w=";
295 };
296 in ''
297 cp ${smartPlugin} $out/check_smartctl
298 chmod +x $out/check_smartctl
299 patchShebangs $out
300 substituteInPlace $out/check_smartctl --replace "/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin" "${pkgs.smartmontools}/bin"
301 substituteInPlace $out/check_smartctl --replace "sudo" "${sudo}"
302 '';
303
304 sudo = _: {
305 commands = [
306 { command = "${pkgs.smartmontools}/bin/smartctl *"; options = [ "NOPASSWD" ]; }
307 ];
308 runAs = "root";
309 };
310 };
311 mysql = {
312 commands = {
313 check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
314 };
315 chunk = ''
316 cp ${./plugins}/check_mysql_replication $out/
317 patchShebangs $out/check_mysql_replication
318 wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
319 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
320 ]}
321 '';
322 sudo = myplugins: {
323 commands = [
324 { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
325 ];
326 runAs = "mysql";
327 };
328 };
329 openldap = {
330 commands = {
331 check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
332 };
333 chunk = ''
334 cp ${./plugins}/check_openldap_replication $out/
335 patchShebangs $out/check_openldap_replication
336 wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
337 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
338 ]}
339 '';
340 sudo = myplugins: {
341 commands = [
342 { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
343 ];
344 runAs = "openldap";
345 };
346 };
347 ovh = {
348 resources = {
349 USER209 = builtins.concatStringsSep "," [
350 config.myEnv.monitoring.ovh_sms.endpoint
351 config.myEnv.monitoring.ovh_sms.application_key
352 config.myEnv.monitoring.ovh_sms.application_secret
353 config.myEnv.monitoring.ovh_sms.consumer_key
354 config.myEnv.monitoring.ovh_sms.account
355 ];
356 };
357 commands = {
358 check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
359 check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
360 };
361 chunk = ''
362 cp ${./plugins}/check_backup_age $out/check_backup_ovh_age
363 patchShebangs $out/check_backup_ovh_age
364 wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
365 pkgs.duplicity
366 ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
367 cp ${./plugins}/check_ovh_sms $out/
368 patchShebangs $out/check_ovh_sms
369 wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
370 (pkgs.python38.withPackages (ps: [ps.ovh]))
371 ]}
372 '';
373 };
374 postgresql = { package }: {
375 commands = {
376 check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
377 check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
378 };
379 chunk = ''
380 cp ${./plugins}/check_postgres_replication $out/
381 patchShebangs $out/check_postgres_replication
382 wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
383 package
384 ]}
385 cp ${./plugins}/check_postgres_database_count $out/
386 patchShebangs $out/check_postgres_database_count
387 wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [
388 package
389 ]}
390 '';
391
392 sudo = myplugins: {
393 commands = [
394 { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
395 ];
396 runAs = "postgres";
397 };
398 };
399 redis = {
400 commands = {
401 check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
402 };
403 chunk = ''
404 cp ${./plugins}/check_redis_replication $out/
405 patchShebangs $out/check_redis_replication
406 wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
407 pkgs.gnugrep pkgs.coreutils pkgs.redis
408 ]}
409 '';
410 sudo = myplugins: {
411 commands = [
412 { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
413 ];
414 runAs = "redis";
415 };
416 };
417 tcp = {
418 commands = {
419 check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
420 check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
421 };
422 };
423 zfs = {
424 commands = {
425 check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90";
426 check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400";
427 };
428 chunk = let
429 zfsPlugin = pkgs.fetchurl {
430 url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh";
431 sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf";
432 };
433 in ''
434 cp ${zfsPlugin} $out/check_zpool.sh
435 chmod +x $out/check_zpool.sh
436 patchShebangs $out/check_zpool.sh
437 wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [
438 pkgs.which pkgs.zfs pkgs.gawk
439 ]}
440 cp ${./plugins}/check_zfs_snapshot $out
441 patchShebangs $out/check_zfs_snapshot
442 wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [
443 pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep
444 ]}
445 '';
446 };
447 }
My infrastructure configuration