]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/monitoring/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add monitoring modules via naemon
[perso/Immae/Config/Nix.git] / modules / private / monitoring / default.nix
1 { config, myconfig, pkgs, lib, ... }:
2 let
3 myplugins = pkgs.runCommand "buildplugins" {
4 buildInputs = [ pkgs.makeWrapper pkgs.perl ];
5 } ''
6 mkdir $out
7 cp ${./plugins}/* $out/
8 patchShebangs $out
9 wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
10 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
11 pkgs.curl pkgs.which pkgs.coreutils
12 ]}
13 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
14 pkgs.gnugrep pkgs.gawk pkgs.procps-ng
15 ]}
16 '';
17 in
18 {
19 options = {
20 myServices.monitoring.enable = lib.mkOption {
21 type = lib.types.bool;
22 default = false;
23 description = ''
24 Whether to enable monitoring.
25 '';
26 };
27 };
28
29 config = lib.mkIf config.myServices.monitoring.enable {
30 security.sudo.extraRules = [
31 {
32 commands = [
33 { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
34 { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
35 ];
36 users = [ "naemon" ];
37 runAs = "root";
38 }
39 ];
40 environment.etc."mdadm.conf" = {
41 enable = true;
42 mode = "0644";
43 user = "root";
44 text = "MAILADDR naemon@immae.eu";
45 };
46
47 # needed since extraResource is not in the closure
48 systemd.services.naemon.path = [ myplugins ];
49 services.naemon = {
50 enable = true;
51 extraConfig = ''
52 broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
53 use_syslog=1
54 log_initial_states=1
55 date_format=iso8601
56 admin_email=naemon@immae.eu
57
58 obsess_over_services=1
59 ocsp_command=notify-master
60 '';
61 extraResource = ''
62 $USER2$=${myplugins}
63 $USER200$=${myconfig.env.monitoring.status_url}
64 $USER201$=${myconfig.env.monitoring.status_token}
65 '';
66 objectDefs = builtins.readFile ./conf/local_services.cfg
67 + builtins.readFile ./conf/timeperiods.cfg
68 + builtins.readFile ./conf/services.cfg
69 + builtins.readFile ./conf/contacts.cfg
70 + builtins.readFile ./conf/hosts.cfg
71 + ''
72 define command {
73 command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
74 command_name notify-master
75 }
76 define service {
77 service_description No mdadm array is degraded
78 use local-service
79 check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
80 }
81
82 define service {
83 service_description mailq is empty
84 use local-service
85 check_command check_mailq
86 }
87
88 define command {
89 command_name check_mailq
90 command_line $USER1$/check_mailq -s -w 1 -c 2
91 }
92
93 define service {
94 name local-service
95 use generic-service
96 host_name eldiron.immae.eu
97 check_interval 5
98 max_check_attempts 4
99 register 0
100 retry_interval 1
101 }
102 define host {
103 host_name eldiron.immae.eu
104 alias eldiron.immae.eu
105 address eldiron.immae.eu
106 use linux-server
107 }
108 '';
109 };
110 };
111 }
My infrastructure configuration