]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/monitoring/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add monitoring for backup-2
[perso/Immae/Config/Nix.git] / modules / private / monitoring / default.nix
1 { config, myconfig, pkgs, lib, name, hostFQDN, ... }:
2 let
3 myplugins = pkgs.runCommand "buildplugins" {
4 buildInputs = [ pkgs.makeWrapper pkgs.perl ];
5 } ''
6 mkdir $out
7 cp ${./plugins}/* $out/
8 patchShebangs $out
9 wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
10 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
11 pkgs.curl pkgs.jq
12 ]}
13 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
14 pkgs.gnugrep pkgs.gawk pkgs.procps-ng
15 ]}
16 wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
17 pkgs.postgresql
18 ]}
19 '';
20 defaultObjects =
21 let specific_file = ./conf + "/specific_" + name + ".cfg";
22 in
23 builtins.readFile ./conf/local_services.cfg
24 + builtins.readFile ./conf/timeperiods.cfg
25 + builtins.readFile ./conf/services.cfg
26 + builtins.readFile ./conf/contacts.cfg
27 + builtins.readFile ./conf/hosts.cfg
28 + ''
29 define command {
30 command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
31 command_name notify-master
32 }
33 define service {
34 service_description No mdadm array is degraded
35 use local-service
36 check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
37 }
38
39 define service {
40 name local-service
41 use generic-service
42 host_name ${hostFQDN}
43 check_interval 5
44 max_check_attempts 4
45 register 0
46 retry_interval 1
47 }
48 define host {
49 host_name ${hostFQDN}
50 alias ${hostFQDN}
51 address ${hostFQDN}
52 use linux-server
53 }
54 ''
55 + lib.strings.optionalString (builtins.pathExists specific_file) (builtins.readFile specific_file);
56 in
57 {
58 options = {
59 myServices.monitoring = {
60 enable = lib.mkOption {
61 type = lib.types.bool;
62 default = false;
63 description = ''
64 Whether to enable monitoring.
65 '';
66 };
67 };
68 };
69
70 config = lib.mkIf config.myServices.monitoring.enable {
71 services.duplyBackup.profiles.monitoring = {
72 rootDir = config.services.naemon.varDir;
73 };
74 security.sudo.extraRules = [
75 {
76 commands = [
77 { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
78 { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
79 ];
80 users = [ "naemon" ];
81 runAs = "root";
82 }
83 {
84 commands = [
85 { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
86 { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
87 ];
88 users = [ "naemon" ];
89 runAs = "postgres";
90 }
91 {
92 commands = [
93 { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
94 ];
95 users = [ "naemon" ];
96 runAs = "backup";
97 }
98 ];
99 environment.etc."mdadm.conf" = {
100 enable = true;
101 mode = "0644";
102 user = "root";
103 text = "MAILADDR ${myconfig.env.monitoring.email}";
104 };
105
106 # needed since extraResource is not in the closure
107 systemd.services.naemon.path = [ myplugins ];
108 services.naemon = {
109 enable = true;
110 extraConfig = ''
111 broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
112 use_syslog=1
113 log_initial_states=1
114 date_format=iso8601
115 admin_email=${myconfig.env.monitoring.email}
116
117 obsess_over_services=1
118 ocsp_command=notify-master
119 '';
120 extraResource = ''
121 $USER2$=${myplugins}
122 $USER200$=${myconfig.env.monitoring.status_url}
123 $USER201$=${myconfig.env.monitoring.status_token}
124 '';
125 objectDefs = defaultObjects;
126 };
127 };
128 }
My infrastructure configuration