[perso/Immae/Config/Nix.git] / modules / private / monitoring / default.nix

{ config, myconfig, pkgs, lib, ... }:
let
  myplugins = pkgs.runCommand "buildplugins" {
    buildInputs = [ pkgs.makeWrapper pkgs.perl ];
  } ''
    mkdir $out
    cp ${./plugins}/* $out/
    patchShebangs $out
    wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
    wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
      pkgs.curl pkgs.jq
    ]}
    wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
      pkgs.gnugrep pkgs.gawk pkgs.procps-ng
    ]}
    '';
in
{
  options = {
    myServices.monitoring.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable monitoring.
      '';
    };
  };

  config = lib.mkIf config.myServices.monitoring.enable {
    services.duplyBackup.profiles.monitoring = {
      rootDir = config.services.naemon.varDir;
    };
    security.sudo.extraRules = [
      {
        commands = [
          { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
          { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
        ];
        users = [ "naemon" ];
        runAs = "root";
      }
    ];
    environment.etc."mdadm.conf" = {
      enable = true;
      mode = "0644";
      user = "root";
      text = "MAILADDR ${myconfig.env.monitoring.email}";
    };

    # needed since extraResource is not in the closure
    systemd.services.naemon.path = [ myplugins ];
    services.naemon = {
      enable = true;
      extraConfig = ''
        broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
        use_syslog=1
        log_initial_states=1
        date_format=iso8601
        admin_email=${myconfig.env.monitoring.email}

        obsess_over_services=1
        ocsp_command=notify-master
      '';
      extraResource = ''
        $USER2$=${myplugins}
        $USER200$=${myconfig.env.monitoring.status_url}
        $USER201$=${myconfig.env.monitoring.status_token}
      '';
      objectDefs = builtins.readFile ./conf/local_services.cfg
        + builtins.readFile ./conf/timeperiods.cfg
        + builtins.readFile ./conf/services.cfg
        + builtins.readFile ./conf/contacts.cfg
        + builtins.readFile ./conf/hosts.cfg
        + ''
          define command {
            command_line       ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
            command_name       notify-master
          }
          define service {
            service_description  No mdadm array is degraded
            use                  local-service
            check_command        check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
          }

          define service {
            service_description  mailq is empty
            use                  local-service
            check_command        check_mailq
          }

          define command {
            command_name        check_mailq
            command_line        $USER1$/check_mailq -s -w 1 -c 2
          }

          define service {
            name                local-service
            use                 generic-service
            host_name           eldiron.immae.eu
            check_interval      5
            max_check_attempts  4
            register            0
            retry_interval      1
          }
          define host {
            host_name           eldiron.immae.eu
            alias               eldiron.immae.eu
            address             eldiron.immae.eu
            use                 linux-server
          }
          '';
    };
  };
}