+++ /dev/null
-{ config, pkgs, lib, name, nodes, ... }:
-let
- cfg = config.myServices.monitoring;
- activatedPlugins = [ "memory" "command" "bandwidth" ]
- ++ (if cfg.master then (masterObjects.activatedPlugins or []) else [])
- ++ (if cfg.master then (lib.flatten (map (v: v.activatedPlugins or []) otherObjects)) else [])
- ++ (hostObjects.activatedPlugins or [])
- ++ (if cfg.master then ["notify-primary"] else ["notify-secondary"]);
- allPluginsConfig = import ./myplugins.nix {
- inherit pkgs lib config;
- sudo = "/run/wrappers/bin/sudo";
- };
- mypluginsConfig = lib.getAttrs activatedPlugins allPluginsConfig;
- myplugins = let
- mypluginsChunk = builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (k: v: v.chunk or "") mypluginsConfig);
- in pkgs.runCommand "buildplugins" {
- buildInputs = [ pkgs.makeWrapper pkgs.perl ];
- } ''
- mkdir $out
- ${mypluginsChunk}
- '';
- toObjects = pkgs.callPackage ./to_objects.nix {};
- commonConfig = {
- dilion = {
- processWarn = "250"; processAlert = "400";
- loadWarn = "1.0"; loadAlert = "1.2";
- interface = "eth0";
- };
- eldiron = {
- processWarn = "550"; processAlert = "650";
- loadWarn = "1.0"; loadAlert = "1.2";
- interface = "eth0";
- };
- backup-2 = {
- processWarn = "60"; processAlert = "70";
- loadWarn = "1.0"; loadAlert = "2.0";
- interface = "ens3";
- };
- monitoring-1 = {
- processWarn = "50"; processAlert = "60";
- loadWarn = "4.0"; loadAlert = "6.0";
- load15Warn = "1.0"; load15Alert = "2.0";
- interface = "ens3";
- };
- quatresaisons = {
- processWarn = "250"; processAlert = "400";
- loadWarn = "1.0"; loadAlert = "1.2";
- interface = "eth0";
- };
- };
- externalObjects = lib.genAttrs [ "tiboqorl-fr" ]
- (n: pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; });
- masterPassiveObjects = let
- passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron" "quatresaisons" "dilion"]) nodes;
- toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);
- passiveServices = lib.flatten (lib.attrsets.mapAttrsToList
- (_: n: toPassiveServices n.config.myServices.monitoring.services)
- passiveNodes
- ) ++ lib.flatten (lib.attrsets.mapAttrsToList
- (_: n: toPassiveServices n.service)
- externalObjects);
- in {
- service = passiveServices;
- host = lib.lists.foldr
- (a: b: a//b)
- {}
- (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes
- ++ lib.attrsets.mapAttrsToList (_: n: n.host) externalObjects);
- };
- emailCheck = host: hostFQDN: let
- allCfg = config.myEnv.monitoring.email_check;
- cfg = allCfg."${host}";
- reverseTargets = builtins.attrNames (lib.attrsets.filterAttrs (k: v: builtins.elem host v.targets) allCfg);
- to_email = cfg': host':
- let sep = if lib.strings.hasInfix "+" cfg'.mail_address then "_" else "+";
- in "${cfg'.mail_address}${sep}${host'}@${cfg'.mail_domain}";
- mails_to_send = builtins.concatStringsSep "," (map (n: to_email allCfg."${n}" host) cfg.targets);
- mails_to_receive = builtins.concatStringsSep "," (map (n: "${to_email cfg n}:${n}") reverseTargets);
- command = if cfg.local
- then
- [ "check_emails_local" "/var/lib/naemon/checks/email" mails_to_send mails_to_receive ]
- else
- [ "check_emails" cfg.login cfg.port mails_to_send mails_to_receive ];
- in
- {
- service_description = "${hostFQDN} email service is active";
- use = "mail-service";
- host_name = hostFQDN;
- servicegroups = "webstatus-email";
- check_command = command;
- };
- otherObjects = map
- (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
- [ "ulminfo-fr" "phare" "eban" ];
- masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
- commonObjects = pkgs.callPackage ./objects_common.nix ({
- master = cfg.master;
- hostFQDN = config.hostEnv.fqdn;
- hostName = name;
- inherit mypluginsConfig;
- } // builtins.getAttr name commonConfig);
- hostObjects =
- let
- specific_file = ./. + "/objects_" + name + ".nix";
- in
- lib.attrsets.optionalAttrs
- (builtins.pathExists specific_file)
- (pkgs.callPackage specific_file {
- inherit config nodes emailCheck;
- hostFQDN = config.hostEnv.fqdn;
- hostName = name;
- });
- objectsFiles = lib.mapAttrs' (name: value: lib.nameValuePair
- "=/${name}/objects.conf" { alias = pkgs.writeText "objects.conf" (toObjects value); }
- ) externalObjects;
-in
-{
- options = {
- myServices.monitoring = {
- enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Whether to enable monitoring.
- '';
- };
- master = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- This instance is the master instance
- '';
- };
- hosts = lib.mkOption {
- readOnly = true;
- description = "Hosts list for this host";
- default = (commonObjects.host or {}) // (hostObjects.host or {});
- };
- services = lib.mkOption {
- readOnly = true;
- description = "Services list for this host";
- default = commonObjects.service ++ hostObjects.service;
- };
- };
- };
-
- config = lib.mkIf cfg.enable {
- services.nginx = lib.mkIf config.myServices.status.enable {
- virtualHosts."status.immae.eu".locations = objectsFiles // {
- "=/common/immae.cfg" = {
- alias = pkgs.writeText "immae.cfg" ''
- # put me for instance in /etc/naemon/module-conf.d/immae.cfg
- # Make sure that you have include_dir=module-conf.d in
- # naemon.cfg
- log_initial_states=1
- date_format=iso8601
- admin_email=${config.myEnv.monitoring.email}
- obsess_over_services=1
- ocsp_command=notify-master
- '';
- };
- "=/common/resource.cfg" = {
- alias = pkgs.writeText "resource.cfg" ''
- # Resource.cfg file
- # Replace this with path to monitoring plugins
- $USER1$=@@COMMON_PLUGINS@@
- # Replace this with a path to scripts from
- # https://git.immae.eu/cgit/perso/Immae/Config/Nix.git/tree/modules/private/monitoring/plugins
- $USER2$=@@IMMAE_PLUGINS@@
- $USER200$=https://status.immae.eu/
- $USER201$=@@TOKEN@@
- '';
- };
- };
- };
-
- security.sudo.extraRules = let
- pluginsSudo = lib.lists.remove null (lib.attrsets.mapAttrsToList (k: v:
- if (v ? sudo)
- then ({ users = [ "naemon" ]; } // (v.sudo myplugins))
- else null) mypluginsConfig);
- in [
- {
- commands = [
- { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
- { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
- ];
- users = [ "naemon" ];
- runAs = "root";
- }
- ] ++ pluginsSudo;
- environment.etc."mdadm.conf" = {
- enable = true;
- mode = "0644";
- user = "root";
- text = "MAILADDR ${config.myEnv.monitoring.email}";
- };
-
- secrets.keys = {
- "naemon/id_rsa" = {
- user = "naemon";
- group = "naemon";
- permissions = "0400";
- text = config.myEnv.monitoring.ssh_secret_key;
- };
- } // lib.optionalAttrs cfg.master (
- lib.mapAttrs' (k: v: lib.nameValuePair "${k}_access_key" {
- user = "naemon";
- group = "naemon";
- permissions = "0400";
- text = ''
- export AWS_ACCESS_KEY_ID="${v.accessKeyId}"
- export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}"
- export BASE_URL="${v.remote "immae-eldiron"}"
- '';
- }) config.myEnv.backup.remotes
- );
- # needed since extraResource is not in the closure
- systemd.services.naemon.path = [ myplugins ];
- services.naemon = {
- enable = true;
- extraConfig = ''
- use_syslog=1
- log_initial_states=1
- date_format=iso8601
- admin_email=${config.myEnv.monitoring.email}
- '' + lib.optionalString (!cfg.master) ''
- obsess_over_services=1
- ocsp_command=notify-master
- '' + lib.optionalString (cfg.master) ''
- broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
- broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0
- '';
- extraResource = let
- resources = [hostObjects.resources or {}] ++ (lib.mapAttrsToList (k: v: v.resources or {}) mypluginsConfig);
- joined = lib.zipAttrsWith (n: v: if builtins.length (lib.unique v) == 1 then builtins.head v else abort "Non-unique resources names") resources;
- joinedStr = builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "$" + "${k}$=${v}") joined);
- in ''
- $USER2$=${myplugins}
- ${joinedStr}
- '';
- objectDefs = toObjects commonObjects
- + toObjects hostObjects
- + lib.optionalString cfg.master (toObjects masterObjects)
- + lib.optionalString cfg.master (toObjects masterPassiveObjects)
- + lib.optionalString cfg.master (builtins.concatStringsSep "\n" (map toObjects otherObjects));
- };
- };
-}