Add monitoring for duply backup

[perso/Immae/Config/Nix.git] / modules / private / monitoring / default.nix

diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index 8ae0b306fe1b951a48b13162f55670e27780382b..316c2ddff5dd56688979e7b3bc0d55a06e90ab2c 100644 (file)
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -58,6 +58,9 @@ let
     wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
       pkgs.s3cmd pkgs.python3
     ]}
+    wrapProgram $out/check_eriomem_age --prefix PATH : ${lib.makeBinPath [
+      pkgs.duplicity
+    ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
     wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
       pkgs.mailutils
     ]}
@@ -136,7 +139,7 @@ let
       lib.attrsets.optionalAttrs
         (builtins.pathExists specific_file)
         (pkgs.callPackage specific_file {
-          inherit config emailCheck;
+          inherit config nodes emailCheck;
           hostFQDN = config.hostEnv.fqdn;
           hostName = name;
         });
@@ -232,10 +235,22 @@ in
         dest = "naemon/id_rsa";
         user = "naemon";
         group = "naemon";
-        premissions = "0400";
+        permissions = "0400";
         text = config.myEnv.monitoring.ssh_secret_key;
       }
-    ];
+    ] ++ lib.optional cfg.master (
+      {
+        dest = "eriomem_access_key";
+        user = "naemon";
+        group = "naemon";
+        permissions = "0400";
+        text = ''
+          export AWS_ACCESS_KEY_ID="${config.myEnv.backup.accessKeyId}"
+          export AWS_SECRET_ACCESS_KEY="${config.myEnv.backup.secretAccessKey}"
+          export BASE_URL="${config.myEnv.backup.remote}"
+        '';
+      }
+    );
     # needed since extraResource is not in the closure
     systemd.services.naemon.path = [ myplugins ];
     services.naemon = {