-{ config, myconfig, pkgs, lib, ... }:
+{ config, myconfig, pkgs, lib, name, hostFQDN, ... }:
let
myplugins = pkgs.runCommand "buildplugins" {
buildInputs = [ pkgs.makeWrapper pkgs.perl ];
patchShebangs $out
wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
- pkgs.curl pkgs.which pkgs.coreutils
+ pkgs.curl pkgs.jq
]}
wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.gawk pkgs.procps-ng
]}
+ wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
+ pkgs.postgresql
+ ]}
+ wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
+ pkgs.gnugrep pkgs.coreutils pkgs.redis
+ ]}
+ wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
+ pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
+ ]}
'';
+ toObjects = pkgs.callPackage ./to_objects.nix {};
+ commonConfig = {
+ eldiron = {
+ processWarn = "250"; processAlert = "400";
+ loadWarn = "8.0"; loadAlert = "10.0";
+ };
+ backup-2 = {
+ processWarn = "50"; processAlert = "60";
+ loadWarn = "1.0"; loadAlert = "2.0";
+ };
+ };
+ commonObjects = pkgs.callPackage ./objects_common.nix ({
+ inherit hostFQDN;
+ sudo = "/run/wrappers/bin/sudo";
+ } // builtins.getAttr name commonConfig);
+ hostObjects =
+ let
+ specific_file = ./. + "/objects_" + name + ".nix";
+ in
+ lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file {});
in
{
options = {
- myServices.monitoring.enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Whether to enable monitoring.
- '';
+ myServices.monitoring = {
+ enable = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ description = ''
+ Whether to enable monitoring.
+ '';
+ };
};
};
config = lib.mkIf config.myServices.monitoring.enable {
+ services.duplyBackup.profiles.monitoring = {
+ rootDir = config.services.naemon.varDir;
+ };
security.sudo.extraRules = [
{
commands = [
users = [ "naemon" ];
runAs = "root";
}
+ {
+ commands = [
+ { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
+ { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "naemon" ];
+ runAs = "postgres";
+ }
+ {
+ commands = [
+ { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
+ { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "naemon" ];
+ runAs = "mysql";
+ }
+ {
+ commands = [
+ { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
+ { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "naemon" ];
+ runAs = "redis";
+ }
+ {
+ commands = [
+ { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "naemon" ];
+ runAs = "backup";
+ }
];
environment.etc."mdadm.conf" = {
enable = true;
mode = "0644";
user = "root";
- text = "MAILADDR naemon@immae.eu";
+ text = "MAILADDR ${myconfig.env.monitoring.email}";
};
# needed since extraResource is not in the closure
use_syslog=1
log_initial_states=1
date_format=iso8601
- admin_email=naemon@immae.eu
+ admin_email=${myconfig.env.monitoring.email}
obsess_over_services=1
ocsp_command=notify-master
$USER200$=${myconfig.env.monitoring.status_url}
$USER201$=${myconfig.env.monitoring.status_token}
'';
- objectDefs = builtins.readFile ./conf/local_services.cfg
- + builtins.readFile ./conf/timeperiods.cfg
- + builtins.readFile ./conf/services.cfg
- + builtins.readFile ./conf/contacts.cfg
- + builtins.readFile ./conf/hosts.cfg
- + ''
- define command {
- command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
- command_name notify-master
- }
- define service {
- service_description No mdadm array is degraded
- use local-service
- check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
- }
-
- define service {
- service_description mailq is empty
- use local-service
- check_command check_mailq
- }
-
- define command {
- command_name check_mailq
- command_line $USER1$/check_mailq -s -w 1 -c 2
- }
-
- define service {
- name local-service
- use generic-service
- host_name eldiron.immae.eu
- check_interval 5
- max_check_attempts 4
- register 0
- retry_interval 1
- }
- define host {
- host_name eldiron.immae.eu
- alias eldiron.immae.eu
- address eldiron.immae.eu
- use linux-server
- }
- '';
+ objectDefs = toObjects commonObjects + toObjects hostObjects;
};
};
}
projects / perso / Immae / Config / Nix.git / blobdiff