wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
pkgs.s3cmd pkgs.python3
]}
- wrapProgram $out/check_eriomem_age --prefix PATH : ${lib.makeBinPath [
+ makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
pkgs.duplicity
]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
+ makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
+ pkgs.duplicity
+ ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
pkgs.mailutils
]}
wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [
(pkgs.python3.withPackages (ps: [ps.ovh]))
]}
+ wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [
+ pkgs.iproute pkgs.bc
+ ]}
'';
toObjects = pkgs.callPackage ./to_objects.nix {};
commonConfig = {
eldiron = {
processWarn = "250"; processAlert = "400";
loadWarn = "8.0"; loadAlert = "10.0";
+ interface = "eth0";
};
backup-2 = {
processWarn = "60"; processAlert = "70";
loadWarn = "1.0"; loadAlert = "2.0";
+ interface = "ens3";
};
monitoring-1 = {
processWarn = "50"; processAlert = "60";
loadWarn = "1.0"; loadAlert = "2.0";
+ interface = "ens3";
};
};
+ externalObjects = lib.genAttrs [ "tiboqorl-fr" ]
+ (n: pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; });
masterPassiveObjects = let
passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes;
toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);
passiveServices = lib.flatten (lib.attrsets.mapAttrsToList
(_: n: toPassiveServices n.config.myServices.monitoring.services)
passiveNodes
- );
+ ) ++ lib.flatten (lib.attrsets.mapAttrsToList
+ (_: n: toPassiveServices n.service)
+ externalObjects);
in {
service = passiveServices;
host = lib.lists.foldr
(a: b: a//b)
{}
- (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes);
+ (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes
+ ++ lib.attrsets.mapAttrsToList (_: n: n.host) externalObjects);
};
emailCheck = host: hostFQDN: let
allCfg = config.myEnv.monitoring.email_check;
};
otherObjects = map
(n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
- [ "caldance-1" "ulminfo-fr" "phare" "tiboqorl-fr" ];
+ [ "caldance-1" "ulminfo-fr" "phare" ];
masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
commonObjects = pkgs.callPackage ./objects_common.nix ({
master = cfg.master;
hostFQDN = config.hostEnv.fqdn;
hostName = name;
});
+ objectsFiles = lib.mapAttrs' (name: value: lib.nameValuePair
+ "=/${name}/objects.conf" { alias = pkgs.writeText "objects.conf" (toObjects value); }
+ ) externalObjects;
in
{
options = {
};
config = lib.mkIf cfg.enable {
+ services.nginx = lib.mkIf config.myServices.status.enable {
+ virtualHosts."status.immae.eu".locations = objectsFiles;
+ };
+
services.duplyBackup.profiles.monitoring = {
rootDir = config.services.naemon.varDir;
};
permissions = "0400";
text = config.myEnv.monitoring.ssh_secret_key;
}
- ] ++ lib.optional cfg.master (
+ ] ++ lib.optionals cfg.master (
+ lib.mapAttrsToList (k: v:
{
- dest = "eriomem_access_key";
+ dest = "${k}_access_key";
user = "naemon";
group = "naemon";
permissions = "0400";
text = ''
- export AWS_ACCESS_KEY_ID="${config.myEnv.backup.accessKeyId}"
- export AWS_SECRET_ACCESS_KEY="${config.myEnv.backup.secretAccessKey}"
- export BASE_URL="${config.myEnv.backup.remote}"
+ export AWS_ACCESS_KEY_ID="${v.accessKeyId}"
+ export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}"
+ export BASE_URL="${v.remote "immae-eldiron"}"
'';
- }
+ }) config.myEnv.backup.remotes
);
# needed since extraResource is not in the closure
systemd.services.naemon.path = [ myplugins ];
projects / perso / Immae / Config / Nix.git / blobdiff