blob: d6c91acce6a8e5c3f5a9ec214c838180661fbb36 (
plain) (
tree)
|
|
{ config, pkgs, lib, name, ... }:
let
myplugins = pkgs.runCommand "buildplugins" {
buildInputs = [ pkgs.makeWrapper pkgs.perl ];
} ''
mkdir $out
cp ${./plugins}/* $out/
patchShebangs $out
wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
pkgs.curl pkgs.jq
]}
wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.gawk pkgs.procps-ng
]}
wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [
pkgs.postgresql
]}
wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.coreutils pkgs.redis
]}
wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb
]}
wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
]}
'';
toObjects = pkgs.callPackage ./to_objects.nix {};
commonConfig = {
eldiron = {
processWarn = "250"; processAlert = "400";
loadWarn = "8.0"; loadAlert = "10.0";
};
backup-2 = {
processWarn = "50"; processAlert = "60";
loadWarn = "1.0"; loadAlert = "2.0";
};
};
commonObjects = pkgs.callPackage ./objects_common.nix ({
hostFQDN = config.hostEnv.FQDN;
sudo = "/run/wrappers/bin/sudo";
} // builtins.getAttr name commonConfig);
hostObjects =
let
specific_file = ./. + "/objects_" + name + ".nix";
in
lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file { inherit config; });
in
{
options = {
myServices.monitoring = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable monitoring.
'';
};
};
};
config = lib.mkIf config.myServices.monitoring.enable {
services.duplyBackup.profiles.monitoring = {
rootDir = config.services.naemon.varDir;
};
security.sudo.extraRules = [
{
commands = [
{ command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "root";
}
{
commands = [
{ command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "ALL";
}
{
commands = [
{ command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "postgres";
}
{
commands = [
{ command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "mysql";
}
{
commands = [
{ command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "openldap";
}
{
commands = [
{ command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "redis";
}
];
environment.etc."mdadm.conf" = {
enable = true;
mode = "0644";
user = "root";
text = "MAILADDR ${config.myEnv.monitoring.email}";
};
# needed since extraResource is not in the closure
systemd.services.naemon.path = [ myplugins ];
services.naemon = {
enable = true;
extraConfig = ''
broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
use_syslog=1
log_initial_states=1
date_format=iso8601
admin_email=${config.myEnv.monitoring.email}
obsess_over_services=1
ocsp_command=notify-master
'';
extraResource = ''
$USER2$=${myplugins}
$USER200$=${config.myEnv.monitoring.status_url}
$USER201$=${config.myEnv.monitoring.status_token}
'';
objectDefs = toObjects commonObjects + toObjects hostObjects;
};
};
}
|
