Add monitoring modules via naemon

14 files changed, 828 insertions, 0 deletions

diff --git a/modules/private/default.nix b/modules/private/default.nix
index 552ee8c..5f97f7f 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -64,6 +64,7 @@ set = {
   ftp = ./ftp.nix;
   mpd = ./mpd.nix;
   ssh = ./ssh;
+  monitoring = ./monitoring;
 
   system = ./system.nix;
 };
diff --git a/modules/private/monitoring/conf/contacts.cfg b/modules/private/monitoring/conf/contacts.cfg
new file mode 100644
index 0000000..e088f69
--- /dev/null
+++ b/modules/private/monitoring/conf/contacts.cfg
@@ -0,0 +1,41 @@
+# vim: filetype=nagios
+
+# CONTACT GROUPS
+define contactgroup {
+  contactgroup_name              admins
+  alias                          Naemon Administrators
+#  members                        immae
+}
+
+# No contact, we go through master
+# define contact {
+#   contact_name                   immae
+#   alias                          Immae
+#   use                            generic-contact
+#   email                          ismael@bouya.org
+# }
+# 
+# define contact {
+#   name                           generic-contact
+#   host_notification_commands     notify-host-by-email
+#   host_notification_options      d,u,r,f,s
+#   host_notification_period       24x7
+#   register                       0
+#   service_notification_commands  notify-service-by-email
+#   service_notification_options   w,u,c,r,f,s
+#   service_notification_period    24x7
+# }
+# 
+# define command {
+#   command_name                   notify-host-by-email
+#   command_line                   SERVICENOTIFICATIONID="$SERVICENOTIFICATIONID$" HOSTSTATE="$HOSTSTATE$" HOSTOUTPUT="$HOSTOUTPUT$" $USER2$/notify_by_email host "$NOTIFICATIONTYPE$" "$HOSTALIAS$" "$LONGDATETIME$" "$CONTACTEMAIL$" $OVE
+# #$OVE is to force naemon to run via shell instead of execve which fails here
+# }
+# 
+# # 'notify-service-by-email' command definition
+# define command {
+#   command_name                   notify-service-by-email
+#   command_line                   SERVICENOTIFICATIONID="$SERVICENOTIFICATIONID$" SERVICEDESC="$SERVICEDESC$" SERVICESTATE="$SERVICESTATE$" SERVICEOUTPUT="$SERVICEOUTPUT$" $USER2$/notify_by_email service "$NOTIFICATIONTYPE$" "$HOSTALIAS$" "$LONGDATETIME$" "$CONTACTEMAIL$" $OVE
+# #  command_line                   sudo /usr/bin/strace -o /tmp/foo -vf -s 256 -u naemon $USER2$/notify_by_email
+# #$OVE is to force naemon to run via shell instead of execve which fails here
+# }
diff --git a/modules/private/monitoring/conf/hosts.cfg b/modules/private/monitoring/conf/hosts.cfg
new file mode 100644
index 0000000..d903b0a
--- /dev/null
+++ b/modules/private/monitoring/conf/hosts.cfg
@@ -0,0 +1,32 @@
+# vim: filetype=nagios
+
+define host {
+  name                           generic-host
+  event_handler_enabled          1
+  flap_detection_enabled         1
+  notification_period            24x7
+  notifications_enabled          1
+  process_perf_data              1
+  register                       0
+  retain_nonstatus_information   1
+  retain_status_information      1
+}
+
+define host {
+  name                           linux-server
+  use                            generic-host
+  check_command                  check-host-alive
+  check_interval                 5
+  check_period                   24x7
+  contact_groups                 admins
+  max_check_attempts             10
+  notification_interval          120
+  notification_options           d,u,r,f
+  register                       0
+  retry_interval                 1
+}
+
+define command {
+  command_name                   check-host-alive
+  command_line                   $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+}
diff --git a/modules/private/monitoring/conf/local_services.cfg b/modules/private/monitoring/conf/local_services.cfg
new file mode 100644
index 0000000..56bc8f6
--- /dev/null
+++ b/modules/private/monitoring/conf/local_services.cfg
@@ -0,0 +1,68 @@
+# vim: filetype=nagios
+
+# System usage
+define service {
+  service_description            Size on root partition
+  use                            local-service
+  check_command                  check_local_disk!20%!10%!/
+}
+define command {
+  command_line                   $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+  command_name                   check_local_disk
+}
+
+define service {
+  service_description            Total number of process
+  use                            local-service
+  check_command                  check_local_procs!250!400!RSZDT
+}
+define command {
+  command_line                   $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+  command_name                   check_local_procs
+}
+
+define service {
+  service_description            Average load
+  use                            local-service
+  check_command                  check_local_load!8.0,8.0,8.0!10.0,10.0,10.0
+}
+define command {
+  command_line                   $USER1$/check_load -w $ARG1$ -c $ARG2$
+  command_name                   check_local_load
+}
+
+define service {
+  service_description            Swap usage
+  use                            local-service
+  check_command                  check_local_swap!20!10
+}
+define command {
+  command_line                   $USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$
+  command_name                   check_local_swap
+}
+
+define service {
+  service_description            Memory usage
+  use                            local-service
+  check_command                  check_memory!80!90
+}
+define command {
+  command_line                   $USER2$/check_mem.sh -w $ARG1$ -c $ARG2$
+  command_name                   check_memory
+}
+
+define command {
+  command_line                   $USER2$/check_command -c "$ARG1$" -s 0 -o "$ARG2$" $ARG3$
+  command_name                   check_command_output
+}
+
+# Network dependent local services
+define service {
+  service_description            NTP is activated and working
+  use                            local-service
+  check_command                  check_ntp
+}
+define command {
+  command_line                   $USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org
+  command_name                   check_ntp
+}
diff --git a/modules/private/monitoring/conf/notify.cfg b/modules/private/monitoring/conf/notify.cfg
new file mode 100644
index 0000000..63b380d
--- /dev/null
+++ b/modules/private/monitoring/conf/notify.cfg
@@ -0,0 +1,8 @@
+# vim: filetype=nagios
+
+define command {
+  command_line                   /etc/naemon/send_nrdp.sh -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
+  command_name                   notify-master
+}
+
+
diff --git a/modules/private/monitoring/conf/objects.cfg b/modules/private/monitoring/conf/objects.cfg
new file mode 100644
index 0000000..653477f
--- /dev/null
+++ b/modules/private/monitoring/conf/objects.cfg
@@ -0,0 +1,84 @@
+# vim: filetype=nagios
+
+define command {
+        command_line                   $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+        command_name                   check-host-alive
+}
+
+define command {
+        command_line                   $USER2$/check_md_raid
+        command_name                   check_md_raid
+}
+
+define command {
+        command_line                   $USER2$/check_command -c "$ARG1$" -o "$ARG2$" $ARG3$
+        command_name                   check_command_output
+}
+
+
+define command {
+        command_line                   /usr/bin/sudo -u postgres $USER2$/check_postgres_replication "$ARG1$" "$ARG2$" "$ARG3$"
+        command_name                   check_postgresql_replication
+}
+
+define service {
+        ## --PUPPET_NAME-- (called '_naginator_name' in the manifest)                Databases are present in postgresql
+        active_checks_enabled          1
+        check_command                  check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace'!public!-r postgres
+        check_freshness                0
+        check_interval                 5
+        check_period                   24x7
+        contact_groups                 admins
+        event_handler_enabled          1
+        flap_detection_enabled         1
+        host_name                      caldance-1.v.immae.eu
+        is_volatile                    0
+        max_check_attempts             4
+        notification_interval          60
+        notification_options           w,u,c,r
+        notification_period            24x7
+        notifications_enabled          0
+        obsess_over_service            1
+        passive_checks_enabled         1
+        process_perf_data              1
+        retain_nonstatus_information   1
+        retain_status_information      1
+        retry_interval                 1
+        service_description            Databases are present in postgresql
+}
+
+define command {
+        command_line                   $USER2$/check_last_file_date "$ARG1$" "$ARG2$" "$ARG3$"
+        command_name                   check_last_file_date
+}
+
+define command {
+        command_line                   $USER2$/check_date "$ARG1$" "$ARG2$" "$ARG3$"
+        command_name                   check_date
+}
+
+define service {
+        ## --PUPPET_NAME-- (called '_naginator_name' in the manifest)                Postgresql replication for backup-1 is up to date
+        active_checks_enabled          1
+        check_command                  check_postgresql_replication!backup-1!/run/postgresql!5432
+        check_freshness                0
+        check_interval                 5
+        check_period                   24x7
+        contact_groups                 admins
+        event_handler_enabled          1
+        flap_detection_enabled         1
+        host_name                      caldance-1.v.immae.eu
+        is_volatile                    0
+        max_check_attempts             4
+        notification_interval          60
+        notification_options           w,u,c,r
+        notification_period            24x7
+        notifications_enabled          0
+        obsess_over_service            1
+        passive_checks_enabled         1
+        process_perf_data              1
+        retain_nonstatus_information   1
+        retain_status_information      1
+        retry_interval                 1
+        service_description            Postgresql replication for backup-1 is up to date
+}
diff --git a/modules/private/monitoring/conf/services.cfg b/modules/private/monitoring/conf/services.cfg
new file mode 100644
index 0000000..0740dc7
--- /dev/null
+++ b/modules/private/monitoring/conf/services.cfg
@@ -0,0 +1,27 @@
+# vim: filetype=nagios
+
+define service {
+  name                           generic-service
+  active_checks_enabled          1
+  check_freshness                0
+  check_interval                 10
+  check_period                   24x7
+  contact_groups                 admins
+  event_handler_enabled          1
+  flap_detection_enabled         1
+  is_volatile                    0
+  max_check_attempts             3
+  notification_interval          60
+  notification_options           w,u,c,r,f
+  notification_period            24x7
+  # no notification since we send them to master
+  notifications_enabled          0
+  obsess_over_service            1
+  passive_checks_enabled         1
+  process_perf_data              1
+  register                       0
+  retain_nonstatus_information   1
+  retain_status_information      1
+  retry_interval                 2
+}
+
diff --git a/modules/private/monitoring/conf/timeperiods.cfg b/modules/private/monitoring/conf/timeperiods.cfg
new file mode 100644
index 0000000..5ffe4ca
--- /dev/null
+++ b/modules/private/monitoring/conf/timeperiods.cfg
@@ -0,0 +1,15 @@
+# vim: filetype=nagios
+
+define timeperiod {
+  alias                          24 Hours A Day, 7 Days A Week
+  friday                         00:00-24:00
+  monday                         00:00-24:00
+  saturday                       00:00-24:00
+  sunday                         00:00-24:00
+  thursday                       00:00-24:00
+  timeperiod_name                24x7
+  tuesday                        00:00-24:00
+  wednesday                      00:00-24:00
+}
+
+
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
new file mode 100644
index 0000000..11861ad
--- /dev/null
+++ b/modules/private/monitoring/default.nix
@@ -0,0 +1,111 @@
+{ config, myconfig, pkgs, lib, ... }:
+let
+  myplugins = pkgs.runCommand "buildplugins" {
+    buildInputs = [ pkgs.makeWrapper pkgs.perl ];
+  } ''
+    mkdir $out
+    cp ${./plugins}/* $out/
+    patchShebangs $out
+    wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
+    wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
+      pkgs.curl pkgs.which pkgs.coreutils
+    ]}
+    wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
+      pkgs.gnugrep pkgs.gawk pkgs.procps-ng
+    ]}
+    '';
+in
+{
+  options = {
+    myServices.monitoring.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable monitoring.
+      '';
+    };
+  };
+
+  config = lib.mkIf config.myServices.monitoring.enable {
+    security.sudo.extraRules = [
+      {
+        commands = [
+          { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
+          { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
+        ];
+        users = [ "naemon" ];
+        runAs = "root";
+      }
+    ];
+    environment.etc."mdadm.conf" = {
+      enable = true;
+      mode = "0644";
+      user = "root";
+      text = "MAILADDR naemon@immae.eu";
+    };
+
+    # needed since extraResource is not in the closure
+    systemd.services.naemon.path = [ myplugins ];
+    services.naemon = {
+      enable = true;
+      extraConfig = ''
+        broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
+        use_syslog=1
+        log_initial_states=1
+        date_format=iso8601
+        admin_email=naemon@immae.eu
+
+        obsess_over_services=1
+        ocsp_command=notify-master
+      '';
+      extraResource = ''
+        $USER2$=${myplugins}
+        $USER200$=${myconfig.env.monitoring.status_url}
+        $USER201$=${myconfig.env.monitoring.status_token}
+      '';
+      objectDefs = builtins.readFile ./conf/local_services.cfg
+        + builtins.readFile ./conf/timeperiods.cfg
+        + builtins.readFile ./conf/services.cfg
+        + builtins.readFile ./conf/contacts.cfg
+        + builtins.readFile ./conf/hosts.cfg
+        + ''
+          define command {
+            command_line       ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
+            command_name       notify-master
+          }
+          define service {
+            service_description  No mdadm array is degraded
+            use                  local-service
+            check_command        check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
+          }
+
+          define service {
+            service_description  mailq is empty
+            use                  local-service
+            check_command        check_mailq
+          }
+
+          define command {
+            command_name        check_mailq
+            command_line        $USER1$/check_mailq -s -w 1 -c 2
+          }
+
+          define service {
+            name                local-service
+            use                 generic-service
+            host_name           eldiron.immae.eu
+            check_interval      5
+            max_check_attempts  4
+            register            0
+            retry_interval      1
+          }
+          define host {
+            host_name           eldiron.immae.eu
+            alias               eldiron.immae.eu
+            address             eldiron.immae.eu
+            use                 linux-server
+          }
+          '';
+    };
+  };
+}
diff --git a/modules/private/monitoring/plugins/check_command b/modules/private/monitoring/plugins/check_command
new file mode 100755
index 0000000..55779fd
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_command
@@ -0,0 +1,113 @@
+#!/usr/bin/env perl
+
+use strict;
+use Getopt::Std;
+$| = 1;
+
+my %opts;
+getopts('hr:C:c:s:o:', \%opts);
+
+my $STATE_OK = 0;
+my $STATE_WARNING = 1;
+my $STATE_CRITICAL = 2;
+my $STATE_UNKNOWN = 3;
+
+if ($opts{'h'} || scalar(%opts) == 0) {
+  &print_help();
+  exit($STATE_OK);
+}
+
+my $command = $opts{'c'};
+if ($command eq '') {
+  print "You must provide a command to check.\n";
+  exit($STATE_UNKNOWN);
+}
+
+my $expected_output = $opts{'o'};
+my $expected_status = $opts{'s'};
+my $other_command   = $opts{'C'};
+
+if ($other_command eq '' and $expected_status eq '' and $expected_output eq '') {
+  $expected_status = 0;
+}
+
+my $cmd = $command . ' 2>&1';
+my $other_cmd;
+if ($other_command ne '') {
+  $other_cmd = $other_command . ' 2>&1';
+}
+
+my $run_as;
+if ($opts{'r'}) {
+  $run_as = $opts{'r'};
+  $cmd = "sudo -u $run_as -n $cmd";
+
+  if ($other_command ne '') {
+    $other_cmd = "sudo -u $run_as -n $other_cmd";
+  }
+
+}
+
+my $cmd_result = `$cmd`;
+my $other_cmd_result;
+if ($other_command ne '') {
+  $other_cmd_result = `$other_cmd`;
+  chomp($other_cmd_result);
+}
+
+chomp($cmd_result);
+if ($cmd_result =~ /sudo/i) {
+  print "$command CRITICAL - No sudo right to run the command\n";
+  exit($STATE_UNKNOWN);
+} elsif ($expected_status ne '') {
+    if ($? != $expected_status) {
+      print "$command CRITICAL - Response status $?\n";
+      exit($STATE_CRITICAL);
+    } else {
+      print "$command OK - Response status $?\n";
+      exit($STATE_OK);
+    }
+} elsif ($other_command ne '') {
+  if ($cmd_result ne $other_cmd_result) {
+    print "$command CRITICAL - Expected output not matching other command output\n";
+    exit($STATE_CRITICAL);
+  } else {
+    print "$command OK - Expected output matching other command output\n";
+    exit($STATE_OK);
+  }
+} else {
+  if ($cmd_result !~ /$expected_output/) {
+    print "$command CRITICAL - Expected output not matching\n";
+    exit($STATE_CRITICAL);
+  } else {
+    print "$command OK - Expected output matching\n";
+    exit($STATE_OK);
+  }
+}
+
+sub print_help() {
+  print << "EOF";
+Check whether the given command responds as expected. One of -o -C or -s must be selected.
+
+Options:
+-h
+    Print detailed help screen
+
+-c
+    command to run (required)
+
+-C
+    other command to compare output
+
+-r user
+    Run as user via sudo.
+
+-s
+    status code to check
+
+-o
+    output to check
+
+EOF
+}
+
diff --git a/modules/private/monitoring/plugins/check_mem.sh b/modules/private/monitoring/plugins/check_mem.sh
new file mode 100755
index 0000000..cc97ae2
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_mem.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && [ "$3" = "-c" ] && [ "$4" -gt "0" ]; then
+        FreeM=`free -m`
+        memTotal_m=`echo "$FreeM" |grep Mem |awk '{print $2}'`
+        memUsed_m=`echo "$FreeM" |grep Mem |awk '{print $3}'`
+        memFree_m=`echo "$FreeM" |grep Mem |awk '{print $4}'`
+        memBuffer_m=`echo "$FreeM" |grep Mem |awk '{print $6}'`
+        memCache_m=`echo "$FreeM" |grep Mem |awk '{print $7}'`
+        memUsedPrc=`echo $((($memUsed_m*100)/$memTotal_m))||cut -d. -f1`
+        if [ "$memUsedPrc" -ge "$4" ]; then
+                echo "Memory: CRITICAL Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used!|TOTAL=$memTotal_m;;;; USED=$memUsed_m;;;; CACHE=$memCache_m;;;; BUFFER=$memBuffer_m;;;;"
+                exit 2
+        elif [ "$memUsedPrc" -ge "$2" ]; then
+                echo "Memory: WARNING Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used!|TOTAL=$memTotal_m;;;; USED=$memUsed_m;;;; CACHE=$memCache_m;;;; BUFFER=$memBuffer_m;;;;"
+                exit 1
+        else
+                echo "Memory: OK Total: $memTotal_m MB - Used: $memUsed_m MB - $memUsedPrc% used|TOTAL=$memTotal_m;;;; USED=$memUsed_m;;;; CACHE=$memCache_m;;;; BUFFER=$memBuffer_m;;;;"
+                exit 0
+        fi
+else # If inputs are not as expected, print help. 
+        sName="`echo $0|awk -F '/' '{print $NF}'`"
+        echo -e "\n\n\t\t### $sName Version 2.0###\n"
+        echo -e "# Usage:\t$sName -w <warnlevel> -c <critlevel>"
+        echo -e "\t\t= warnlevel and critlevel is percentage value without %\n"
+        echo "# EXAMPLE:\t/usr/lib64/nagios/plugins/$sName -w 80 -c 90"
+        echo -e "\nCopyright (C) 2012 Lukasz Gogolin (lukasz.gogolin@gmail.com), improved by Nestor 2015\n\n"
+        exit
+fi
diff --git a/modules/private/monitoring/plugins/notify_by_email b/modules/private/monitoring/plugins/notify_by_email
new file mode 100755
index 0000000..ad0dcc7
--- /dev/null
+++ b/modules/private/monitoring/plugins/notify_by_email
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+# $1 = service/host
+
+# $2 = type (PROBLEM RECOVERY ACKNOWLEDGEMENT FLAPPINGSTART FLAPPINGSTOP FLAPPINGDISABLED DOWNTIMESTART DOWNTIMESTOP DOWNTIMECANCELLED)
+# http://www.naemon.org/documentation/usersguide/macrolist.html#notificationtype
+
+# $3 = host alias
+
+# $4 = date (YYYY-MM-DDTHH:MM:SS)
+
+# $5 = E-mail
+
+NOTIFICATION_TYPE="$2"
+HOST_ALIAS="$3"
+DATE="$4"
+CONTACT="$5"
+
+message=""
+
+if [ "$1" = "host" ]; then
+  message=$(printf "%b" "***** Naemon *****\n\nNotification Type: $NOTIFICATION_TYPE\n\nHost: $HOST_ALIAS\nState: $HOSTSTATE\nInfo: $HOSTOUTPUT\n\nDate/Time: $DATE\n")
+  subject="** $NOTIFICATION_TYPE Host Alert: $HOST_ALIAS is $HOSTSTATE **"
+else
+  message=$(printf "%b" "***** Naemon *****\n\nNotification Type: $NOTIFICATION_TYPE\n\nService: $SERVICEDESC\nHost: $HOST_ALIAS\nState: $SERVICESTATE\n\nDate/Time: $DATE\n\nAdditional Info:\n\n$SERVICEOUTPUT\n")
+  subject="** $NOTIFICATION_TYPE Service Alert: $HOST_ALIAS/$SERVICEDESC is $SERVICESTATE **"
+fi
+
+# sendwait waits for sendmail to finish its job, otherwise it continues in the
+# background and gets killed too early
+echo "$message" | MAILRC=/dev/null mail -r "naemon@immae.eu" -n -Ssendwait -s "$subject" "$CONTACT"
diff --git a/modules/private/monitoring/plugins/send_nrdp.sh b/modules/private/monitoring/plugins/send_nrdp.sh
new file mode 100755
index 0000000..27e47b4
--- /dev/null
+++ b/modules/private/monitoring/plugins/send_nrdp.sh
@@ -0,0 +1,267 @@
+#!/bin/bash
+#
+# check_nrdp.sh
+#
+# Copyright (c) 2010-2017 - Nagios Enterprises, LLC.
+# Written by: Scott Wilkerson (nagios@nagios.org)
+#
+# 2017-09-25 Troy Lea aka BOX293
+#  - Fixed script not working with arguments when run as a cron job
+#    or if being used as a nagios command like obsessive compulsive.
+#     ... "if [ ! -t 0 ]" was the reason why.
+# 2017-12-08 Jørgen van der Meulen (Conclusion Xforce)
+#  - Fixed typo in NRDP abbreviation
+
+
+PROGNAME=$(basename $0)
+RELEASE="Revision 0.6.1"
+
+print_release() {
+    echo "$RELEASE"
+}
+
+print_usage() {
+    echo ""
+    echo "$PROGNAME $RELEASE - Send NRDP script for Nagios"
+    echo ""
+    echo "Usage: send_nrdp.sh -u URL -t token [options]"
+    echo ""
+    echo "Usage: $PROGNAME -h display help"
+    echo ""
+}
+
+print_help() {
+        print_usage
+        echo ""
+        echo "This script is used to send NRDP data to a Nagios server"
+        echo ""
+        echo "Required:"
+        echo "    -u","    URL of NRDP server.  Usually http://<IP_ADDRESS>/nrdp/"
+        echo "    -t","    Shared token.  Must be the same token set in NRDP Server"
+        echo ""
+        echo "Options:"
+        echo "    Single Check:"
+        echo "        -H    host name"
+        echo "        -s    service name"
+        echo "        -S    State"
+        echo "        -o     output"
+        echo ""
+        echo "    STDIN:"
+        echo "        [-d    delimiter] (default -d \"\\t\")"
+        echo "        With only the required parameters $PROGNAME is capable of"
+        echo "        processing data piped to it either from a file or other"
+        echo "        process.  By default, we use \t as the delimiter however this"
+        echo "        may be specified with the -d option data should be in the"
+        echo "        following formats one entry per line."
+        echo "        For Host checks:"
+        echo "        hostname    State    output"
+        echo "        For Service checks"
+        echo "        hostname    servicename    State    output"
+        echo ""
+        echo "    File:"
+        echo "        -f /full/path/to/file"
+        echo "        This file will be sent to the NRDP server specified in -u"
+        echo "        The file should be an XML file in the following format"
+        echo "        ##################################################"
+        echo ""
+        echo "        <?xml version='1.0'?>"
+        echo "        <checkresults>"
+        echo "          <checkresult type=\"host\" checktype=\"1\">"
+        echo "            <hostname>YOUR_HOSTNAME</hostname>"
+        echo "            <state>0</state>"
+        echo "            <output>OK|perfdata=1.00;5;10;0</output>"
+        echo "          </checkresult>"
+        echo "          <checkresult type=\"service\" checktype=\"1\">"
+        echo "            <hostname>YOUR_HOSTNAME</hostname>"
+        echo "            <servicename>YOUR_SERVICENAME</servicename>"
+        echo "            <state>0</state>"
+        echo "            <output>OK|perfdata=1.00;5;10;0</output>"
+        echo "          </checkresult>"
+        echo "        </checkresults>"
+        echo "        ##################################################"
+        echo ""
+        echo "    Directory:"
+        echo "        -D /path/to/temp/dir"
+        echo "        This is a directory that contains XML files in the format"
+        echo "        above.  Additionally, if the -d flag is specified, $PROGNAME"
+        echo "        will create temp files here if the server could not be reached."
+        echo "        On additional calls with the same -D path, if a connection to"
+        echo "        the server is successful, all temp files will be sent."
+        exit 0
+}
+
+send_data() {
+    pdata="token=$token&cmd=submitcheck"
+    if [ $file ]; then
+        fdata="--data-urlencode XMLDATA@$file"
+        rslt=`curl -f --silent --insecure -d "$pdata" $fdata "$url/"`
+    else
+        pdata="$pdata&XMLDATA=$1"
+        rslt=`curl -f --silent --insecure -d "$pdata" "$url/"`
+    fi
+    
+    ret=$?
+
+    status=`echo $rslt | sed -n 's|.*<status>\(.*\)</status>.*|\1|p'`
+    message=`echo $rslt | sed -n 's|.*<message>\(.*\)</message>.*|\1|p'`
+    if [ $ret != 0 ];then
+        echo "ERROR: could not connect to NRDP server at $url"
+        # verify we are not processing the directory already and then write to the directory
+        if [ ! "$2" ] && [ $directory ];then
+            if [ ! -d "$directory" ];then
+                mkdir -p "$directory"
+            fi
+            # This is where we write to the tmp directory
+            echo $xml > `mktemp $directory/nrdp.XXXXXX`
+        fi
+        exit 1
+    fi
+    
+    if [ "$status" != "0" ];then
+        # This means we couldn't connect to NRPD server
+        echo "ERROR: The NRDP Server said $message"
+        # verify we are not processing the directory already and then write to the directory
+        if [ ! "$2" ] && [ $directory ];then
+            if [ ! -d "$directory" ];then
+                mkdir -p "$directory"
+            fi
+            # This is where we write to the tmp directory
+            echo $xml > `mktemp $directory/nrdp.XXXXXX`
+        fi
+        
+        exit 2
+    fi
+    
+    # If this was a directory call and was successful, remove the file
+    if [ $2 ] && [ "$status" == "0" ];then
+        rm -f "$2"
+    fi
+
+    # If we weren't successful error
+    if [ $ret != 0 ];then
+        echo "exited with error "$ret
+        exit $ret
+    fi
+}
+
+while getopts "u:t:H:s:S:o:f:d:c:D:hv" option
+do
+  case $option in
+    u) url=$OPTARG ;;
+    t) token=$OPTARG ;;
+    H) host=$OPTARG ;;
+    s) service=$OPTARG ;;
+    S) State=$OPTARG ;;
+    o) output=$OPTARG ;;
+    f) file=$OPTARG ;;
+    d) delim=$OPTARG ;;
+    c) checktype=$OPTARG ;;
+    D) directory=$OPTARG ;;
+    h) print_help 0;;
+    v) print_release
+        exit 0 ;;
+  esac
+done
+
+if [ ! $checktype ]; then
+ checktype=1
+fi
+if [ ! $delim ]; then
+ delim=`echo -e "\t"`
+fi
+
+if [ "x$url" == "x" -o "x$token" == "x" ]
+then
+  echo "Usage: send_nrdp -u url -t token"
+  exit 1
+fi
+# detecting curl 
+if [[ `which curl` =~ "/curl" ]]
+ then curl=1; 
+fi
+
+if [[ ! $curl ]];
+then
+  echo "Either curl or wget are required to run $PROGNAME"
+  exit 1
+fi
+
+checkcount=0
+
+if [ $host ]; then
+    xml=""
+    # we are not getting piped results
+    if [ "$host" == "" ] || [ "$State" == "" ]; then
+        echo "You must provide a host -H and State -S"
+        exit 2
+    fi
+    if [ "$service" != "" ]; then
+        xml="$xml<checkresult type='service' checktype='$checktype'><servicename>$service</servicename>"
+    else
+        xml="$xml<checkresult type='host' checktype='$checktype'>"
+    fi
+    
+    # urlencode XML special chars
+    output=${output//&/%26}
+    output=${output//</%3C}
+    output=${output//>/%3E}
+    
+    xml="$xml<hostname>$host</hostname><state>$State</state><output><![CDATA["$output"]]></output></checkresult>"
+    checkcount=1
+fi
+
+ # If only url and token have been provided then it is assumed that data is being piped
+########################
+if [[ ! $host && ! $State && ! $file && ! $directory ]]; then
+    xml=""
+    # we know we are being piped results
+    IFS=$delim
+    
+    while read -r line ; do
+        arr=($line)
+        if [ ${#arr[@]} != 0 ];then
+            if [[ ${#arr[@]} < 3 ]] || [[ ${#arr[@]} > 4 ]];then
+                echo "ERROR: STDIN must be either 3 or 4 fields long, I found "${#arr[@]}
+            else
+                if [ ${#arr[@]} == 4 ]; then
+                    xml="$xml<checkresult type='service' checktype='$checktype'>
+                    <servicename>${arr[1]}</servicename>
+                    <hostname>${arr[0]}</hostname>
+                    <state>${arr[2]}</state>
+                    <output>${arr[3]}</output>"
+                else
+                    xml="$xml<checkresult type='host' checktype='$checktype'>
+                    <hostname>${arr[0]}</hostname>
+                    <state>${arr[1]}</state>
+                    <output>${arr[2]}</output>"
+                fi
+                
+                xml="$xml</checkresult>"
+                checkcount=$[checkcount+1]
+            fi
+        fi
+    done
+    IFS=" "
+fi
+
+if [ $file ]; then
+    xml=`cat $file`
+    send_data "$xml"
+fi
+
+if [ $directory ]; then
+    #echo "Processing directory..."
+    for f in `ls $directory`
+    do
+      #echo "Processing $f file..."
+      # take action on each file. $f store current file name
+      xml=`cat $directory/$f`
+      send_data "$xml" "$directory/$f"
+    done
+fi
+
+if [ "x$file" == "x" ] && [ "x$directory" == "x" ]; then
+    xml="<?xml version='1.0'?><checkresults>$xml</checkresults>"
+    send_data "$xml"
+    echo "Sent $checkcount checks to $url"
+fi
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index df40187..22de37e 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -24,6 +24,7 @@
   myServices.buildbot.enable = true;
   myServices.databases.enable = true;
   myServices.gitolite.enable = true;
+  myServices.monitoring.enable = true;
   myServices.irc.enable = true;
   myServices.pub.enable = true;
   myServices.tasks.enable = true;