Add monitoring for tiboqorl

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-07-15 16:56:35 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-07-15 16:56:35 +0200
commit: 46a61a1b237b5b676cf0821bf65932d86cfe67b5 (patch)
tree: 19e96c2d7d9f1a1e4c43e59a7ab6bc9bdf459d18 /modules
parent: 68c45ad53b34301c1a0c59352a839db13e1f2420 (diff)
download: Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.tar.gz
Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.tar.zst
Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.zip
4 files changed, 182 insertions, 5 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index 8f8b6c0..d5bf7fb 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -92,19 +92,24 @@ let
      interface = "ens3";
    };
  };
+  externalObjects = lib.genAttrs [ "tiboqorl-fr" ]
+    (n: pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; });
  masterPassiveObjects = let
    passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes;
    toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);
    passiveServices = lib.flatten (lib.attrsets.mapAttrsToList
      (_: n: toPassiveServices n.config.myServices.monitoring.services)
      passiveNodes
-      );
+      ) ++ lib.flatten (lib.attrsets.mapAttrsToList
+      (_: n: toPassiveServices n.service)
+      externalObjects);
  in {
    service = passiveServices;
    host = lib.lists.foldr
      (a: b: a//b)
      {}
-      (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes);
+      (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes
+      ++ lib.attrsets.mapAttrsToList (_: n: n.host) externalObjects);
  };
  emailCheck = host: hostFQDN: let
    allCfg = config.myEnv.monitoring.email_check;
@@ -130,7 +135,7 @@ let
    };
  otherObjects = map
    (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
-    [ "caldance-1" "ulminfo-fr" "phare" "tiboqorl-fr" ];
+    [ "caldance-1" "ulminfo-fr" "phare" ];
  masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
  commonObjects = pkgs.callPackage ./objects_common.nix ({
    master = cfg.master;
@@ -149,6 +154,9 @@ let
          hostFQDN = config.hostEnv.fqdn;
          hostName = name;
        });
+  objectsFiles = lib.mapAttrs' (name: value: lib.nameValuePair
+    "=/${name}/objects.conf" { alias = pkgs.writeText "objects.conf" (toObjects value); }
+  ) externalObjects;
 in
 {
  options = {
@@ -181,6 +189,10 @@ in
  };
  config = lib.mkIf cfg.enable {
+    services.nginx = lib.mkIf config.myServices.status.enable {
+      virtualHosts."status.immae.eu".locations = objectsFiles;
+    };
    services.duplyBackup.profiles.monitoring = {
      rootDir = config.services.naemon.varDir;
    };
diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix
index 320f6e3..2cba58e 100644
--- a/modules/private/monitoring/objects_monitoring-1.nix
+++ b/modules/private/monitoring/objects_monitoring-1.nix
@@ -679,9 +679,14 @@ in
      use = "generic-contact";
      contactgroups = "telio-tortay";
    };
+    thibault = config.myEnv.monitoring.contacts.thibault // {
+      use = "generic-contact";
+      contactgroups = "tiboqorl";
+    };
  };
  contactgroup = {
    telio-tortay = { alias = "Telio Tortay"; members = "immae"; };
+    tiboqorl = { alias = "Tiboqorl"; members = "immae"; };
  };
  servicedependency = map to_eriomem_age_dependency (builtins.attrNames nodes.eldiron.config.services.duplyBackup.profiles);
 }
diff --git a/modules/private/monitoring/objects_tiboqorl-fr.nix b/modules/private/monitoring/objects_tiboqorl-fr.nix
index 1cc6ea0..97b7f7b 100644
--- a/modules/private/monitoring/objects_tiboqorl-fr.nix
+++ b/modules/private/monitoring/objects_tiboqorl-fr.nix
@@ -1,10 +1,170 @@
-{ ... }:
+{ lib, ... }:
+let
+  hostFQDN = "tiboqorl.fr";
+  defaultPassiveInfo = {
+    filter = lib.attrsets.filterAttrs
+      (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_");
+    use = "external-passive-service";
+    contact_groups = "tiboqorl";
+    freshness_threshold = "450";
+    retry_interval = "1";
+    servicegroups = "webstatus-resources";
+    host_name = hostFQDN;
+  };
+in
 {
  host = {
    "tiboqorl.fr" = {
      alias = "tiboqorl.fr";
      address = "tiboqorl.fr";
      use = "linux-server";
+      contact_groups = "tiboqorl";
+      hostgroups = "webstatus-hosts";
+      _webstatus_name = "tiboqorl";
+    };
+  };
+  service = [
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Size on root partition";
+      use = "local-service";
+      check_command = ["check_local_disk" "20%" "10%" "/"];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Total number of process";
+      use = "local-service";
+      check_command = [ "check_local_procs" "250" "400" "RSZDT" ];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Network bandwidth";
+      use = "local-service";
+      check_interval = "2";
+      max_check_attempts = "20";
+      retry_interval = "2";
+      check_command = [
+        "check_local_bandwidth"
+        "eth0"
+        "20480" # kb/s
+        "51200" # kb/s
+      ];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Average load";
+      use = "local-service";
+      check_command = [
+        "check_local_load"
+        "3.0,3.0,3.0" # warn
+        "4.0,4.0,4.0" # alert
+      ];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Swap usage";
+      use = "local-service";
+      check_command = ["check_local_swap" "20" "10"];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "Memory usage";
+      use = "local-service";
+      check_command = ["check_memory" "80" "90"];
+    }
+    {
+      passiveInfo = defaultPassiveInfo;
+      service_description = "NTP is activated and working";
+      use = "local-service";
+      check_command = ["check_ntp"];
+    }
+  ];
+  command = {
+    check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$";
+    check_local_procs = "/usr/bin/sudo $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$";
+    check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$";
+    check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$";
+    check_local_bandwidth = "/usr/bin/sudo $USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
+    check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
+    check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org";
+    check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5";
+    notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
+  };
+  timeperiod = {
+    "24x7" = {
+      alias = "24 Hours A Day, 7 Days A Week";
+      monday = "00:00-24:00";
+      tuesday = "00:00-24:00";
+      wednesday = "00:00-24:00";
+      thursday = "00:00-24:00";
+      friday = "00:00-24:00";
+      saturday = "00:00-24:00";
+      sunday = "00:00-24:00";
+    };
+  };
+  servicegroup = {
+    webstatus-resources = { alias = "Local resources"; };
+  };
+  hostgroup = {
+    webstatus-hosts = { alias = "Hosts"; };
+  };
+  contactgroup = {
+    tiboqorl = { alias = "Naemon Administrators"; };
+  };
+  templates = {
+    service = {
+      generic-service = {
+        active_checks_enabled = "1";
+        check_freshness = "0";
+        check_interval = "10";
+        check_period = "24x7";
+        contact_groups = "tiboqorl";
+        event_handler_enabled = "1";
+        flap_detection_enabled = "1";
+        is_volatile = "0";
+        max_check_attempts = "3";
+        notification_interval = "60";
+        notification_options = "w,u,c,r,f,s";
+        notification_period = "24x7";
+        notifications_enabled = "0";
+        obsess_over_service = "1";
+        passive_checks_enabled = "1";
+        process_perf_data = "1";
+        retain_nonstatus_information = "1";
+        retain_status_information = "1";
+        retry_interval = "2";
+      };
+      local-service = {
+        use = "generic-service";
+        host_name = hostFQDN;
+        check_interval = "5";
+        max_check_attempts = "4";
+        retry_interval = "1";
+        servicegroups = "webstatus-resources";
+      };
+    };
+    host = {
+      generic-host = {
+        event_handler_enabled = "1";
+        flap_detection_enabled = "1";
+        notification_period = "24x7";
+        notifications_enabled = "1";
+        process_perf_data = "1";
+        retain_nonstatus_information = "1";
+        retain_status_information = "1";
+      };
+      linux-server = {
+        check_command = "check_host_alive";
+        check_interval = "5";
+        check_period = "24x7";
+        contact_groups = "tiboqorl";
+        max_check_attempts = "10";
+        notification_interval = "120";
+        notification_options = "d,u,r,f";
+        retry_interval = "1";
+      };
    };
  };
 }
diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix
index 790395c..49f3ab8 100644
--- a/modules/private/pub/default.nix
+++ b/modules/private/pub/default.nix
@@ -19,7 +19,7 @@
      rootDir = "/var/lib/pub";
    };
    users.users.pub = let
-      restrict = pkgs.runCommand "restrict" { 
+      restrict = pkgs.runCommand "restrict" {
        file = ./restrict;
        buildInputs = [ pkgs.makeWrapper ];
      } ''
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-07-15 16:56:35 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-07-15 16:56:35 +0200
commit	46a61a1b237b5b676cf0821bf65932d86cfe67b5 (patch)
tree	19e96c2d7d9f1a1e4c43e59a7ab6bc9bdf459d18 /modules
parent	68c45ad53b34301c1a0c59352a839db13e1f2420 (diff)
download	Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.tar.gz Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.tar.zst Nix-46a61a1b237b5b676cf0821bf65932d86cfe67b5.zip

diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index 8f8b6c0..d5bf7fb 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix
@@ -92,19 +92,24 @@ let
92	interface = "ens3";	92	interface = "ens3";
93	};	93	};
94	};	94	};
		95	externalObjects = lib.genAttrs [ "tiboqorl-fr" ]
		96	(n: pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; });
95	masterPassiveObjects = let	97	masterPassiveObjects = let
96	passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes;	98	passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes;
97	toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);	99	toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);
98	passiveServices = lib.flatten (lib.attrsets.mapAttrsToList	100	passiveServices = lib.flatten (lib.attrsets.mapAttrsToList
99	(_: n: toPassiveServices n.config.myServices.monitoring.services)	101	(_: n: toPassiveServices n.config.myServices.monitoring.services)
100	passiveNodes	102	passiveNodes
101	);	103	) ++ lib.flatten (lib.attrsets.mapAttrsToList
		104	(_: n: toPassiveServices n.service)
		105	externalObjects);
102	in {	106	in {
103	service = passiveServices;	107	service = passiveServices;
104	host = lib.lists.foldr	108	host = lib.lists.foldr
105	(a: b: a//b)	109	(a: b: a//b)
106	{}	110	{}
107	(lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes);	111	(lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes
		112	++ lib.attrsets.mapAttrsToList (_: n: n.host) externalObjects);
108	};	113	};
109	emailCheck = host: hostFQDN: let	114	emailCheck = host: hostFQDN: let
110	allCfg = config.myEnv.monitoring.email_check;	115	allCfg = config.myEnv.monitoring.email_check;
@@ -130,7 +135,7 @@ let
130	};	135	};
131	otherObjects = map	136	otherObjects = map
132	(n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))	137	(n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
133	[ "caldance-1" "ulminfo-fr" "phare" "tiboqorl-fr" ];	138	[ "caldance-1" "ulminfo-fr" "phare" ];
134	masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };	139	masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
135	commonObjects = pkgs.callPackage ./objects_common.nix ({	140	commonObjects = pkgs.callPackage ./objects_common.nix ({
136	master = cfg.master;	141	master = cfg.master;
@@ -149,6 +154,9 @@ let
149	hostFQDN = config.hostEnv.fqdn;	154	hostFQDN = config.hostEnv.fqdn;
150	hostName = name;	155	hostName = name;
151	});	156	});
		157	objectsFiles = lib.mapAttrs' (name: value: lib.nameValuePair
		158	"=/${name}/objects.conf" { alias = pkgs.writeText "objects.conf" (toObjects value); }
		159	) externalObjects;
152	in	160	in
153	{	161	{
154	options = {	162	options = {
@@ -181,6 +189,10 @@ in
181	};	189	};
182		190
183	config = lib.mkIf cfg.enable {	191	config = lib.mkIf cfg.enable {
		192	services.nginx = lib.mkIf config.myServices.status.enable {
		193	virtualHosts."status.immae.eu".locations = objectsFiles;
		194	};
		195
184	services.duplyBackup.profiles.monitoring = {	196	services.duplyBackup.profiles.monitoring = {
185	rootDir = config.services.naemon.varDir;	197	rootDir = config.services.naemon.varDir;
186	};	198	};


diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix index 320f6e3..2cba58e 100644 --- a/modules/private/monitoring/objects_monitoring-1.nix +++ b/modules/private/monitoring/objects_monitoring-1.nix
@@ -679,9 +679,14 @@ in
679	use = "generic-contact";	679	use = "generic-contact";
680	contactgroups = "telio-tortay";	680	contactgroups = "telio-tortay";
681	};	681	};
		682	thibault = config.myEnv.monitoring.contacts.thibault // {
		683	use = "generic-contact";
		684	contactgroups = "tiboqorl";
		685	};
682	};	686	};
683	contactgroup = {	687	contactgroup = {
684	telio-tortay = { alias = "Telio Tortay"; members = "immae"; };	688	telio-tortay = { alias = "Telio Tortay"; members = "immae"; };
		689	tiboqorl = { alias = "Tiboqorl"; members = "immae"; };
685	};	690	};
686	servicedependency = map to_eriomem_age_dependency (builtins.attrNames nodes.eldiron.config.services.duplyBackup.profiles);	691	servicedependency = map to_eriomem_age_dependency (builtins.attrNames nodes.eldiron.config.services.duplyBackup.profiles);
687	}	692	}


diff --git a/modules/private/monitoring/objects_tiboqorl-fr.nix b/modules/private/monitoring/objects_tiboqorl-fr.nix index 1cc6ea0..97b7f7b 100644 --- a/modules/private/monitoring/objects_tiboqorl-fr.nix +++ b/modules/private/monitoring/objects_tiboqorl-fr.nix
@@ -1,10 +1,170 @@
1	{ ... }:	1	{ lib, ... }:
		2	let
		3	hostFQDN = "tiboqorl.fr";
		4	defaultPassiveInfo = {
		5	filter = lib.attrsets.filterAttrs
		6	(k: v: builtins.elem k ["service_description"] \|\| builtins.substring 0 1 k == "_");
		7	use = "external-passive-service";
		8	contact_groups = "tiboqorl";
		9	freshness_threshold = "450";
		10	retry_interval = "1";
		11	servicegroups = "webstatus-resources";
		12	host_name = hostFQDN;
		13	};
		14	in
2	{	15	{
3	host = {	16	host = {
4	"tiboqorl.fr" = {	17	"tiboqorl.fr" = {
5	alias = "tiboqorl.fr";	18	alias = "tiboqorl.fr";
6	address = "tiboqorl.fr";	19	address = "tiboqorl.fr";
7	use = "linux-server";	20	use = "linux-server";
		21	contact_groups = "tiboqorl";
		22	hostgroups = "webstatus-hosts";
		23	_webstatus_name = "tiboqorl";
		24	};
		25	};
		26	service = [
		27	{
		28	passiveInfo = defaultPassiveInfo;
		29	service_description = "Size on root partition";
		30	use = "local-service";
		31	check_command = ["check_local_disk" "20%" "10%" "/"];
		32	}
		33	{
		34	passiveInfo = defaultPassiveInfo;
		35	service_description = "Total number of process";
		36	use = "local-service";
		37	check_command = [ "check_local_procs" "250" "400" "RSZDT" ];
		38	}
		39	{
		40	passiveInfo = defaultPassiveInfo;
		41	service_description = "Network bandwidth";
		42	use = "local-service";
		43	check_interval = "2";
		44	max_check_attempts = "20";
		45	retry_interval = "2";
		46	check_command = [
		47	"check_local_bandwidth"
		48	"eth0"
		49	"20480" # kb/s
		50	"51200" # kb/s
		51	];
		52	}
		53	{
		54	passiveInfo = defaultPassiveInfo;
		55	service_description = "Average load";
		56	use = "local-service";
		57	check_command = [
		58	"check_local_load"
		59	"3.0,3.0,3.0" # warn
		60	"4.0,4.0,4.0" # alert
		61	];
		62	}
		63	{
		64	passiveInfo = defaultPassiveInfo;
		65	service_description = "Swap usage";
		66	use = "local-service";
		67	check_command = ["check_local_swap" "20" "10"];
		68	}
		69	{
		70	passiveInfo = defaultPassiveInfo;
		71	service_description = "Memory usage";
		72	use = "local-service";
		73	check_command = ["check_memory" "80" "90"];
		74	}
		75	{
		76	passiveInfo = defaultPassiveInfo;
		77	service_description = "NTP is activated and working";
		78	use = "local-service";
		79	check_command = ["check_ntp"];
		80	}
		81	];
		82	command = {
		83	check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$";
		84	check_local_procs = "/usr/bin/sudo $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$";
		85	check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$";
		86	check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$";
		87	check_local_bandwidth = "/usr/bin/sudo $USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
		88	check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
		89	check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org";
		90
		91	check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5";
		92
		93	notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ \| $SERVICEPERFDATA$\"";
		94	};
		95	timeperiod = {
		96	"24x7" = {
		97	alias = "24 Hours A Day, 7 Days A Week";
		98	monday = "00:00-24:00";
		99	tuesday = "00:00-24:00";
		100	wednesday = "00:00-24:00";
		101	thursday = "00:00-24:00";
		102	friday = "00:00-24:00";
		103	saturday = "00:00-24:00";
		104	sunday = "00:00-24:00";
		105	};
		106	};
		107	servicegroup = {
		108	webstatus-resources = { alias = "Local resources"; };
		109	};
		110	hostgroup = {
		111	webstatus-hosts = { alias = "Hosts"; };
		112	};
		113	contactgroup = {
		114	tiboqorl = { alias = "Naemon Administrators"; };
		115	};
		116	templates = {
		117	service = {
		118	generic-service = {
		119	active_checks_enabled = "1";
		120	check_freshness = "0";
		121	check_interval = "10";
		122	check_period = "24x7";
		123	contact_groups = "tiboqorl";
		124	event_handler_enabled = "1";
		125	flap_detection_enabled = "1";
		126	is_volatile = "0";
		127	max_check_attempts = "3";
		128	notification_interval = "60";
		129	notification_options = "w,u,c,r,f,s";
		130	notification_period = "24x7";
		131	notifications_enabled = "0";
		132	obsess_over_service = "1";
		133	passive_checks_enabled = "1";
		134	process_perf_data = "1";
		135	retain_nonstatus_information = "1";
		136	retain_status_information = "1";
		137	retry_interval = "2";
		138	};
		139	local-service = {
		140	use = "generic-service";
		141	host_name = hostFQDN;
		142	check_interval = "5";
		143	max_check_attempts = "4";
		144	retry_interval = "1";
		145	servicegroups = "webstatus-resources";
		146	};
		147	};
		148	host = {
		149	generic-host = {
		150	event_handler_enabled = "1";
		151	flap_detection_enabled = "1";
		152	notification_period = "24x7";
		153	notifications_enabled = "1";
		154	process_perf_data = "1";
		155	retain_nonstatus_information = "1";
		156	retain_status_information = "1";
		157	};
		158	linux-server = {
		159	check_command = "check_host_alive";
		160	check_interval = "5";
		161	check_period = "24x7";
		162	contact_groups = "tiboqorl";
		163	max_check_attempts = "10";
		164	notification_interval = "120";
		165	notification_options = "d,u,r,f";
		166	retry_interval = "1";
		167	};
8	};	168	};
9	};	169	};
10	}	170	}


diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix index 790395c..49f3ab8 100644 --- a/modules/private/pub/default.nix +++ b/modules/private/pub/default.nix
@@ -19,7 +19,7 @@
19	rootDir = "/var/lib/pub";	19	rootDir = "/var/lib/pub";
20	};	20	};
21	users.users.pub = let	21	users.users.pub = let
22	restrict = pkgs.runCommand "restrict" {	22	restrict = pkgs.runCommand "restrict" {
23	file = ./restrict;	23	file = ./restrict;
24	buildInputs = [ pkgs.makeWrapper ];	24	buildInputs = [ pkgs.makeWrapper ];
25	} ''	25	} ''