diff options
-rw-r--r-- | modules/private/monitoring/default.nix | 184 | ||||
-rw-r--r-- | modules/private/monitoring/myplugins.nix | 377 | ||||
-rw-r--r-- | modules/private/monitoring/objects_backup-2.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_common.nix | 44 | ||||
-rw-r--r-- | modules/private/monitoring/objects_dilion.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_eban.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_eldiron.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_monitoring-1.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_phare.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_quatresaisons.nix | 1 | ||||
-rw-r--r-- | modules/private/monitoring/objects_ulminfo-fr.nix | 1 | ||||
m--------- | nixops/secrets | 0 |
12 files changed, 414 insertions, 199 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index 5f8a8c9..f00fb7c 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -1,109 +1,23 @@ | |||
1 | { config, pkgs, lib, name, nodes, ... }: | 1 | { config, pkgs, lib, name, nodes, ... }: |
2 | let | 2 | let |
3 | cfg = config.myServices.monitoring; | 3 | cfg = config.myServices.monitoring; |
4 | send_mails = pkgs.runCommand "send_mails" { | 4 | activatedPlugins = [ "memory" "command" "bandwidth" ] |
5 | buildInputs = [ pkgs.makeWrapper ]; | 5 | ++ (if cfg.master then (masterObjects.activatedPlugins or []) else []) |
6 | } '' | 6 | ++ (if cfg.master then (lib.flatten (map (v: v.activatedPlugins or []) otherObjects)) else []) |
7 | mkdir -p $out/bin | 7 | ++ (hostObjects.activatedPlugins or []) |
8 | cp ${./send_mails} $out/bin/send_mails | 8 | ++ (if cfg.master then ["notify-primary"] else ["notify-secondary"]); |
9 | patchShebangs $out | 9 | allPluginsConfig = import ./myplugins.nix { |
10 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | 10 | inherit pkgs lib config; |
11 | pkgs.mailutils | 11 | sudo = "/run/wrappers/bin/sudo"; |
12 | ]} | ||
13 | ''; | ||
14 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | ||
15 | then config.myServices.databasesReplication.postgresql.mainPackage | ||
16 | else if config.myServices.databases.enable | ||
17 | then config.myServices.databases.postgresql.package | ||
18 | else pkgs.postgresql; | ||
19 | zfsPlugin = pkgs.fetchurl { | ||
20 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | ||
21 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | ||
22 | }; | 12 | }; |
23 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | 13 | mypluginsConfig = lib.getAttrs activatedPlugins allPluginsConfig; |
24 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | 14 | myplugins = let |
25 | plugin = pkgs.fetchurl { | 15 | mypluginsChunk = builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (k: v: v.chunk or "") mypluginsConfig); |
26 | name = "check_megaraid_sas"; | 16 | in pkgs.runCommand "buildplugins" { |
27 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | ||
28 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | ||
29 | }; | ||
30 | } '' | ||
31 | mkdir $out | ||
32 | cp $plugin $out/check_megaraid_sas | ||
33 | chmod +x $out/check_megaraid_sas | ||
34 | patchShebangs $out | ||
35 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | ||
36 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '/run/wrappers/bin/sudo $megacli' | ||
37 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | ||
38 | ''; | ||
39 | myplugins = pkgs.runCommand "buildplugins" { | ||
40 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | 17 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; |
41 | } '' | 18 | } '' |
42 | mkdir $out | 19 | mkdir $out |
43 | cp ${zfsPlugin} $out/check_zpool.sh && chmod +x $out/check_zpool.sh | 20 | ${mypluginsChunk} |
44 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | ||
45 | cp ${./plugins}/* $out/ | ||
46 | patchShebangs $out | ||
47 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | ||
48 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | ||
49 | pkgs.which pkgs.zfs pkgs.gawk | ||
50 | ]} | ||
51 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | ||
52 | pkgs.curl pkgs.jq | ||
53 | ]} | ||
54 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | ||
55 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | ||
56 | ]} | ||
57 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | ||
58 | postgresqlBinary | ||
59 | ]} | ||
60 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | ||
61 | pkgs.gnugrep pkgs.coreutils pkgs.redis | ||
62 | ]} | ||
63 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | ||
64 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | ||
65 | ]} | ||
66 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | ||
67 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | ||
68 | ]} | ||
69 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | ||
70 | pkgs.openssh send_mails | ||
71 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | ||
72 | pkgs.perlPackages.TimeDate | ||
73 | ]} | ||
74 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | ||
75 | pkgs.lftp | ||
76 | ]} | ||
77 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | ||
78 | pkgs.git pkgs.openssh | ||
79 | ]} | ||
80 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | ||
81 | pkgs.openssl | ||
82 | ]} | ||
83 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | ||
84 | pkgs.s3cmd pkgs.python3 | ||
85 | ]} | ||
86 | makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | ||
87 | pkgs.duplicity | ||
88 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | ||
89 | makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
90 | pkgs.duplicity | ||
91 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
92 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | ||
93 | pkgs.mailutils | ||
94 | ]} | ||
95 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | ||
96 | pkgs.curl pkgs.jq | ||
97 | ]} | ||
98 | wrapProgram $out/notify_eban_url --prefix PATH : ${lib.makeBinPath [ | ||
99 | pkgs.curl | ||
100 | ]} | ||
101 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | ||
102 | (pkgs.python3.withPackages (ps: [ps.ovh])) | ||
103 | ]} | ||
104 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | ||
105 | pkgs.iproute pkgs.bc | ||
106 | ]} | ||
107 | ''; | 21 | ''; |
108 | toObjects = pkgs.callPackage ./to_objects.nix {}; | 22 | toObjects = pkgs.callPackage ./to_objects.nix {}; |
109 | commonConfig = { | 23 | commonConfig = { |
@@ -183,7 +97,7 @@ let | |||
183 | master = cfg.master; | 97 | master = cfg.master; |
184 | hostFQDN = config.hostEnv.fqdn; | 98 | hostFQDN = config.hostEnv.fqdn; |
185 | hostName = name; | 99 | hostName = name; |
186 | sudo = "/run/wrappers/bin/sudo"; | 100 | inherit mypluginsConfig; |
187 | } // builtins.getAttr name commonConfig); | 101 | } // builtins.getAttr name commonConfig); |
188 | hostObjects = | 102 | hostObjects = |
189 | let | 103 | let |
@@ -263,52 +177,21 @@ in | |||
263 | services.duplyBackup.profiles.monitoring = { | 177 | services.duplyBackup.profiles.monitoring = { |
264 | rootDir = config.services.naemon.varDir; | 178 | rootDir = config.services.naemon.varDir; |
265 | }; | 179 | }; |
266 | security.sudo.extraRules = [ | 180 | security.sudo.extraRules = let |
181 | pluginsSudo = lib.lists.remove null (lib.attrsets.mapAttrsToList (k: v: | ||
182 | if (v ? sudo) | ||
183 | then ({ users = [ "naemon" ]; } // (v.sudo myplugins)) | ||
184 | else null) mypluginsConfig); | ||
185 | in [ | ||
267 | { | 186 | { |
268 | commands = [ | 187 | commands = [ |
269 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | 188 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } |
270 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | 189 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } |
271 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | ||
272 | ]; | 190 | ]; |
273 | users = [ "naemon" ]; | 191 | users = [ "naemon" ]; |
274 | runAs = "root"; | 192 | runAs = "root"; |
275 | } | 193 | } |
276 | { | 194 | ] ++ pluginsSudo; |
277 | commands = [ | ||
278 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | ||
279 | ]; | ||
280 | users = [ "naemon" ]; | ||
281 | runAs = "ALL"; | ||
282 | } | ||
283 | { | ||
284 | commands = [ | ||
285 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | ||
286 | ]; | ||
287 | users = [ "naemon" ]; | ||
288 | runAs = "postgres"; | ||
289 | } | ||
290 | { | ||
291 | commands = [ | ||
292 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | ||
293 | ]; | ||
294 | users = [ "naemon" ]; | ||
295 | runAs = "mysql"; | ||
296 | } | ||
297 | { | ||
298 | commands = [ | ||
299 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | ||
300 | ]; | ||
301 | users = [ "naemon" ]; | ||
302 | runAs = "openldap"; | ||
303 | } | ||
304 | { | ||
305 | commands = [ | ||
306 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | ||
307 | ]; | ||
308 | users = [ "naemon" ]; | ||
309 | runAs = "redis"; | ||
310 | } | ||
311 | ]; | ||
312 | environment.etc."mdadm.conf" = { | 195 | environment.etc."mdadm.conf" = { |
313 | enable = true; | 196 | enable = true; |
314 | mode = "0644"; | 197 | mode = "0644"; |
@@ -354,26 +237,13 @@ in | |||
354 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live | 237 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live |
355 | broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0 | 238 | broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0 |
356 | ''; | 239 | ''; |
357 | extraResource = '' | 240 | extraResource = let |
241 | resources = lib.mapAttrsToList (k: v: v.resources or {}) mypluginsConfig; | ||
242 | joined = lib.zipAttrsWith (n: v: if builtins.length (lib.unique v) == 1 then builtins.head v else abort "Non-unique resources names") resources; | ||
243 | joinedStr = builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "$" + "${k}$=${v}") joined); | ||
244 | in '' | ||
358 | $USER2$=${myplugins} | 245 | $USER2$=${myplugins} |
359 | $USER200$=${config.myEnv.monitoring.status_url} | 246 | ${joinedStr} |
360 | $USER201$=${config.myEnv.monitoring.status_token} | ||
361 | $USER202$=${config.myEnv.monitoring.http_user_password} | ||
362 | $USER203$=${config.secrets.fullPaths."naemon/id_rsa"} | ||
363 | $USER204$=${config.myEnv.monitoring.imap_login} | ||
364 | $USER205$=${config.myEnv.monitoring.imap_password} | ||
365 | $USER206$=${config.myEnv.monitoring.slack_channel} | ||
366 | $USER207$=${config.myEnv.monitoring.slack_url} | ||
367 | $USER208$=${builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys)} | ||
368 | $USER209$=${builtins.concatStringsSep "," [ | ||
369 | config.myEnv.monitoring.ovh_sms.endpoint | ||
370 | config.myEnv.monitoring.ovh_sms.application_key | ||
371 | config.myEnv.monitoring.ovh_sms.application_secret | ||
372 | config.myEnv.monitoring.ovh_sms.consumer_key | ||
373 | config.myEnv.monitoring.ovh_sms.account | ||
374 | ]} | ||
375 | $USER210$=${config.myEnv.monitoring.eban.user} | ||
376 | $USER211$=${config.myEnv.monitoring.eban.password} | ||
377 | ''; | 247 | ''; |
378 | objectDefs = toObjects commonObjects | 248 | objectDefs = toObjects commonObjects |
379 | + toObjects hostObjects | 249 | + toObjects hostObjects |
diff --git a/modules/private/monitoring/myplugins.nix b/modules/private/monitoring/myplugins.nix new file mode 100644 index 0000000..8c77ee7 --- /dev/null +++ b/modules/private/monitoring/myplugins.nix | |||
@@ -0,0 +1,377 @@ | |||
1 | { sudo, pkgs, lib, config }: | ||
2 | let | ||
3 | cfg = config.myServices.monitoring; | ||
4 | in | ||
5 | { | ||
6 | notify-secondary = { | ||
7 | resources = { | ||
8 | USER200 = config.myEnv.monitoring.status_url; | ||
9 | USER201 = config.myEnv.monitoring.status_token; | ||
10 | }; | ||
11 | commands = { | ||
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | ||
13 | }; | ||
14 | chunk = '' | ||
15 | cp ${./plugins}/send_nrdp.sh $out | ||
16 | patchShebangs $out/send_nrdp.sh | ||
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | ||
18 | pkgs.curl pkgs.jq | ||
19 | ]} | ||
20 | ''; | ||
21 | }; | ||
22 | notify-primary = { | ||
23 | resources = { | ||
24 | USER206 = config.myEnv.monitoring.slack_channel; | ||
25 | USER207 = config.myEnv.monitoring.slack_url; | ||
26 | USER210 = config.myEnv.monitoring.eban.user; | ||
27 | USER211 = config.myEnv.monitoring.eban.password; | ||
28 | }; | ||
29 | commands = { | ||
30 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
31 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
32 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
33 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
34 | notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\""; | ||
35 | notify-host-eban-url = "STATUS_NAME=\"Server\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" HOSTSTATE=\"$HOSTSTATE$\" $USER2$/notify_eban_url"; | ||
36 | notify-service-eban-url = "STATUS_NAME=\"$_SERVICEWEBSTATUS_NAME$\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" SERVICESTATE=\"$SERVICESTATE$\" $USER2$/notify_eban_url"; | ||
37 | }; | ||
38 | chunk = '' | ||
39 | cp ${./plugins}/{notify_by_email,notify_by_slack,notify_eban_url} $out | ||
40 | patchShebangs $out/{notify_by_email,notify_by_slack,notify_eban_url} | ||
41 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | ||
42 | pkgs.mailutils | ||
43 | ]} | ||
44 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | ||
45 | pkgs.curl pkgs.jq | ||
46 | ]} | ||
47 | wrapProgram $out/notify_eban_url --prefix PATH : ${lib.makeBinPath [ | ||
48 | pkgs.curl | ||
49 | ]} | ||
50 | ''; | ||
51 | }; | ||
52 | bandwidth = { | ||
53 | commands = { | ||
54 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | ||
55 | }; | ||
56 | chunk = '' | ||
57 | cp ${./plugins}/check_bandwidth $out/ | ||
58 | patchShebangs $out/check_bandwidth | ||
59 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | ||
60 | pkgs.iproute pkgs.bc | ||
61 | ]} | ||
62 | ''; | ||
63 | }; | ||
64 | command = { | ||
65 | commands = { | ||
66 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | ||
67 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | ||
68 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | ||
69 | }; | ||
70 | chunk = '' | ||
71 | cp ${./plugins}/check_command $out/ | ||
72 | patchShebangs $out/check_command | ||
73 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | ||
74 | ''; | ||
75 | }; | ||
76 | dns = { | ||
77 | commands = { | ||
78 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | ||
79 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | ||
80 | }; | ||
81 | }; | ||
82 | emails = { | ||
83 | resources = { | ||
84 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | ||
85 | }; | ||
86 | commands = { | ||
87 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | ||
88 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | ||
89 | }; | ||
90 | chunk = let | ||
91 | send_mails = pkgs.runCommand "send_mails" { | ||
92 | buildInputs = [ pkgs.makeWrapper ]; | ||
93 | } '' | ||
94 | mkdir -p $out/bin | ||
95 | cp ${./send_mails} $out/bin/send_mails | ||
96 | patchShebangs $out | ||
97 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | ||
98 | pkgs.mailutils | ||
99 | ]} | ||
100 | ''; | ||
101 | in '' | ||
102 | cp ${./plugins}/check_emails $out/ | ||
103 | patchShebangs $out/check_emails | ||
104 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | ||
105 | pkgs.openssh send_mails | ||
106 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | ||
107 | pkgs.perlPackages.TimeDate | ||
108 | ]} | ||
109 | ''; | ||
110 | }; | ||
111 | eriomem = { | ||
112 | resources = { | ||
113 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | ||
114 | }; | ||
115 | commands = { | ||
116 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | ||
117 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | ||
118 | }; | ||
119 | chunk = '' | ||
120 | cp ${./plugins}/check_eriomem $out/ | ||
121 | patchShebangs $out/check_eriomem | ||
122 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | ||
123 | pkgs.s3cmd pkgs.python3 | ||
124 | ]} | ||
125 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | ||
126 | patchShebangs $out/check_backup_eriomem_age | ||
127 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | ||
128 | pkgs.duplicity | ||
129 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | ||
130 | ''; | ||
131 | }; | ||
132 | file_date = { | ||
133 | commands = { | ||
134 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | ||
135 | }; | ||
136 | chunk = '' | ||
137 | cp ${./plugins}/check_last_file_date $out/ | ||
138 | patchShebangs $out/check_last_file_date | ||
139 | ''; | ||
140 | sudo = myplugins: { | ||
141 | commands = [ | ||
142 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | ||
143 | ]; | ||
144 | runAs = "ALL"; | ||
145 | }; | ||
146 | }; | ||
147 | ftp = { | ||
148 | commands = { | ||
149 | check_ftp_database = "$USER2$/check_ftp_database"; | ||
150 | }; | ||
151 | chunk = '' | ||
152 | cp ${./plugins}/check_ftp_database $out/ | ||
153 | patchShebangs $out/check_ftp_database | ||
154 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | ||
155 | pkgs.lftp | ||
156 | ]} | ||
157 | ''; | ||
158 | }; | ||
159 | git = { | ||
160 | resources = { | ||
161 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | ||
162 | }; | ||
163 | commands = { | ||
164 | check_git = "$USER2$/check_git $USER203$"; | ||
165 | }; | ||
166 | chunk = '' | ||
167 | cp ${./plugins}/check_git $out/ | ||
168 | patchShebangs $out/check_git | ||
169 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | ||
170 | pkgs.git pkgs.openssh | ||
171 | ]} | ||
172 | ''; | ||
173 | }; | ||
174 | http = { | ||
175 | resources = { | ||
176 | USER202 = config.myEnv.monitoring.http_user_password; | ||
177 | }; | ||
178 | commands = { | ||
179 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
180 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
181 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
182 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | ||
183 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | ||
184 | }; | ||
185 | }; | ||
186 | imap = { | ||
187 | resources = { | ||
188 | USER204 = config.myEnv.monitoring.imap_login; | ||
189 | USER205 = config.myEnv.monitoring.imap_password; | ||
190 | }; | ||
191 | commands = { | ||
192 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | ||
193 | }; | ||
194 | chunk = '' | ||
195 | cp ${./plugins}/check_imap_connection $out/ | ||
196 | patchShebangs $out/check_imap_connection | ||
197 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | ||
198 | pkgs.openssl | ||
199 | ]} | ||
200 | ''; | ||
201 | }; | ||
202 | megaraid = let | ||
203 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | ||
204 | in { | ||
205 | commands = { | ||
206 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | ||
207 | }; | ||
208 | chunk = let | ||
209 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | ||
210 | plugin = pkgs.fetchurl { | ||
211 | name = "check_megaraid_sas"; | ||
212 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | ||
213 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | ||
214 | }; | ||
215 | } '' | ||
216 | mkdir $out | ||
217 | cp $plugin $out/check_megaraid_sas | ||
218 | chmod +x $out/check_megaraid_sas | ||
219 | patchShebangs $out | ||
220 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | ||
221 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | ||
222 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | ||
223 | ''; | ||
224 | in '' | ||
225 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | ||
226 | patchShebangs $out/check_megaraid_sas | ||
227 | ''; | ||
228 | sudo = _: { | ||
229 | commands = [ | ||
230 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | ||
231 | ]; | ||
232 | runAs = "root"; | ||
233 | }; | ||
234 | }; | ||
235 | memory = { | ||
236 | commands = { | ||
237 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | ||
238 | }; | ||
239 | chunk = '' | ||
240 | cp ${./plugins}/check_mem.sh $out/ | ||
241 | patchShebangs $out/check_mem.sh | ||
242 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | ||
243 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | ||
244 | ]} | ||
245 | ''; | ||
246 | }; | ||
247 | mysql = { | ||
248 | commands = { | ||
249 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | ||
250 | }; | ||
251 | chunk = '' | ||
252 | cp ${./plugins}/check_mysql_replication $out/ | ||
253 | patchShebangs $out/check_mysql_replication | ||
254 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | ||
255 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | ||
256 | ]} | ||
257 | ''; | ||
258 | sudo = myplugins: { | ||
259 | commands = [ | ||
260 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | ||
261 | ]; | ||
262 | runAs = "mysql"; | ||
263 | }; | ||
264 | }; | ||
265 | openldap = { | ||
266 | commands = { | ||
267 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | ||
268 | }; | ||
269 | chunk = '' | ||
270 | cp ${./plugins}/check_openldap_replication $out/ | ||
271 | patchShebangs $out/check_openldap_replication | ||
272 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | ||
273 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | ||
274 | ]} | ||
275 | ''; | ||
276 | sudo = myplugins: { | ||
277 | commands = [ | ||
278 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | ||
279 | ]; | ||
280 | runAs = "openldap"; | ||
281 | }; | ||
282 | }; | ||
283 | ovh = { | ||
284 | resources = { | ||
285 | USER209 = builtins.concatStringsSep "," [ | ||
286 | config.myEnv.monitoring.ovh_sms.endpoint | ||
287 | config.myEnv.monitoring.ovh_sms.application_key | ||
288 | config.myEnv.monitoring.ovh_sms.application_secret | ||
289 | config.myEnv.monitoring.ovh_sms.consumer_key | ||
290 | config.myEnv.monitoring.ovh_sms.account | ||
291 | ]; | ||
292 | }; | ||
293 | commands = { | ||
294 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | ||
295 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | ||
296 | }; | ||
297 | chunk = '' | ||
298 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | ||
299 | patchShebangs $out/check_backup_ovh_age | ||
300 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
301 | pkgs.duplicity | ||
302 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
303 | cp ${./plugins}/check_ovh_sms $out/ | ||
304 | patchShebangs $out/check_ovh_sms | ||
305 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | ||
306 | (pkgs.python3.withPackages (ps: [ps.ovh])) | ||
307 | ]} | ||
308 | ''; | ||
309 | }; | ||
310 | postgresql = { | ||
311 | commands = { | ||
312 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | ||
313 | }; | ||
314 | chunk = let | ||
315 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | ||
316 | then config.myServices.databasesReplication.postgresql.mainPackage | ||
317 | else if config.myServices.databases.enable | ||
318 | then config.myServices.databases.postgresql.package | ||
319 | else pkgs.postgresql; | ||
320 | in '' | ||
321 | cp ${./plugins}/check_postgres_replication $out/ | ||
322 | patchShebangs $out/check_postgres_replication | ||
323 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | ||
324 | postgresqlBinary | ||
325 | ]} | ||
326 | ''; | ||
327 | |||
328 | sudo = myplugins: { | ||
329 | commands = [ | ||
330 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | ||
331 | ]; | ||
332 | runAs = "postgres"; | ||
333 | }; | ||
334 | }; | ||
335 | redis = { | ||
336 | commands = { | ||
337 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | ||
338 | }; | ||
339 | chunk = '' | ||
340 | cp ${./plugins}/check_redis_replication $out/ | ||
341 | patchShebangs $out/check_redis_replication | ||
342 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | ||
343 | pkgs.gnugrep pkgs.coreutils pkgs.redis | ||
344 | ]} | ||
345 | ''; | ||
346 | sudo = myplugins: { | ||
347 | commands = [ | ||
348 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | ||
349 | ]; | ||
350 | runAs = "redis"; | ||
351 | }; | ||
352 | }; | ||
353 | tcp = { | ||
354 | commands = { | ||
355 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | ||
356 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | ||
357 | }; | ||
358 | }; | ||
359 | zfs = { | ||
360 | commands = { | ||
361 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | ||
362 | }; | ||
363 | chunk = let | ||
364 | zfsPlugin = pkgs.fetchurl { | ||
365 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | ||
366 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | ||
367 | }; | ||
368 | in '' | ||
369 | cp ${zfsPlugin} $out/check_zpool.sh | ||
370 | chmod +x $out/check_zpool.sh | ||
371 | patchShebangs $out/check_zpool.sh | ||
372 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | ||
373 | pkgs.which pkgs.zfs pkgs.gawk | ||
374 | ]} | ||
375 | ''; | ||
376 | }; | ||
377 | } | ||
diff --git a/modules/private/monitoring/objects_backup-2.nix b/modules/private/monitoring/objects_backup-2.nix index 4cdf59a..a930a7d 100644 --- a/modules/private/monitoring/objects_backup-2.nix +++ b/modules/private/monitoring/objects_backup-2.nix | |||
@@ -11,6 +11,7 @@ let | |||
11 | }; | 11 | }; |
12 | in | 12 | in |
13 | { | 13 | { |
14 | activatedPlugins = [ "file_date" "mysql" "openldap" "redis" "emails" ]; | ||
14 | service = [ | 15 | service = [ |
15 | (emailCheck "backup-2" hostFQDN // { | 16 | (emailCheck "backup-2" hostFQDN // { |
16 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-email"; freshness_threshold = "1350"; }; | 17 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-email"; freshness_threshold = "1350"; }; |
diff --git a/modules/private/monitoring/objects_common.nix b/modules/private/monitoring/objects_common.nix index 10cc149..7c9f642 100644 --- a/modules/private/monitoring/objects_common.nix +++ b/modules/private/monitoring/objects_common.nix | |||
@@ -10,9 +10,9 @@ | |||
10 | , load5Alert ? loadAlert | 10 | , load5Alert ? loadAlert |
11 | , load15Alert ? load5Alert | 11 | , load15Alert ? load5Alert |
12 | , mdadm | 12 | , mdadm |
13 | , sudo | ||
14 | , master | 13 | , master |
15 | , lib | 14 | , lib |
15 | , mypluginsConfig | ||
16 | , ... | 16 | , ... |
17 | }: | 17 | }: |
18 | let | 18 | let |
@@ -109,58 +109,18 @@ in | |||
109 | ]; | 109 | ]; |
110 | } | 110 | } |
111 | ]; | 111 | ]; |
112 | command = { | 112 | command = lib.foldr (v: o: o // (v.commands or {})) {} (builtins.attrValues mypluginsConfig) // { |
113 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | ||
114 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | ||
115 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | ||
116 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | ||
117 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | ||
118 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | ||
119 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | ||
120 | check_ftp_database = "$USER2$/check_ftp_database"; | ||
121 | check_git = "$USER2$/check_git $USER203$"; | ||
122 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
123 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
124 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
125 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | ||
126 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | ||
127 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | ||
128 | check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"; | 113 | check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"; |
129 | check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"; | 114 | check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"; |
130 | check_local_load = "$USER1$/check_load -r -w $ARG1$ -c $ARG2$"; | 115 | check_local_load = "$USER1$/check_load -r -w $ARG1$ -c $ARG2$"; |
131 | check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$"; | 116 | check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$"; |
132 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | ||
133 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | ||
134 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | ||
135 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | ||
136 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | ||
137 | check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org"; | 117 | check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org"; |
138 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; | 118 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; |
139 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | ||
140 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | ||
141 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | ||
142 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | ||
143 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | ||
144 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | ||
145 | check_smtp = "$USER1$/check_smtp -H $HOSTADDRESS$ -p 25 -S -D 21,15"; | 119 | check_smtp = "$USER1$/check_smtp -H $HOSTADDRESS$ -p 25 -S -D 21,15"; |
146 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | ||
147 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | ||
148 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | ||
149 | 120 | ||
150 | check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5"; | 121 | check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5"; |
151 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | ||
152 | check_ok = "$USER1$/check_dummy 0 \"Dummy OK\""; | 122 | check_ok = "$USER1$/check_dummy 0 \"Dummy OK\""; |
153 | check_critical = "$USER1$/check_dummy 2 \"Dummy CRITICAL\""; | 123 | check_critical = "$USER1$/check_dummy 2 \"Dummy CRITICAL\""; |
154 | |||
155 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
156 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
157 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
158 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
159 | notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\""; | ||
160 | notify-host-eban-url = "STATUS_NAME=\"Server\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" HOSTSTATE=\"$HOSTSTATE$\" $USER2$/notify_eban_url"; | ||
161 | notify-service-eban-url = "STATUS_NAME=\"$_SERVICEWEBSTATUS_NAME$\" USER=\"$USER210$\" PASSWORD=\"$USER211$\" SERVICESTATE=\"$SERVICESTATE$\" $USER2$/notify_eban_url"; | ||
162 | |||
163 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | ||
164 | }; | 124 | }; |
165 | timeperiod = { | 125 | timeperiod = { |
166 | "24x7" = { | 126 | "24x7" = { |
diff --git a/modules/private/monitoring/objects_dilion.nix b/modules/private/monitoring/objects_dilion.nix index ea4ec37..1baaf39 100644 --- a/modules/private/monitoring/objects_dilion.nix +++ b/modules/private/monitoring/objects_dilion.nix | |||
@@ -11,6 +11,7 @@ let | |||
11 | }; | 11 | }; |
12 | in | 12 | in |
13 | { | 13 | { |
14 | activatedPlugins = [ "zfs" ]; | ||
14 | service = [ | 15 | service = [ |
15 | { | 16 | { |
16 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-resources"; }; | 17 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-resources"; }; |
diff --git a/modules/private/monitoring/objects_eban.nix b/modules/private/monitoring/objects_eban.nix index 9ad49e1..15b19b9 100644 --- a/modules/private/monitoring/objects_eban.nix +++ b/modules/private/monitoring/objects_eban.nix | |||
@@ -12,6 +12,7 @@ let | |||
12 | } // rest; | 12 | } // rest; |
13 | in | 13 | in |
14 | { | 14 | { |
15 | activatedPlugins = [ "http" ]; | ||
15 | contact = { | 16 | contact = { |
16 | eban = { | 17 | eban = { |
17 | use = "generic-contact"; | 18 | use = "generic-contact"; |
diff --git a/modules/private/monitoring/objects_eldiron.nix b/modules/private/monitoring/objects_eldiron.nix index 2c15dd6..75e7b0e 100644 --- a/modules/private/monitoring/objects_eldiron.nix +++ b/modules/private/monitoring/objects_eldiron.nix | |||
@@ -11,6 +11,7 @@ let | |||
11 | }; | 11 | }; |
12 | in | 12 | in |
13 | { | 13 | { |
14 | activatedPlugins = [ "emails" "postgresql" "zfs" ]; | ||
14 | service = [ | 15 | service = [ |
15 | { | 16 | { |
16 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; | 17 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; |
diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix index 6432ddb..32dbe4b 100644 --- a/modules/private/monitoring/objects_monitoring-1.nix +++ b/modules/private/monitoring/objects_monitoring-1.nix | |||
@@ -22,6 +22,7 @@ let | |||
22 | }) profile.remotes; | 22 | }) profile.remotes; |
23 | in | 23 | in |
24 | { | 24 | { |
25 | activatedPlugins = [ "dns" "ftp" "git" "http" "imap" "ovh" "tcp" ]; | ||
25 | host = { | 26 | host = { |
26 | # Dummy host for testing | 27 | # Dummy host for testing |
27 | # "dummy-host" = { | 28 | # "dummy-host" = { |
diff --git a/modules/private/monitoring/objects_phare.nix b/modules/private/monitoring/objects_phare.nix index a61b46e..082e7e3 100644 --- a/modules/private/monitoring/objects_phare.nix +++ b/modules/private/monitoring/objects_phare.nix | |||
@@ -1,5 +1,6 @@ | |||
1 | { emailCheck, ... }: | 1 | { emailCheck, ... }: |
2 | { | 2 | { |
3 | activatedPlugins = [ "emails" ]; | ||
3 | host = { | 4 | host = { |
4 | "phare.normalesup.org" = { | 5 | "phare.normalesup.org" = { |
5 | alias = "phare.normalesup.org"; | 6 | alias = "phare.normalesup.org"; |
diff --git a/modules/private/monitoring/objects_quatresaisons.nix b/modules/private/monitoring/objects_quatresaisons.nix index de0ce86..55d5631 100644 --- a/modules/private/monitoring/objects_quatresaisons.nix +++ b/modules/private/monitoring/objects_quatresaisons.nix | |||
@@ -11,6 +11,7 @@ let | |||
11 | }; | 11 | }; |
12 | in | 12 | in |
13 | { | 13 | { |
14 | activatedPlugins = [ "megaraid" ]; | ||
14 | service = [ | 15 | service = [ |
15 | { | 16 | { |
16 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-resources"; }; | 17 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-resources"; }; |
diff --git a/modules/private/monitoring/objects_ulminfo-fr.nix b/modules/private/monitoring/objects_ulminfo-fr.nix index 574e0e3..bd2804b 100644 --- a/modules/private/monitoring/objects_ulminfo-fr.nix +++ b/modules/private/monitoring/objects_ulminfo-fr.nix | |||
@@ -1,5 +1,6 @@ | |||
1 | { emailCheck, ... }: | 1 | { emailCheck, ... }: |
2 | { | 2 | { |
3 | activatedPlugins = [ "emails" ]; | ||
3 | host = { | 4 | host = { |
4 | "ulminfo.fr" = { | 5 | "ulminfo.fr" = { |
5 | alias = "ulminfo.fr"; | 6 | alias = "ulminfo.fr"; |
diff --git a/nixops/secrets b/nixops/secrets | |||
Subproject bbc6606211e970d0df974f0f74693f48186aea9 | Subproject bf72e9cc77b6c2217ae9e9a272805b1d917336c | ||