aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile3
-rw-r--r--modules/private/environment.nix14
-rw-r--r--modules/private/monitoring/default.nix99
-rw-r--r--modules/private/monitoring/nagios-cli.cfg68
-rw-r--r--modules/private/monitoring/objects_backup-2.nix24
-rw-r--r--modules/private/monitoring/objects_caldance-1.nix57
-rw-r--r--modules/private/monitoring/objects_common.nix132
-rw-r--r--modules/private/monitoring/objects_eldiron.nix15
-rw-r--r--modules/private/monitoring/objects_immae-eu.nix123
-rw-r--r--modules/private/monitoring/objects_master.nix38
-rw-r--r--modules/private/monitoring/objects_monitoring-1.nix665
-rw-r--r--modules/private/monitoring/objects_phare.nix22
-rw-r--r--modules/private/monitoring/objects_tiboqorl-fr.nix12
-rw-r--r--modules/private/monitoring/objects_ulminfo-fr.nix22
-rwxr-xr-xmodules/private/monitoring/plugins/check_ftp_database11
-rwxr-xr-xmodules/private/monitoring/plugins/check_git68
-rwxr-xr-xmodules/private/monitoring/plugins/check_imap_connection52
-rwxr-xr-xmodules/private/monitoring/plugins/check_maison_bbc41
-rwxr-xr-xmodules/private/monitoring/plugins/notify_by_email4
-rwxr-xr-xmodules/private/monitoring/plugins/notify_by_slack46
-rwxr-xr-xmodules/private/monitoring/plugins/notify_maison_bbc_by_email27
-rw-r--r--modules/private/monitoring/to_objects.nix4
-rw-r--r--modules/private/system/monitoring-1.nix41
-rw-r--r--nixops/Makefile7
-rw-r--r--nixops/default.nix1
25 files changed, 1557 insertions, 39 deletions
diff --git a/Makefile b/Makefile
index 6a039bd..fafbe00 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
1subrecipes = setup 1subrecipes = setup
2subrecipes += nixops ssh-eldiron ssh-backup-2 info debug dry-run build upload deploy deploy-reboot reboot 2subrecipes += nixops ssh-eldiron ssh-backup-2 ssh-monitoring-1
3subrecipes += info debug dry-run build upload deploy deploy-reboot reboot
3subrecipes += list-generations delete-generations cleanup 4subrecipes += list-generations delete-generations cleanup
4subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment 5subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment
5${subrecipes}: 6${subrecipes}:
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 9bfb80a..550b060 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -117,6 +117,11 @@ in
117 default = {}; 117 default = {};
118 type = attrsOf (submodule { 118 type = attrsOf (submodule {
119 options = { 119 options = {
120 emails = mkOption {
121 default = [];
122 description = "List of e-mails that the server can be a sender of";
123 type = listOf str;
124 };
120 ldap = mkOption { 125 ldap = mkOption {
121 description = '' 126 description = ''
122 LDAP credentials for the host 127 LDAP credentials for the host
@@ -453,7 +458,16 @@ in
453 options = { 458 options = {
454 status_url = mkOption { type = str; description = "URL to push status to"; }; 459 status_url = mkOption { type = str; description = "URL to push status to"; };
455 status_token = mkOption { type = str; description = "Token for the status url"; }; 460 status_token = mkOption { type = str; description = "Token for the status url"; };
461 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
456 email = mkOption { type = str; description = "Admin E-mail"; }; 462 email = mkOption { type = str; description = "Admin E-mail"; };
463 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
464 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
465 imap_login = mkOption { type = str; description = "IMAP login"; };
466 imap_password = mkOption { type = str; description = "IMAP password"; };
467 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
468 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
469 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
470 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
457 }; 471 };
458 }; 472 };
459 }; 473 };
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index d6c91ac..a1f4b3f 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -1,5 +1,6 @@
1{ config, pkgs, lib, name, ... }: 1{ config, pkgs, lib, name, nodes, ... }:
2let 2let
3 cfg = config.myServices.monitoring;
3 myplugins = pkgs.runCommand "buildplugins" { 4 myplugins = pkgs.runCommand "buildplugins" {
4 buildInputs = [ pkgs.makeWrapper pkgs.perl ]; 5 buildInputs = [ pkgs.makeWrapper pkgs.perl ];
5 } '' 6 } ''
@@ -10,6 +11,9 @@ let
10 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ 11 wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
11 pkgs.curl pkgs.jq 12 pkgs.curl pkgs.jq
12 ]} 13 ]}
14 wrapProgram $out/check_maison_bbc --prefix PATH : ${lib.makeBinPath [
15 pkgs.curl pkgs.jq
16 ]}
13 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ 17 wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
14 pkgs.gnugrep pkgs.gawk pkgs.procps-ng 18 pkgs.gnugrep pkgs.gawk pkgs.procps-ng
15 ]} 19 ]}
@@ -25,6 +29,24 @@ let
25 wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ 29 wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [
26 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap 30 pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap
27 ]} 31 ]}
32 wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [
33 pkgs.lftp
34 ]}
35 wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [
36 pkgs.git pkgs.openssh
37 ]}
38 wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [
39 pkgs.openssl
40 ]}
41 wrapProgram $out/notify_maison_bbc_by_email --prefix PATH : ${lib.makeBinPath [
42 pkgs.mailutils pkgs.gawk
43 ]}
44 wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
45 pkgs.mailutils
46 ]}
47 wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [
48 pkgs.curl pkgs.jq
49 ]}
28 ''; 50 '';
29 toObjects = pkgs.callPackage ./to_objects.nix {}; 51 toObjects = pkgs.callPackage ./to_objects.nix {};
30 commonConfig = { 52 commonConfig = {
@@ -36,16 +58,48 @@ let
36 processWarn = "50"; processAlert = "60"; 58 processWarn = "50"; processAlert = "60";
37 loadWarn = "1.0"; loadAlert = "2.0"; 59 loadWarn = "1.0"; loadAlert = "2.0";
38 }; 60 };
61 monitoring-1 = {
62 processWarn = "50"; processAlert = "60";
63 loadWarn = "1.0"; loadAlert = "2.0";
64 };
39 }; 65 };
66 masterPassiveObjects = let
67 otherPassiveObjects = map
68 (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") {}))
69 [ "caldance-1" "ulminfo-fr" "immae-eu" "phare" "tiboqorl-fr" ];
70 otherPassiveServices = lib.flatten (map (h: h.service or []) otherPassiveObjects);
71 otherPassiveHosts = (map (h: h.host)) otherPassiveObjects;
72 passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes;
73 toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo);
74 passiveServices = lib.flatten (lib.attrsets.mapAttrsToList
75 (_: n: toPassiveServices n.config.myServices.monitoring.services)
76 passiveNodes
77 );
78 in {
79 service = passiveServices ++ otherPassiveServices;
80 host = lib.lists.foldr
81 (a: b: a//b)
82 {}
83 (otherPassiveHosts ++ lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes);
84 };
85 masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
40 commonObjects = pkgs.callPackage ./objects_common.nix ({ 86 commonObjects = pkgs.callPackage ./objects_common.nix ({
87 master = cfg.master;
41 hostFQDN = config.hostEnv.FQDN; 88 hostFQDN = config.hostEnv.FQDN;
89 hostName = name;
42 sudo = "/run/wrappers/bin/sudo"; 90 sudo = "/run/wrappers/bin/sudo";
43 } // builtins.getAttr name commonConfig); 91 } // builtins.getAttr name commonConfig);
44 hostObjects = 92 hostObjects =
45 let 93 let
46 specific_file = ./. + "/objects_" + name + ".nix"; 94 specific_file = ./. + "/objects_" + name + ".nix";
47 in 95 in
48 lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file { inherit config; }); 96 lib.attrsets.optionalAttrs
97 (builtins.pathExists specific_file)
98 (pkgs.callPackage specific_file {
99 inherit config;
100 hostFQDN = config.hostEnv.FQDN;
101 hostName = name;
102 });
49in 103in
50{ 104{
51 options = { 105 options = {
@@ -57,10 +111,27 @@ in
57 Whether to enable monitoring. 111 Whether to enable monitoring.
58 ''; 112 '';
59 }; 113 };
114 master = lib.mkOption {
115 type = lib.types.bool;
116 default = false;
117 description = ''
118 This instance is the master instance
119 '';
120 };
121 hosts = lib.mkOption {
122 readOnly = true;
123 description = "Hosts list for this host";
124 default = (commonObjects.host or {}) // (hostObjects.host or {});
125 };
126 services = lib.mkOption {
127 readOnly = true;
128 description = "Services list for this host";
129 default = commonObjects.service ++ hostObjects.service;
130 };
60 }; 131 };
61 }; 132 };
62 133
63 config = lib.mkIf config.myServices.monitoring.enable { 134 config = lib.mkIf cfg.enable {
64 services.duplyBackup.profiles.monitoring = { 135 services.duplyBackup.profiles.monitoring = {
65 rootDir = config.services.naemon.varDir; 136 rootDir = config.services.naemon.varDir;
66 }; 137 };
@@ -116,6 +187,15 @@ in
116 text = "MAILADDR ${config.myEnv.monitoring.email}"; 187 text = "MAILADDR ${config.myEnv.monitoring.email}";
117 }; 188 };
118 189
190 secrets.keys = [
191 {
192 dest = "naemon/id_rsa";
193 user = "naemon";
194 group = "naemon";
195 premissions = "0400";
196 text = config.myEnv.monitoring.ssh_secret_key;
197 }
198 ];
119 # needed since extraResource is not in the closure 199 # needed since extraResource is not in the closure
120 systemd.services.naemon.path = [ myplugins ]; 200 systemd.services.naemon.path = [ myplugins ];
121 services.naemon = { 201 services.naemon = {
@@ -126,7 +206,7 @@ in
126 log_initial_states=1 206 log_initial_states=1
127 date_format=iso8601 207 date_format=iso8601
128 admin_email=${config.myEnv.monitoring.email} 208 admin_email=${config.myEnv.monitoring.email}
129 209 '' + lib.optionalString (!cfg.master) ''
130 obsess_over_services=1 210 obsess_over_services=1
131 ocsp_command=notify-master 211 ocsp_command=notify-master
132 ''; 212 '';
@@ -134,8 +214,17 @@ in
134 $USER2$=${myplugins} 214 $USER2$=${myplugins}
135 $USER200$=${config.myEnv.monitoring.status_url} 215 $USER200$=${config.myEnv.monitoring.status_url}
136 $USER201$=${config.myEnv.monitoring.status_token} 216 $USER201$=${config.myEnv.monitoring.status_token}
217 $USER202$=${config.myEnv.monitoring.http_user_password}
218 $USER203$=${config.secrets.fullPaths."naemon/id_rsa"}
219 $USER204$=${config.myEnv.monitoring.imap_login}
220 $USER205$=${config.myEnv.monitoring.imap_password}
221 $USER206$=${config.myEnv.monitoring.slack_channel}
222 $USER207$=${config.myEnv.monitoring.slack_url}
137 ''; 223 '';
138 objectDefs = toObjects commonObjects + toObjects hostObjects; 224 objectDefs = toObjects commonObjects
225 + toObjects hostObjects
226 + lib.optionalString cfg.master (toObjects masterObjects)
227 + lib.optionalString cfg.master (toObjects masterPassiveObjects);
139 }; 228 };
140 }; 229 };
141} 230}
diff --git a/modules/private/monitoring/nagios-cli.cfg b/modules/private/monitoring/nagios-cli.cfg
new file mode 100644
index 0000000..7bd30cb
--- /dev/null
+++ b/modules/private/monitoring/nagios-cli.cfg
@@ -0,0 +1,68 @@
1# -*- coding: utf-8; -*-
2
3[cli]
4history = /var/lib/naemon/nagios_cli_history
5
6[ui]
7color = 1
8prompt = naemon %s>
9prompt_separator = " → "
10
11[nagios]
12log = /var/log/naemon
13command_file = /run/naemon/naemon.cmd
14log_file = %(log)s/naemon.log
15object_cache_file = /var/lib/naemon/objects.cache
16status_file = /var/lib/naemon/status.dat
17
18[object]
19host.status =
20 host_name
21 current_state
22 plugin_output
23 is_flapping
24 last_check
25 last_time_down
26 last_state_change
27 check_period
28 notification_period
29 current_attempt
30 max_attempts
31service.status =
32 host_name
33 service_description
34 current_state
35 is_flapping
36 plugin_output
37 last_time_down
38 last_state_change
39 last_check
40 next_check
41 check_interval
42 check_latency
43 check_period
44 notification_period
45 current_attempt
46 max_attempts
47
48[string]
49level.ok = ↑ OK
50level.warning = ! WARNING
51level.critical = ↓ CRITICAL
52level.unknown = ↕ UNKNOWN
53
54[color]
55error = bold_red
56
57prompt = normal
58prompt.object = bold
59
60host.host_name = bold
61host.plugin_output = bold
62service.plugin_output = bold
63
64level.ok = bold_green
65level.warning = bold_yellow
66level.critical = bold_red
67level.unknown = bold_magenta
68
diff --git a/modules/private/monitoring/objects_backup-2.nix b/modules/private/monitoring/objects_backup-2.nix
index 38b2ff6..52289dd 100644
--- a/modules/private/monitoring/objects_backup-2.nix
+++ b/modules/private/monitoring/objects_backup-2.nix
@@ -1,52 +1,73 @@
1{ config, pkgs, ... }: 1{ config, pkgs, lib, hostFQDN, ... }:
2let
3 defaultPassiveInfo = {
4 filter = lib.attrsets.filterAttrs
5 (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_");
6 use = "external-passive-service";
7 freshness_threshold = "450";
8 retry_interval = "1";
9 servicegroups = "webstatus-resources";
10 host_name = hostFQDN;
11 };
12in
2{ 13{
3 service = [ 14 service = [
4 { 15 {
16 passiveInfo = defaultPassiveInfo;
5 service_description = "Size on /backup2 partition"; 17 service_description = "Size on /backup2 partition";
6 use = "local-service"; 18 use = "local-service";
7 check_command = ["check_local_disk" "10%" "5%" "/backup2"]; 19 check_command = ["check_local_disk" "10%" "5%" "/backup2"];
8 } 20 }
9 { 21 {
22 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; };
10 service_description = "Last backup in /backup2/phare is not too old"; 23 service_description = "Last backup in /backup2/phare is not too old";
11 use = "local-service"; 24 use = "local-service";
12 check_command = ["check_last_file_date" "/backup2/phare" "14" "backup"]; 25 check_command = ["check_last_file_date" "/backup2/phare" "14" "backup"];
13 } 26 }
14 { 27 {
28 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; };
15 service_description = "Last backup in /backup2/immae_eu is not too old"; 29 service_description = "Last backup in /backup2/immae_eu is not too old";
16 use = "local-service"; 30 use = "local-service";
17 check_command = ["check_last_file_date" "/backup2/immae_eu" "14" "backup"]; 31 check_command = ["check_last_file_date" "/backup2/immae_eu" "14" "backup"];
18 } 32 }
19 { 33 {
34 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; };
20 service_description = "Last backup in /backup2/ulminfo is not too old"; 35 service_description = "Last backup in /backup2/ulminfo is not too old";
21 use = "local-service"; 36 use = "local-service";
22 check_command = ["check_last_file_date" "/backup2/ulminfo" "14" "backup"]; 37 check_command = ["check_last_file_date" "/backup2/ulminfo" "14" "backup"];
23 } 38 }
24 { 39 {
40 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; };
25 service_description = "Last postgresql dump in /backup2/eldiron/postgresql_backup is not too old"; 41 service_description = "Last postgresql dump in /backup2/eldiron/postgresql_backup is not too old";
26 use = "local-service"; 42 use = "local-service";
27 check_command = ["check_last_file_date" "/backup2/eldiron/postgresql_backup" "7" "postgres"]; 43 check_command = ["check_last_file_date" "/backup2/eldiron/postgresql_backup" "7" "postgres"];
28 } 44 }
29 { 45 {
46 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; };
30 service_description = "Redis replication for eldiron is up to date"; 47 service_description = "Redis replication for eldiron is up to date";
31 use = "local-service"; 48 use = "local-service";
32 check_command = ["check_redis_replication" "/run/redis_eldiron/redis.sock"]; 49 check_command = ["check_redis_replication" "/run/redis_eldiron/redis.sock"];
33 } 50 }
34 { 51 {
52 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; };
35 service_description = "Last redis dump in /backup2/eldiron/redis_backup is not too old"; 53 service_description = "Last redis dump in /backup2/eldiron/redis_backup is not too old";
36 use = "local-service"; 54 use = "local-service";
37 check_command = ["check_last_file_date" "/backup2/eldiron/redis_backup" "7" "redis"]; 55 check_command = ["check_last_file_date" "/backup2/eldiron/redis_backup" "7" "redis"];
38 } 56 }
39 { 57 {
58 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; };
40 service_description = "Mysql replication for eldiron is up to date"; 59 service_description = "Mysql replication for eldiron is up to date";
41 use = "local-service"; 60 use = "local-service";
42 check_command = ["check_mysql_replication" "/run/mysqld_eldiron/mysqld.sock" "/var/secrets/mysql_replication/eldiron/client"]; 61 check_command = ["check_mysql_replication" "/run/mysqld_eldiron/mysqld.sock" "/var/secrets/mysql_replication/eldiron/client"];
43 } 62 }
44 { 63 {
64 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; };
45 service_description = "Last mysql dump in /backup2/eldiron/mysql_backup is not too old"; 65 service_description = "Last mysql dump in /backup2/eldiron/mysql_backup is not too old";
46 use = "local-service"; 66 use = "local-service";
47 check_command = ["check_last_file_date" "/backup2/eldiron/mysql_backup" "7" "mysql"]; 67 check_command = ["check_last_file_date" "/backup2/eldiron/mysql_backup" "7" "mysql"];
48 } 68 }
49 { 69 {
70 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; };
50 service_description = "Openldap replication for eldiron is up to date"; 71 service_description = "Openldap replication for eldiron is up to date";
51 use = "local-service"; 72 use = "local-service";
52 check_command = let 73 check_command = let
@@ -73,6 +94,7 @@
73 ]; 94 ];
74 } 95 }
75 { 96 {
97 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; };
76 service_description = "Last openldap dump in /backup2/eldiron/openldap_backup is not too old"; 98 service_description = "Last openldap dump in /backup2/eldiron/openldap_backup is not too old";
77 use = "local-service"; 99 use = "local-service";
78 check_command = ["check_last_file_date" "/backup2/eldiron/openldap_backup" "7" "openldap"]; 100 check_command = ["check_last_file_date" "/backup2/eldiron/openldap_backup" "7" "openldap"];
diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix
new file mode 100644
index 0000000..2879124
--- /dev/null
+++ b/modules/private/monitoring/objects_caldance-1.nix
@@ -0,0 +1,57 @@
1{ ... }:
2let
3 defaultPassiveInfo = {
4 use = "external-passive-service";
5 freshness_threshold = "450";
6 retry_interval = "1";
7 host_name = "caldance-1.v.immae.eu";
8 };
9in
10{
11 host = {
12 "caldance-1.v.immae.eu" = {
13 alias = "caldance-1.v.immae.eu";
14 address = "caldance-1.v.immae.eu";
15 use = "linux-server";
16 hostgroups = "webstatus-hosts";
17 _webstatus_name = "caldance-1";
18 };
19 };
20 service = map (s: defaultPassiveInfo // s) [
21 {
22 service_description = "Size on root partition";
23 servicegroups = "webstatus-resources";
24 }
25
26 {
27 service_description = "Total number of process";
28 servicegroups = "webstatus-resources";
29 }
30
31 {
32 service_description = "Average load";
33 servicegroups = "webstatus-resources";
34 }
35
36 {
37 service_description = "Swap usage";
38 servicegroups = "webstatus-resources";
39 }
40
41 {
42 service_description = "fail2ban is active";
43 servicegroups = "webstatus-resources";
44 }
45
46 {
47 service_description = "NTP is activated and working";
48 servicegroups = "webstatus-resources";
49 freshness_threshold = "5400";
50 }
51
52 {
53 service_description = "Databases are present in postgresql";
54 servicegroups = "webstatus-databases";
55 }
56 ];
57}
diff --git a/modules/private/monitoring/objects_common.nix b/modules/private/monitoring/objects_common.nix
index 66fb812..7467306 100644
--- a/modules/private/monitoring/objects_common.nix
+++ b/modules/private/monitoring/objects_common.nix
@@ -1,27 +1,45 @@
1{ hostFQDN 1{ hostFQDN
2, hostName
2, processWarn ? "250" 3, processWarn ? "250"
3, processAlert ? "400" 4, processAlert ? "400"
4, loadWarn ? "8.0" 5, loadWarn ? "8.0"
5, loadAlert ? "10.0" 6, loadAlert ? "10.0"
6, mdadm 7, mdadm
7, sudo 8, sudo
9, master
10, lib
8, ... 11, ...
9}: 12}:
13let
14 defaultPassiveInfo = {
15 filter = lib.attrsets.filterAttrs
16 (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_");
17 use = "external-passive-service";
18 freshness_threshold = "450";
19 retry_interval = "1";
20 servicegroups = "webstatus-resources";
21 host_name = hostFQDN;
22 };
23in
10{ 24{
11 host = { 25 host = {
12 "${hostFQDN}" = { 26 "${hostFQDN}" = {
13 alias = hostFQDN; 27 alias = hostFQDN;
14 address = hostFQDN; 28 address = hostFQDN;
15 use = "linux-server"; 29 use = "linux-server";
30 hostgroups = "webstatus-hosts";
31 _webstatus_name = hostName;
16 }; 32 };
17 }; 33 };
18 service = [ 34 service = [
19 { 35 {
36 passiveInfo = defaultPassiveInfo;
20 service_description = "Size on root partition"; 37 service_description = "Size on root partition";
21 use = "local-service"; 38 use = "local-service";
22 check_command = ["check_local_disk" "20%" "10%" "/"]; 39 check_command = ["check_local_disk" "20%" "10%" "/"];
23 } 40 }
24 { 41 {
42 passiveInfo = defaultPassiveInfo;
25 service_description = "Total number of process"; 43 service_description = "Total number of process";
26 use = "local-service"; 44 use = "local-service";
27 check_command = [ 45 check_command = [
@@ -32,6 +50,7 @@
32 ]; 50 ];
33 } 51 }
34 { 52 {
53 passiveInfo = defaultPassiveInfo;
35 service_description = "Average load"; 54 service_description = "Average load";
36 use = "local-service"; 55 use = "local-service";
37 check_command = [ 56 check_command = [
@@ -41,21 +60,25 @@
41 ]; 60 ];
42 } 61 }
43 { 62 {
63 passiveInfo = defaultPassiveInfo;
44 service_description = "Swap usage"; 64 service_description = "Swap usage";
45 use = "local-service"; 65 use = "local-service";
46 check_command = ["check_local_swap" "20" "10"]; 66 check_command = ["check_local_swap" "20" "10"];
47 } 67 }
48 { 68 {
69 passiveInfo = defaultPassiveInfo;
49 service_description = "Memory usage"; 70 service_description = "Memory usage";
50 use = "local-service"; 71 use = "local-service";
51 check_command = ["check_memory" "80" "90"]; 72 check_command = ["check_memory" "80" "90"];
52 } 73 }
53 { 74 {
75 passiveInfo = defaultPassiveInfo;
54 service_description = "NTP is activated and working"; 76 service_description = "NTP is activated and working";
55 use = "local-service"; 77 use = "local-service";
56 check_command = ["check_ntp"]; 78 check_command = ["check_ntp"];
57 } 79 }
58 { 80 {
81 passiveInfo = defaultPassiveInfo;
59 service_description = "No mdadm array is degraded"; 82 service_description = "No mdadm array is degraded";
60 use = "local-service"; 83 use = "local-service";
61 check_command = [ 84 check_command = [
@@ -67,28 +90,46 @@
67 } 90 }
68 ]; 91 ];
69 command = { 92 command = {
93 check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
94 check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
95 check_ftp_database = "$USER2$/check_ftp_database";
96 check_git = "$USER2$/check_git $USER203$";
97 check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
98 check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
99 check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
100 check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
101 check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
102 check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
70 check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"; 103 check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$";
71 check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"; 104 check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$";
72 check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$"; 105 check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$";
73 check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$"; 106 check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$";
74 check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; 107 check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
108 check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
75 check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; 109 check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
110 check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
76 check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org"; 111 check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org";
112 check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
113 check_maison_bbc = "$USER2$/check_maison_bbc";
77 check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; 114 check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
78 check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; 115 check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
79 check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; 116 check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
80 check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; 117 check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
81 check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; 118 check_smtp = "$USER1$/check_smtp -H $HOSTADDRESS$ -p 25 -S -D 21,15";
119 check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
120 check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
82 121
83 check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5"; 122 check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5";
84 check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; 123 check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
124 check_ok = "$USER1$/check_dummy 0 \"Dummy OK\"";
125 check_critical = "$USER1$/check_dummy 2 \"Dummy CRITICAL\"";
85 126
86 # No notify commands, we go through master 127 # $OVE is to force naemon to run via shell instead of execve which fails here
87 # notify_host_by_email = "SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; 128 notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
88 # #$OVE is to force naemon to run via shell instead of execve which fails here 129 # $OVE is to force naemon to run via shell instead of execve which fails here
89 # notify_service_by_email = "SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; 130 notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
90 # #sudo /usr/bin/strace -o /tmp/foo -vf -s 256 -u naemon $USER2$/notify_by_email 131 notify-maison-bbc-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_maison_bbc_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
91 # #$OVE is to force naemon to run via shell instead of execve which fails here 132 notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\"";
92 133
93 notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$\""; 134 notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$\"";
94 }; 135 };
@@ -104,17 +145,24 @@
104 sunday = "00:00-24:00"; 145 sunday = "00:00-24:00";
105 }; 146 };
106 }; 147 };
148 servicegroup = {
149 webstatus-webapps = { alias = "Web applications"; };
150 webstatus-websites = { alias = "Personal websites"; };
151 webstatus-ssl = { alias = "SSL certificates"; };
152 webstatus-dns = { alias = "DNS resolution"; };
153 webstatus-remote-services = { alias = "Other remote services"; };
154 webstatus-local-services = { alias = "Other local services"; };
155 webstatus-email = { alias = "E-mail services"; };
156 webstatus-resources = { alias = "Local resources"; };
157 webstatus-databases = { alias = "Databases resources"; };
158 webstatus-backup = { alias = "Backup resources"; };
159 };
160 hostgroup = {
161 webstatus-hosts = { alias = "Hosts"; };
162 };
107 contactgroup = { 163 contactgroup = {
108 admins = { alias = "Naemon Administrators"; }; 164 admins = { alias = "Naemon Administrators"; };
109 }; 165 };
110 # No contact, we go through master
111 # contact = {
112 # immae = {
113 # alias = "Immae";
114 # use = "generic-contact";
115 # email = "xxxxxxxxxxxxxxxx";
116 # };
117 # };
118 templates = { 166 templates = {
119 service = { 167 service = {
120 generic-service = { 168 generic-service = {
@@ -130,7 +178,7 @@
130 notification_interval = "60"; 178 notification_interval = "60";
131 notification_options = "w,u,c,r,f,s"; 179 notification_options = "w,u,c,r,f,s";
132 notification_period = "24x7"; 180 notification_period = "24x7";
133 notifications_enabled = "0"; # no notification since we send them to master 181 notifications_enabled = if master then "1" else "0";
134 obsess_over_service = "1"; 182 obsess_over_service = "1";
135 passive_checks_enabled = "1"; 183 passive_checks_enabled = "1";
136 process_perf_data = "1"; 184 process_perf_data = "1";
@@ -144,19 +192,51 @@
144 check_interval = "5"; 192 check_interval = "5";
145 max_check_attempts = "4"; 193 max_check_attempts = "4";
146 retry_interval = "1"; 194 retry_interval = "1";
195 servicegroups = "webstatus-resources";
196 };
197 external-service = {
198 use = "generic-service";
199 check_interval = "5";
200 max_check_attempts = "4";
201 retry_interval = "1";
202 };
203 web-service = {
204 use = "generic-service";
205 check_interval = "20";
206 max_check_attempts = "2";
207 retry_interval = "1";
208 };
209 external-web-service = {
210 use = "generic-service";
211 check_interval = "20";
212 max_check_attempts = "2";
213 retry_interval = "1";
214 };
215 mail-service = {
216 use = "generic-service";
217 check_interval = "15";
218 max_check_attempts = "1";
219 retry_interval = "1";
220 };
221 dns-service = {
222 use = "generic-service";
223 check_interval = "120";
224 notification_interval = "120";
225 max_check_attempts = "5";
226 retry_interval = "5";
147 }; 227 };
148 }; 228 };
149 # No contact, we go through master 229 # No contact, we go through master
150 # contact = { 230 contact = {
151 # generic-contact = { 231 generic-contact = {
152 # host_notification_commands = "notify_host_by_email"; 232 host_notification_commands = "notify-host-by-email";
153 # host_notification_options = "d,u,r,f,s"; 233 host_notification_options = "d,u,r,f,s";
154 # host_notification_period = "24x7"; 234 host_notification_period = "24x7";
155 # service_notification_commands = "notify_service_by_email"; 235 service_notification_commands = "notify-service-by-email";
156 # service_notification_options = "w,u,c,r,f,s"; 236 service_notification_options = "w,u,c,r,f,s";
157 # service_notification_period = "24x7"; 237 service_notification_period = "24x7";
158 # }; 238 };
159 # }; 239 };
160 host = { 240 host = {
161 generic-host = { 241 generic-host = {
162 event_handler_enabled = "1"; 242 event_handler_enabled = "1";
diff --git a/modules/private/monitoring/objects_eldiron.nix b/modules/private/monitoring/objects_eldiron.nix
index 897fc15..bee4645 100644
--- a/modules/private/monitoring/objects_eldiron.nix
+++ b/modules/private/monitoring/objects_eldiron.nix
@@ -1,12 +1,25 @@
1{ ... }: 1{ lib, hostFQDN, ... }:
2let
3 defaultPassiveInfo = {
4 filter = lib.attrsets.filterAttrs
5 (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_");
6 use = "external-passive-service";
7 freshness_threshold = "450";
8 retry_interval = "1";
9 servicegroups = "webstatus-resources";
10 host_name = hostFQDN;
11 };
12in
2{ 13{
3 service = [ 14 service = [
4 { 15 {
16 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; };
5 service_description = "Postgresql replication for backup-2 is up to date"; 17 service_description = "Postgresql replication for backup-2 is up to date";
6 use = "local-service"; 18 use = "local-service";
7 check_command = ["check_postgresql_replication" "backup-2" "/run/postgresql" "5432"]; 19 check_command = ["check_postgresql_replication" "backup-2" "/run/postgresql" "5432"];
8 } 20 }
9 { 21 {
22 passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-email"; };
10 service_description = "mailq is empty"; 23 service_description = "mailq is empty";
11 use = "local-service"; 24 use = "local-service";
12 check_command = ["check_mailq"]; 25 check_command = ["check_mailq"];
diff --git a/modules/private/monitoring/objects_immae-eu.nix b/modules/private/monitoring/objects_immae-eu.nix
new file mode 100644
index 0000000..3dda999
--- /dev/null
+++ b/modules/private/monitoring/objects_immae-eu.nix
@@ -0,0 +1,123 @@
1{ ... }:
2let
3 defaultPassiveInfo = {
4 use = "external-passive-service";
5 freshness_threshold = "450";
6 retry_interval = "1";
7 host_name = "immae.eu";
8 };
9in
10{
11 host = {
12 "immae.eu" = {
13 alias = "immae.eu";
14 address = "immae.eu";
15 use = "linux-server";
16 hostgroups = "webstatus-hosts";
17 _webstatus_name = "immaeEu";
18 };
19 };
20 service = map (s: defaultPassiveInfo // s) [
21 {
22 service_description = "size on root partition";
23 servicegroups = "webstatus-resources";
24 }
25
26 {
27 service_description = "total number of process";
28 servicegroups = "webstatus-resources";
29 }
30
31 {
32 service_description = "average load";
33 servicegroups = "webstatus-resources";
34 }
35
36 {
37 service_description = "swap usage";
38 servicegroups = "webstatus-resources";
39 }
40
41 {
42 service_description = "no mdadm array is degraded";
43 servicegroups = "webstatus-resources";
44 }
45
46 {
47 service_description = "ntp is activated and working";
48 servicegroups = "webstatus-resources";
49 }
50
51 {
52 service_description = "ssh connexion responds";
53 }
54
55 {
56 service_description = "fail2ban is active";
57 servicegroups = "webstatus-resources";
58 }
59
60 {
61 service_description = "pacman packages are not too old";
62 servicegroups = "webstatus-resources";
63 freshness_threshold = "10800";
64 notification_interval = "0";
65 }
66
67 {
68 service_description = "rsync backup happened not too long ago";
69 servicegroups = "webstatus-backup";
70 }
71
72 {
73 service_description = "eriomem backup is up and not full";
74 freshness_threshold = "10800";
75 notification_interval = "120";
76 servicegroups = "webstatus-backup";
77 }
78
79 {
80 service_description = "postfix service is active";
81 }
82
83 {
84 service_description = "tinc@Immae service is active";
85 }
86
87 {
88 service_description = "sshd service is active";
89 }
90
91 {
92 service_description = "httpd service is active";
93 servicegroups = "webstatus-resources";
94 }
95
96 {
97 service_description = "postfix SSL is up to date";
98 }
99
100 {
101 service_description = "mailq is empty";
102 servicegroups = "webstatus-email";
103 }
104
105 ## Sending e-mail
106 {
107 service_description = "immae.eu email service is active";
108 servicegroups = "webstatus-email";
109 freshness_threshold = "1350";
110 }
111
112 #### Web scenarios
113 {
114 service_description = "discourse website is running on discourse.capitaines.fr";
115 freshness_threshold = "1800";
116 }
117
118 {
119 service_description = "Default website site is running on ns208507.ip-188-165-209.eu";
120 freshness_threshold = "1800";
121 }
122 ];
123}
diff --git a/modules/private/monitoring/objects_master.nix b/modules/private/monitoring/objects_master.nix
new file mode 100644
index 0000000..5b5b15f
--- /dev/null
+++ b/modules/private/monitoring/objects_master.nix
@@ -0,0 +1,38 @@
1{ config, ... }:
2{
3 contact = {
4 immae = config.myEnv.monitoring.contacts.immae // {
5 use = "generic-contact";
6 contactgroups = "admins";
7 host_notification_commands = "notify-host-by-email,notify-by-slack!$USER206$!$USER207$";
8 service_notification_commands = "notify-service-by-email,notify-by-slack!$USER206$!$USER207$";
9 };
10 };
11 command = {
12 check_passive = "$USER1$/check_dummy 3 \"Service result are stale\"";
13 };
14 templates = {
15 service = {
16 external-passive-service = {
17 active_checks_enabled = "0";
18 check_freshness = "1";
19 check_period = "24x7";
20 contact_groups = "admins";
21 event_handler_enabled = "1";
22 flap_detection_enabled = "1";
23 is_volatile = "0";
24 max_check_attempts = "3";
25 notification_interval = "60";
26 notification_options = "w,u,c,r,f,s";
27 notification_period = "24x7";
28 notifications_enabled = "1";
29 passive_checks_enabled = "1";
30 process_perf_data = "1";
31 retain_nonstatus_information = "1";
32 retain_status_information = "1";
33 retry_interval = "2";
34 check_command = "check_passive";
35 };
36 };
37 };
38}
diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix
new file mode 100644
index 0000000..a46b684
--- /dev/null
+++ b/modules/private/monitoring/objects_monitoring-1.nix
@@ -0,0 +1,665 @@
1{ config, pkgs, ... }:
2{
3 host = {
4 # Dummy host for testing
5 # "dummy-host" = {
6 # alias = "dummy.host";
7 # address = "dummy.host";
8 # use = "linux-server";
9 # check_command = "check_ok";
10 # };
11 };
12 service = [
13 # Dummy service for testing
14 # {
15 # service_description = "Dummy failing test";
16 # host_name = "dummy-host";
17 # use = "local-service";
18 # check_interval = "0.3";
19 # max_check_attempts = "1";
20 # flap_detection_enabled = "0";
21 # notification_interval = "0.1";
22 # check_command = "check_critical";
23 # }
24
25 {
26 service_description = "ftp has access to database for authentication";
27 host_name = "eldiron.immae.eu";
28 use = "external-service";
29 check_command = "check_ftp_database";
30
31 servicegroups = "webstatus-remote-services";
32 _webstatus_name = "FTP";
33 _webstatus_url = "ftp.immae.eu";
34 }
35
36 {
37 service_description = "gitolite is working";
38 host_name = "eldiron.immae.eu";
39 use = "external-web-service";
40 check_command = "check_git";
41
42 servicegroups = "webstatus-remote-services";
43 _webstatus_name = "Git";
44 _webstatus_url = "git.immae.eu";
45 }
46
47 {
48 service_description = "postfix SSL is up to date";
49 host_name = "eldiron.immae.eu";
50 use = "external-service";
51 check_command = "check_smtp";
52
53 servicegroups = "webstatus-ssl";
54 _webstatus_name = "SMTP";
55 _webstatus_url = "smtp.immae.eu";
56 }
57
58 {
59 service_description = "imap SSL is up to date";
60 host_name = "eldiron.immae.eu";
61 use = "external-service";
62 check_command = ["check_tcp_ssl" "993"];
63
64 servicegroups = "webstatus-ssl";
65 _webstatus_name = "IMAP";
66 _webstatus_url = "imap.immae.eu";
67 }
68
69 {
70 service_description = "imap connection works";
71 host_name = "eldiron.immae.eu";
72 use = "external-service";
73 check_command = "check_imap_connection";
74
75 servicegroups = "webstatus-remote-services,webstatus-email";
76 _webstatus_name = "IMAP";
77 _webstatus_url = "imap.immae.eu";
78 }
79
80 # DNS services
81 {
82 service_description = "eldiron dns is active and authoritative for aten.pro";
83 host_name = "eldiron.immae.eu";
84 use = "dns-service";
85 check_command = ["check_dns" "aten.pro" "-A"];
86
87 servicegroups = "webstatus-dns";
88 _webstatus_name = "aten.pro";
89 }
90
91 {
92 service_description = "eldiron dns is active and authoritative for bouya.org";
93 host_name = "eldiron.immae.eu";
94 use = "dns-service";
95 check_command = ["check_dns" "bouya.org" "-A"];
96
97 servicegroups = "webstatus-dns";
98 _webstatus_name = "bouya.org";
99 }
100
101 {
102 service_description = "eldiron dns is active and authoritative for filedesreves.fr";
103 host_name = "eldiron.immae.eu";
104 use = "dns-service";
105 check_command = ["check_dns" "filedesreves.fr" "-A"];
106
107 servicegroups = "webstatus-dns";
108 _webstatus_name = "filedesreves.fr";
109 }
110
111 {
112 service_description = "eldiron dns is active and authoritative for ludivinecassal.com";
113 host_name = "eldiron.immae.eu";
114 use = "dns-service";
115 check_command = ["check_dns" "ludivinecassal.com" "-A"];
116
117 servicegroups = "webstatus-dns";
118 _webstatus_name = "ludivinecassal.com";
119 }
120
121 {
122 service_description = "eldiron dns is active and authoritative for icommandeur.org";
123 host_name = "eldiron.immae.eu";
124 use = "dns-service";
125 check_command = ["check_dns" "icommandeur.org" "-A"];
126
127 servicegroups = "webstatus-dns";
128 _webstatus_name = "icommandeur.org";
129 }
130
131 {
132 service_description = "eldiron dns is active and authoritative for immae.eu";
133 host_name = "eldiron.immae.eu";
134 use = "dns-service";
135 check_command = ["check_dns" "immae.eu" "-A"];
136
137 servicegroups = "webstatus-dns";
138 _webstatus_name = "immae.eu";
139 }
140
141 {
142 service_description = "eldiron dns is active and authoritative for immae.fr";
143 host_name = "eldiron.immae.eu";
144 use = "dns-service";
145 check_command = ["check_dns" "immae.fr" "-A"];
146
147 servicegroups = "webstatus-dns";
148 _webstatus_name = "immae.fr";
149 }
150
151 {
152 service_description = "eldiron dns is active and authoritative for piedsjaloux.fr";
153 host_name = "eldiron.immae.eu";
154 use = "dns-service";
155 check_command = ["check_dns" "piedsjaloux.fr" "-A"];
156
157 servicegroups = "webstatus-dns";
158 _webstatus_name = "piedsjaloux.fr";
159 }
160
161 {
162 service_description = "eldiron dns is active and authoritative for saison-photo.org";
163 host_name = "eldiron.immae.eu";
164 use = "dns-service";
165 check_command = ["check_dns" "saison-photo.org" "-A"];
166
167 servicegroups = "webstatus-dns";
168 _webstatus_name = "saison-photo.org";
169 }
170
171 {
172 service_description = "eldiron dns is active and authoritative for tellesflorian.com";
173 host_name = "eldiron.immae.eu";
174 use = "dns-service";
175 check_command = ["check_dns" "tellesflorian.com" "-A"];
176
177 servicegroups = "webstatus-dns";
178 _webstatus_name = "tellesflorian.com";
179 }
180
181 {
182 service_description = "eldiron dns is active and authoritative for capitaines.fr";
183 host_name = "eldiron.immae.eu";
184 use = "dns-service";
185 check_command = ["check_dns" "capitaines.fr" "-A"];
186
187 servicegroups = "webstatus-dns";
188 _webstatus_name = "capitaines.fr";
189 }
190
191 {
192 service_description = "cloudns dns is active and authoritative for aten.pro";
193 host_name = "eldiron.immae.eu";
194 use = "dns-service";
195 check_command = ["check_external_dns" "pns1.cloudns.net" "aten.pro" "-A"];
196
197 servicegroups = "webstatus-dns";
198 _webstatus_name = "aten.pro (Secondary DNS ClouDNS)";
199 }
200
201 {
202 service_description = "cloudns dns is active and authoritative for bouya.org";
203 host_name = "eldiron.immae.eu";
204 use = "dns-service";
205 check_command = ["check_external_dns" "pns1.cloudns.net" "bouya.org" "-A"];
206
207 servicegroups = "webstatus-dns";
208 _webstatus_name = "bouya.org (Secondary DNS ClouDNS)";
209 }
210
211 {
212 service_description = "cloudns dns is active and authoritative for filedesreves.fr";
213 host_name = "eldiron.immae.eu";
214 use = "dns-service";
215 check_command = ["check_external_dns" "pns1.cloudns.net" "filedesreves.fr" "-A"];
216
217 servicegroups = "webstatus-dns";
218 _webstatus_name = "filedesreves.fr (Secondary DNS ClouDNS)";
219 }
220
221 {
222 service_description = "cloudns dns is active and authoritative for ludivinecassal.com";
223 host_name = "eldiron.immae.eu";
224 use = "dns-service";
225 check_command = ["check_external_dns" "pns1.cloudns.net" "ludivinecassal.com" "-A"];
226
227 servicegroups = "webstatus-dns";
228 _webstatus_name = "ludivinecassal.com (Secondary DNS ClouDNS)";
229 }
230
231 {
232 service_description = "cloudns dns is active and authoritative for icommandeur.org";
233 host_name = "eldiron.immae.eu";
234 use = "dns-service";
235 check_command = ["check_external_dns" "pns1.cloudns.net" "icommandeur.org" "-A"];
236
237 servicegroups = "webstatus-dns";
238 _webstatus_name = "icommandeur.org (Secondary DNS ClouDNS)";
239 }
240
241 {
242 service_description = "cloudns dns is active and authoritative for immae.eu";
243 host_name = "eldiron.immae.eu";
244 use = "dns-service";
245 check_command = ["check_external_dns" "pns1.cloudns.net" "immae.eu" "-A"];
246
247 servicegroups = "webstatus-dns";
248 _webstatus_name = "immae.eu (Secondary DNS ClouDNS)";
249 }
250
251 {
252 service_description = "cloudns dns is active and authoritative for immae.fr";
253 host_name = "eldiron.immae.eu";
254 use = "dns-service";
255 check_command = ["check_external_dns" "pns1.cloudns.net" "immae.fr" "-A"];
256
257 servicegroups = "webstatus-dns";
258 _webstatus_name = "immae.fr (Secondary DNS ClouDNS)";
259 }
260
261 {
262 service_description = "cloudns dns is active and authoritative for piedsjaloux.fr";
263 host_name = "eldiron.immae.eu";
264 use = "dns-service";
265 check_command = ["check_external_dns" "pns1.cloudns.net" "piedsjaloux.fr" "-A"];
266
267 servicegroups = "webstatus-dns";
268 _webstatus_name = "piedsjaloux.fr (Secondary DNS ClouDNS)";
269 }
270
271 {
272 service_description = "cloudns dns is active and authoritative for tellesflorian.com";
273 host_name = "eldiron.immae.eu";
274 use = "dns-service";
275 check_command = ["check_external_dns" "pns1.cloudns.net" "tellesflorian.com" "-A"];
276
277 servicegroups = "webstatus-dns";
278 _webstatus_name = "tellesflorian.com (Secondary DNS ClouDNS)";
279 }
280
281 {
282 service_description = "cloudns dns is active and authoritative for saison-photo.org";
283 host_name = "eldiron.immae.eu";
284 use = "dns-service";
285 check_command = ["check_external_dns" "pns1.cloudns.net" "saison-photo.org" "-A"];
286
287 servicegroups = "webstatus-dns";
288 _webstatus_name = "saison-photo.org (Secondary DNS ClouDNS)";
289 }
290
291 #### Web scenarios
292 {
293 service_description = "blog website is running on immae.eu";
294 host_name = "eldiron.immae.eu";
295 use = "external-web-service";
296 check_command = ["check_https" "www.immae.eu" "/blog/" "egrep -ri TODO /etc"];
297
298 servicegroups = "webstatus-websites";
299 _webstatus_name = "Immae’s Blog";
300 _webstatus_url = "https://www.immae.eu/blog";
301 }
302
303 {
304 service_description = "owncloud website is running on cloud.immae.eu";
305 host_name = "eldiron.immae.eu";
306 use = "external-web-service";
307 check_command = ["check_https" "cloud.immae.eu" "/" "a safe home for all your data"];
308
309 servicegroups = "webstatus-webapps";
310 _webstatus_name = "Nextcloud";
311 _webstatus_url = "https://cloud.immae.eu";
312 }
313
314 {
315 service_description = "davical website is running on dav.immae.eu";
316 host_name = "eldiron.immae.eu";
317 use = "external-web-service";
318 check_command = ["check_https" "dav.immae.eu" "/davical/" "Log On Please"];
319
320 servicegroups = "webstatus-webapps";
321 _webstatus_name = "Davical";
322 _webstatus_url = "https://dav.immae.eu/davical";
323 }
324
325 {
326 service_description = "adminer website is running on tools.immae.eu";
327 host_name = "eldiron.immae.eu";
328 use = "external-web-service";
329 check_command = ["check_https_auth" "tools.immae.eu" "/adminer/" "www.adminer.org"];
330
331 servicegroups = "webstatus-webapps";
332 _webstatus_name = "Adminer";
333 _webstatus_url = "https://tools.immae.eu/adminer/";
334 }
335
336 {
337 service_description = "ttrss website is running on tools.immae.eu";
338 host_name = "eldiron.immae.eu";
339 use = "external-web-service";
340 check_command = ["check_https" "tools.immae.eu" "/ttrss/" "<title>Tiny Tiny RSS"];
341
342 servicegroups = "webstatus-webapps";
343 _webstatus_name = "TT-RSS";
344 _webstatus_url = "https://tools.immae.eu/ttrss/";
345 }
346
347 {
348 service_description = "mpd website is running on tools.immae.eu";
349 host_name = "eldiron.immae.eu";
350 use = "external-web-service";
351 check_command = ["check_https_auth" "tools.immae.eu" "/mpd/" "<title>ympd"];
352
353 servicegroups = "webstatus-webapps";
354 _webstatus_name = "MPD (YMPD)";
355 _webstatus_url = "https://tools.immae.eu/mpd/";
356 }
357
358 {
359 service_description = "rompr mpd website is running on tools.immae.eu";
360 host_name = "eldiron.immae.eu";
361 use = "external-web-service";
362 check_command = ["check_https_auth" "tools.immae.eu" "/rompr/" "<title>RompЯ"];
363
364 servicegroups = "webstatus-webapps";
365 _webstatus_name = "MPD (ROMPR)";
366 _webstatus_url = "https://tools.immae.eu/rompr/";
367 }
368
369 {
370 service_description = "wallabag website is running on tools.immae.eu";
371 host_name = "eldiron.immae.eu";
372 use = "external-web-service";
373 check_command = ["check_https" "tools.immae.eu" "/wallabag/" "<title>Bienvenue sur wallabag"];
374
375 servicegroups = "webstatus-webapps";
376 _webstatus_name = "Wallabag";
377 _webstatus_url = "https://tools.immae.eu/wallabag/";
378 }
379
380 {
381 service_description = "yourl website is running on tools.immae.eu";
382 host_name = "eldiron.immae.eu";
383 use = "external-web-service";
384 check_command = ["check_https" "tools.immae.eu" "/url/admin/" "<title>YOURLS"];
385
386 servicegroups = "webstatus-webapps";
387 _webstatus_name = "YOURLS";
388 _webstatus_url = "https://tools.immae.eu/url/admin/";
389 }
390
391 {
392 service_description = "roundcube website is running on mail.immae.eu";
393 host_name = "eldiron.immae.eu";
394 use = "external-web-service";
395 check_command = ["check_https_code" "mail.immae.eu" "/roundcube/" "401" "<title>Roundcube"];
396
397 servicegroups = "webstatus-webapps,webstatus-email";
398 _webstatus_name = "Roundcube";
399 _webstatus_url = "https://mail.immae.eu/roundcube/";
400 }
401
402 {
403 service_description = "dokuwiki website is running on tools.immae.eu";
404 host_name = "eldiron.immae.eu";
405 use = "external-web-service";
406 check_command = ["check_https" "tools.immae.eu" "/dokuwiki/" "<title>start"];
407
408 servicegroups = "webstatus-webapps";
409 _webstatus_name = "Dokuwiki";
410 _webstatus_url = "https://tools.immae.eu/dokuwiki/";
411 }
412
413 {
414 service_description = "shaarli website is running on tools.immae.eu";
415 host_name = "eldiron.immae.eu";
416 use = "external-web-service";
417 check_command = ["check_https" "tools.immae.eu" "/Shaarli/immae" "<title>Immae"];
418
419 servicegroups = "webstatus-webapps";
420 _webstatus_name = "Shaarli";
421 _webstatus_url = "https://tools.immae.eu/Shaarli/";
422 }
423
424 {
425 service_description = "ldap website is running on tools.immae.eu";
426 host_name = "eldiron.immae.eu";
427 use = "external-web-service";
428 check_command = ["check_https" "tools.immae.eu" "/ldap/" "<title>phpLDAPadmin"];
429
430 servicegroups = "webstatus-webapps";
431 _webstatus_name = "LDAP";
432 _webstatus_url = "https://tools.immae.eu/ldap/";
433 }
434
435 {
436 service_description = "gitweb website is running on git.immae.eu";
437 host_name = "eldiron.immae.eu";
438 use = "external-web-service";
439 check_command = ["check_https" "git.immae.eu" "/" "git web interface"];
440
441 servicegroups = "webstatus-webapps";
442 _webstatus_name = "Git";
443 _webstatus_url = "https://git.immae.eu/";
444 }
445
446 {
447 service_description = "mantisbt website is running on git.immae.eu";
448 host_name = "eldiron.immae.eu";
449 use = "external-web-service";
450 check_command = ["check_https" "git.immae.eu" "/mantisbt/" "<title>My View - MantisBT"];
451
452 servicegroups = "webstatus-webapps";
453 _webstatus_name = "Mantisbt";
454 _webstatus_url = "https://git.immae.eu/mantisbt";
455 }
456
457 {
458 service_description = "diaspora website is running on diaspora.immae.eu";
459 host_name = "eldiron.immae.eu";
460 use = "external-web-service";
461 check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"];
462
463 servicegroups = "webstatus-webapps";
464 _webstatus_name = "Diaspora";
465 _webstatus_url = "https://diaspora.immae.eu/";
466 }
467
468 {
469 service_description = "peertube website is running on peertube.immae.eu";
470 host_name = "eldiron.immae.eu";
471 use = "external-web-service";
472 check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"];
473
474 servicegroups = "webstatus-webapps";
475 _webstatus_name = "Peertube";
476 _webstatus_url = "https://peertube.immae.eu/";
477 }
478
479 {
480 service_description = "etherpad website is running on ether.immae.eu";
481 host_name = "eldiron.immae.eu";
482 use = "external-web-service";
483 check_command = ["check_https" "ether.immae.eu" "/" "<title>Etherpad"];
484
485 servicegroups = "webstatus-webapps";
486 _webstatus_name = "Etherpad";
487 _webstatus_url = "https://ether.immae.eu/";
488 }
489
490 {
491 service_description = "mediagoblin website is running on mgoblin.immae.eu";
492 host_name = "eldiron.immae.eu";
493 use = "external-web-service";
494 check_command = ["check_https" "mgoblin.immae.eu" "/" "<title>GNU MediaGoblin"];
495
496 servicegroups = "webstatus-webapps";
497 _webstatus_name = "Mediagoblin";
498 _webstatus_url = "https://mgoblin.immae.eu/";
499 }
500
501 {
502 service_description = "mastodon website is running on mastodon.immae.eu";
503 host_name = "eldiron.immae.eu";
504 use = "external-web-service";
505 check_command = ["check_https" "mastodon.immae.eu" "/" "Mastodon</title>"];
506
507 servicegroups = "webstatus-webapps";
508 _webstatus_name = "Mastodon";
509 _webstatus_url = "https://mastodon.immae.eu/";
510 }
511
512 # Other web pages
513 {
514 service_description = "Jerome website is running on naturaloutil.immae.eu";
515 host_name = "eldiron.immae.eu";
516 use = "external-web-service";
517 check_command = ["check_https" "naturaloutil.immae.eu" "/ping.php" "YES"];
518
519 servicegroups = "webstatus-websites";
520 _webstatus_name = "naturaloutil.immae.eu";
521 _webstatus_url = "https://naturaloutil.immae.eu/";
522 }
523
524 {
525 service_description = "Telio website is running on realistesmedia.fr";
526 host_name = "eldiron.immae.eu";
527 use = "external-web-service";
528 check_command = ["check_https" "realistesmedia.fr" "/" "<title>Réal'istes"];
529 contact_groups = "telio-tortay";
530 }
531
532 {
533 service_description = "Chloe website site is running on osteopathe-cc.fr";
534 host_name = "eldiron.immae.eu";
535 use = "external-web-service";
536 check_command = ["check_https" "www.osteopathe-cc.fr" "/" "<title>Chloé Condamin ostéopathe D.O."];
537
538 servicegroups = "webstatus-websites";
539 _webstatus_name = "osteopathe-cc.fr";
540 _webstatus_url = "https://www.osteopathe-cc.fr/";
541 }
542
543 {
544 service_description = "Richie website is running on europe-richie.org";
545 host_name = "eldiron.immae.eu";
546 use = "external-web-service";
547 check_command = ["check_https" "www.europe-richie.org" "/" "<title>.Europe Richie]"];
548
549 servicegroups = "webstatus-websites";
550 _webstatus_name = "europe-richie.org";
551 _webstatus_url = "https://www.europe-richie.org/";
552 }
553
554 {
555 service_description = "Ludivine website site is running on ludivinecassal.com";
556 host_name = "eldiron.immae.eu";
557 use = "external-web-service";
558 check_command = ["check_https" "www.ludivinecassal.com" "/" "<title>Ludivine Cassal"];
559
560 servicegroups = "webstatus-websites";
561 _webstatus_name = "ludivinecassal.com";
562 _webstatus_url = "https://www.ludivinecassal.com/";
563 }
564
565 {
566 service_description = "Aten website site is running on aten.pro";
567 host_name = "eldiron.immae.eu";
568 use = "external-web-service";
569 check_command = ["check_https" "aten.pro" "/" "<title>ATEN"];
570
571 servicegroups = "webstatus-websites";
572 _webstatus_name = "aten.pro";
573 _webstatus_url = "https://aten.pro/";
574 }
575
576 {
577 service_description = "PiedsJaloux website site is running on piedsjaloux.fr";
578 host_name = "eldiron.immae.eu";
579 use = "external-web-service";
580 check_command = ["check_https" "www.piedsjaloux.fr" "/" "<title>Les Pieds Jaloux"];
581
582 servicegroups = "webstatus-websites";
583 _webstatus_name = "piedsjaloux.fr";
584 _webstatus_url = "https://www.piedsjaloux.fr/";
585 }
586
587 {
588 service_description = "Denise and Jerome website site is running on denisejerome.piedsjaloux.fr";
589 host_name = "eldiron.immae.eu";
590 use = "external-web-service";
591 check_command = ["check_https" "denisejerome.piedsjaloux.fr" "/" "<title>Accueil - Mariage"];
592
593 servicegroups = "webstatus-websites";
594 _webstatus_name = "denisejerome.piedsjaloux.fr";
595 _webstatus_url = "https://denisejerome.piedsjaloux.fr/";
596 }
597
598 {
599 service_description = "Connexionswing website site is running on connexionswing.com";
600 host_name = "eldiron.immae.eu";
601 use = "external-web-service";
602 check_command = ["check_https" "www.connexionswing.com" "/" "<title>Cours, stages"];
603
604 servicegroups = "webstatus-websites";
605 _webstatus_name = "connexionswing.com";
606 _webstatus_url = "https://www.connexionswing.com/";
607 }
608
609 {
610 service_description = "Sandetludo website site is running on sandetludo.com";
611 host_name = "eldiron.immae.eu";
612 use = "external-web-service";
613 check_command = ["check_https" "www.sandetludo.com" "/" "<title>Cours de West Coast"];
614
615 servicegroups = "webstatus-websites";
616 _webstatus_name = "sandetludo.com";
617 _webstatus_url = "https://www.sandetludo.com/";
618 }
619
620 {
621 service_description = "Maison bbc accepts add requests on http";
622 host_name = "eldiron.immae.eu";
623 use = "external-web-service";
624 check_command = [ "check_http" "maison.bbc.bouya.org" "/add.php" "^$"];
625 }
626
627 {
628 service_description = "Maison bbc has up to date data";
629 host_name = "eldiron.immae.eu";
630 use = "generic-service";
631 contact_groups = "maison-bbc";
632 notification_interval = "1440";
633 check_command = "check_maison_bbc";
634 flap_detection_enabled = "0";
635 max_check_attempts = "1";
636 }
637
638 # SSL
639 {
640 service_description = "ldap SSL is up to date";
641 host_name = "eldiron.immae.eu";
642 use = "external-service";
643 check_command = ["check_tcp_ssl" "636"];
644
645 servicegroups = "webstatus-ssl";
646 _webstatus_name = "LDAP";
647 _webstatus_url = "ldap.immae.eu";
648 }
649 ];
650 contact = {
651 telio-tortay = config.myEnv.monitoring.contacts.telio-tortay // {
652 use = "generic-contact";
653 contactgroups = "telio-tortay";
654 };
655 papa = config.myEnv.monitoring.contacts.papa // {
656 use = "generic-contact";
657 contactgroups = "maison-bbc";
658 service_notification_commands = "notify-maison-bbc-by-email";
659 };
660 };
661 contactgroup = {
662 maison-bbc = { alias = "Maison BBC"; };
663 telio-tortay = { alias = "Telio Tortay"; members = "immae"; };
664 };
665}
diff --git a/modules/private/monitoring/objects_phare.nix b/modules/private/monitoring/objects_phare.nix
new file mode 100644
index 0000000..ab46436
--- /dev/null
+++ b/modules/private/monitoring/objects_phare.nix
@@ -0,0 +1,22 @@
1{ ... }:
2{
3 host = {
4 "phare.normalesup.org" = {
5 alias = "phare.normalesup.org";
6 address = "phare.normalesup.org";
7 use = "linux-server";
8 hostgroups = "webstatus-hosts";
9 _webstatus_name = "phare";
10 };
11 };
12 service = [
13 {
14 service_description = "phare.normalesup.org email service is active";
15 use = "external-passive-service";
16 host_name = "phare.normalesup.org";
17 freshness_threshold = "1350";
18 retry_interval = "1";
19 servicegroups = "webstatus-email";
20 }
21 ];
22}
diff --git a/modules/private/monitoring/objects_tiboqorl-fr.nix b/modules/private/monitoring/objects_tiboqorl-fr.nix
new file mode 100644
index 0000000..847143e
--- /dev/null
+++ b/modules/private/monitoring/objects_tiboqorl-fr.nix
@@ -0,0 +1,12 @@
1{ ... }:
2{
3 host = {
4 "tiboqorl.fr" = {
5 alias = "tiboqorl.fr";
6 address = "tiboqorl.fr";
7 use = "linux-server";
8 hostgroups = "webstatus-hosts";
9 _webstatus_name = "tiboqorl";
10 };
11 };
12}
diff --git a/modules/private/monitoring/objects_ulminfo-fr.nix b/modules/private/monitoring/objects_ulminfo-fr.nix
new file mode 100644
index 0000000..87a3e05
--- /dev/null
+++ b/modules/private/monitoring/objects_ulminfo-fr.nix
@@ -0,0 +1,22 @@
1{ ... }:
2{
3 host = {
4 "ulminfo.fr" = {
5 alias = "ulminfo.fr";
6 address = "ulminfo.fr";
7 use = "linux-server";
8 hostgroups = "webstatus-hosts";
9 _webstatus_name = "ulminfo";
10 };
11 };
12 service = [
13 {
14 service_description = "ulminfo.fr email service is active";
15 use = "external-passive-service";
16 host_name = "ulminfo.fr";
17 freshness_threshold = "1350";
18 retry_interval = "1";
19 servicegroups = "webstatus-email";
20 }
21 ];
22}
diff --git a/modules/private/monitoring/plugins/check_ftp_database b/modules/private/monitoring/plugins/check_ftp_database
new file mode 100755
index 0000000..9a41424
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_ftp_database
@@ -0,0 +1,11 @@
1#!/usr/bin/env bash
2
3OUT=$(echo "ls" | lftp -u test_ftp,test_ftp eldiron.immae.eu | grep it_works | wc -l)
4
5if [ "$OUT" -eq 1 ]; then
6 echo "ftp connection OK - access to ftp is working"
7 exit 0
8else
9 echo "ftp connection CRITICAL - no access to ftp"
10 exit 2
11fi
diff --git a/modules/private/monitoring/plugins/check_git b/modules/private/monitoring/plugins/check_git
new file mode 100755
index 0000000..8c09925
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_git
@@ -0,0 +1,68 @@
1#!/usr/bin/env bash
2
3SSH_KEY="$1"
4
5TMPDIR=$(mktemp -d)
6
7if [ ! -d "$TMPDIR" ]; then
8 echo "gitolite UNKNOWN - impossible to create temp dir"
9 exit 3
10fi
11
12trap "rm -rf $TMPDIR" EXIT
13
14ERRORS=""
15OUTPUT=""
16
17cd "$TMPDIR"
18OUT=$(git clone -q git://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1)
19ERR=$?
20if [ -n "$OUT" ]; then
21OUTPUT="$OUTPUT
22$OUT"
23fi
24if [ "$ERR" != 0 ]; then
25 ERRORS="$ERRORS git://"
26fi
27rm -rf Monitor
28
29OUT=$(git clone -q http://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1)
30ERR=$?
31if [ -n "$OUT" ]; then
32OUTPUT="$OUTPUT
33$OUT"
34fi
35if [ "$ERR" != 0 ]; then
36 ERRORS="$ERRORS http://"
37fi
38rm -rf Monitor
39
40OUT=$(git clone -q https://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1)
41ERR=$?
42if [ -n "$OUT" ]; then
43OUTPUT="$OUTPUT
44$OUT"
45fi
46if [ "$ERR" != 0 ]; then
47 ERRORS="$ERRORS https://"
48fi
49rm -rf Monitor
50
51OUT=$(GIT_SSH_COMMAND="ssh -i $SSH_KEY -o BatchMode=yes -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no" git clone -q gitolite@git.immae.eu:perso/Immae/Projets/Ruby/Monitor 2>&1)
52ERR=$?
53if [ -n "$OUT" ]; then
54OUTPUT="$OUTPUT
55$OUT"
56fi
57if [ "$ERR" != 0 ]; then
58 ERRORS="$ERRORS ssh"
59fi
60rm -rf Monitor
61
62if [ -n "$ERRORS" ]; then
63 echo "gitolite CRITICAL - impossible to clone via$ERRORS|$OUTPUT"
64 exit 2
65else
66 echo "gitolite OK - ssh, git, http and https work|$OUTPUT"
67 exit 0
68fi
diff --git a/modules/private/monitoring/plugins/check_imap_connection b/modules/private/monitoring/plugins/check_imap_connection
new file mode 100755
index 0000000..304eae6
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_imap_connection
@@ -0,0 +1,52 @@
1#!/usr/bin/env perl
2
3use strict;
4use Getopt::Std;
5$| = 1;
6
7my %opts;
8getopts('h:u:p:H:', \%opts);
9
10my $STATE_OK = 0;
11my $STATE_WARNING = 1;
12my $STATE_CRITICAL = 2;
13my $STATE_UNKNOWN = 3;
14
15if ($opts{'h'} || !$opts{'u'} || !$opts{'p'} || !$opts{'H'}) {
16 &print_help();
17 exit($STATE_UNKNOWN);
18}
19
20my $user = $opts{'u'};
21my $password = $opts{'p'};
22my $host = $opts{'H'};
23
24my $cmd_result = `(echo "a login $user $password"; echo "b logout") | openssl s_client -quiet -ign_eof -connect $host -starttls imap 2>&1`;
25my $expected_result = "a OK Logged in";
26
27chomp($cmd_result);
28if ($cmd_result !~ /$expected_result/) {
29 print "IMAP CRITICAL - Unable to connect via imaps\n";
30 exit($STATE_CRITICAL);
31} else {
32 print "IMAP OK - imaps connected successfully\n";
33 exit($STATE_OK);
34}
35
36sub print_help() {
37 print << "EOF";
38Check whether imap works via ssl and is able to connect its database.
39
40Options:
41-h
42 Print detailed help screen
43-u
44 User to log in as
45-p
46 Password to log in
47-H
48 Host to log in to
49
50EOF
51}
52
diff --git a/modules/private/monitoring/plugins/check_maison_bbc b/modules/private/monitoring/plugins/check_maison_bbc
new file mode 100755
index 0000000..43a5817
--- /dev/null
+++ b/modules/private/monitoring/plugins/check_maison_bbc
@@ -0,0 +1,41 @@
1#!/usr/bin/env bash
2
3# kw, kwh, th_hr Bureau, th_hr Chambre_RDC, th_hr Exterieure, th_hr
4# Garage, th_hr Mezzanine, th_hr Sejour, th_hr Soufflage
5
6alert=$(date +"%F %H:%M:%S" -d "3 hours ago")
7res=$(curl https://maison.bbc.bouya.org/stats.php)
8
9ignored_text="th_hr Exterieure th_hr Soufflage"
10
11ignored_bat="^$"
12ignored="^(th_hr Exterieure|th_hr Soufflage)$"
13
14missing() {
15 echo "to_entries|[.[]|select(.value < \"$alert\" and .key != \"bat\" $1)|.key + \": \" + .value]|join(\" ; \")"
16}
17
18missing_check=$(echo "$res" | jq -r "$(missing "and (.key | test(\"$ignored\") | not)")")
19missing_show=$(echo "$res" | jq -r "$(missing "")")
20
21battery() {
22 echo ".bat|to_entries|[.[]|select((.value[0] < \"$alert\" or (.value[1] | test(\"^0|1|2$\") | not)) $1)|.key + \": \" + .value[0] + \" bat \" + .value[1]]|join(\" ; \")"
23}
24
25bat_check=$(echo "$res" | jq -r "$(battery "and (.key | test(\"$ignored_bat\") | not)")")
26bat_show=$(echo "$res" | jq -r "$(battery "")")
27
28if [ -n "$missing_check" -o -n "$bat_check" ]; then
29 text=""
30 if [ -n "$missing_show" ]; then
31 text="$text - Dernières dates: $missing_show"
32 fi
33 if [ -n "$bat_show" ]; then
34 text="$text - Batteries: $bat_show"
35 fi
36 echo "Zibase CRITICAL$text"
37 exit 2
38else
39 echo "Zibase OK - Derniers événements il y a moins de 3h (ignorés : $ignored_text)"
40 exit 0
41fi
diff --git a/modules/private/monitoring/plugins/notify_by_email b/modules/private/monitoring/plugins/notify_by_email
index ad0dcc7..959db26 100755
--- a/modules/private/monitoring/plugins/notify_by_email
+++ b/modules/private/monitoring/plugins/notify_by_email
@@ -26,6 +26,4 @@ else
26 subject="** $NOTIFICATION_TYPE Service Alert: $HOST_ALIAS/$SERVICEDESC is $SERVICESTATE **" 26 subject="** $NOTIFICATION_TYPE Service Alert: $HOST_ALIAS/$SERVICEDESC is $SERVICESTATE **"
27fi 27fi
28 28
29# sendwait waits for sendmail to finish its job, otherwise it continues in the 29echo "$message" | MAILRC=/dev/null mail -r "$ADMINEMAIL" -n -s "$subject" "$CONTACT"
30# background and gets killed too early
31echo "$message" | MAILRC=/dev/null mail -r "naemon@immae.eu" -n -Ssendwait -s "$subject" "$CONTACT"
diff --git a/modules/private/monitoring/plugins/notify_by_slack b/modules/private/monitoring/plugins/notify_by_slack
new file mode 100755
index 0000000..b59a403
--- /dev/null
+++ b/modules/private/monitoring/plugins/notify_by_slack
@@ -0,0 +1,46 @@
1#!/usr/bin/env bash
2
3SLACK_CHANNEL="$1"
4SLACK_USERNAME="Naemon"
5SLACK_URL="$2"
6SLACK_USERICON="https://release.immae.eu/monitoring.png"
7
8if [ "$SERVICESTATE" = "CRITICAL" ]; then
9 ICON=":exclamation:"
10 COLOR="#DA0505"
11elif [ "$SERVICESTATE" = "WARNING" ]; then
12 ICON=":warning:"
13 COLOR="#F1E903"
14elif [ "$SERVICESTATE" = "OK" ]; then
15 ICON=":white_check_mark:"
16 COLOR="#36a64f"
17elif [ "$SERVICESTATE" = "UNKNOWN" ]; then
18 ICON=":question:"
19 COLOR="#000000"
20else
21 ICON=":white_medium_square:"
22 COLOR="#ffffff"
23fi
24
25payload=$(echo "{}" | jq -r \
26 --arg "icon_url" "$SLACK_USERICON" \
27 --arg "channel" "$SLACK_CHANNEL" \
28 --arg "username" "$SLACK_USERNAME" \
29 --arg "text" "${ICON} ${SERVICEDESC} on ${HOST} is ${SERVICESTATE}" \
30 --arg "color" "$COLOR" \
31 --arg "host" "$HOST" \
32 --arg "desc" "$SERVICEDESC" \
33 --arg "state" "$SERVICESTATE" \
34 --arg "output" "$SERVICEOUTPUT" \
35 '.icon_url = $icon_url |
36 .channel = $channel |
37 .username = $username |
38 .text = $text |
39 .attachments = [{fallback:"", color:$color,fields: [{},{},{},{}]}] |
40 .attachments[0].fields[0] = {title:"Host",value:$host,short:true} |
41 .attachments[0].fields[1] = {title:"Service description",value:$desc,short:true} |
42 .attachments[0].fields[2] = {title:"Status",value:$state,short:true} |
43 .attachments[0].fields[3] = {title:"Message",value:$output,short:false}
44 ')
45
46curl -X POST --data "payload=$payload" $SLACK_URL
diff --git a/modules/private/monitoring/plugins/notify_maison_bbc_by_email b/modules/private/monitoring/plugins/notify_maison_bbc_by_email
new file mode 100755
index 0000000..84958b8
--- /dev/null
+++ b/modules/private/monitoring/plugins/notify_maison_bbc_by_email
@@ -0,0 +1,27 @@
1#!/usr/bin/env bash
2
3# $1 = service/host
4
5# $2 = type (PROBLEM RECOVERY ACKNOWLEDGEMENT FLAPPINGSTART FLAPPINGSTOP FLAPPINGDISABLED DOWNTIMESTART DOWNTIMESTOP DOWNTIMECANCELLED)
6# http://www.naemon.org/documentation/usersguide/macrolist.html#notificationtype
7
8# $3 = host alias
9
10# $4 = date (YYYY-MM-DDTHH:MM:SS)
11
12# $5 = E-mail
13
14NOTIFICATION_TYPE="$2"
15DATE="$4"
16CONTACT="$5"
17
18output=$(echo "$SERVICEOUTPUT" | awk '{gsub(" - ", "\n\n", $0); gsub (" (;|:) ", "\n ", $0); gsub(" dates: ", " dates:\n ", $0); gsub("Batteries: ", "Batteries:\n ", $0); print $0}')
19if [ "$NOTIFICATION_TYPE" = "RECOVERY" ]; then
20 subject="Fin d'alerte Maison BBC Zibase"
21 message=$(printf "%b" "Alerte terminée le $DATE.\nInformations:\n$output")
22else
23 subject="Alerte Maison BBC Zibase"
24 message=$(printf "%b" "Alerte lancée le $DATE.\nInformations:\n$output")
25fi
26
27echo "$message" | MAILRC=/dev/null mail -r "$ADMINEMAIL" -n -s "$subject" "$CONTACT"
diff --git a/modules/private/monitoring/to_objects.nix b/modules/private/monitoring/to_objects.nix
index 5ad76e0..7b4b523 100644
--- a/modules/private/monitoring/to_objects.nix
+++ b/modules/private/monitoring/to_objects.nix
@@ -17,7 +17,7 @@ let
17 define service { 17 define service {
18 ${builtins.concatStringsSep "\n" (mapAttrsToList (k: v: 18 ${builtins.concatStringsSep "\n" (mapAttrsToList (k: v:
19 " ${pad 30 k} ${toStr k v}" 19 " ${pad 30 k} ${toStr k v}"
20 ) service)} 20 ) (filterAttrs (k: v: ! builtins.elem k ["passiveInfo" "filter"]) service))}
21 } 21 }
22 ''; 22 '';
23 toServices = services: builtins.concatStringsSep "\n" (map toService services); 23 toServices = services: builtins.concatStringsSep "\n" (map toService services);
@@ -59,7 +59,7 @@ let
59 then toCommands v 59 then toCommands v
60 else if keyname == "templates" 60 else if keyname == "templates"
61 then toTemplates v 61 then toTemplates v
62 else if builtins.elem keyname ["host" "contactgroup" "contact" "timeperiod"] 62 else if builtins.elem keyname ["hostgroup" "host" "contactgroup" "contact" "timeperiod" "servicegroup"]
63 then toOthers keyname v 63 then toOthers keyname v
64 else ""; 64 else "";
65 toObjects = v: builtins.concatStringsSep "\n" (mapAttrsToList toObjects' v); 65 toObjects = v: builtins.concatStringsSep "\n" (mapAttrsToList toObjects' v);
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
new file mode 100644
index 0000000..1460478
--- /dev/null
+++ b/modules/private/system/monitoring-1.nix
@@ -0,0 +1,41 @@
1{ privateFiles }:
2{ config, pkgs, resources, ... }:
3{
4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 hostEnv.FQDN = "monitoring-1.v.immae.eu";
7
8 imports = builtins.attrValues (import ../..);
9
10 deployment = {
11 targetEnv = "hetznerCloud";
12 hetznerCloud = {
13 authToken = config.myEnv.hetznerCloud.authToken;
14 datacenter = "hel1-dc2";
15 location ="hel1";
16 serverType = "cx11";
17 };
18 };
19
20 myServices.monitoring.enable = true;
21 myServices.monitoring.master = true;
22 myServices.status.enable = true;
23 networking = {
24 firewall.enable = true;
25 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
26 (n: ips: { address = ips.ip4; prefixLength = 32; })
27 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.monitoring-1.ips);
28 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
29 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
30 config.myEnv.servers.monitoring-1.ips);
31 defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
32 };
33 myServices.mailRelay.enable = true;
34
35 # This value determines the NixOS release with which your system is
36 # to be compatible, in order to avoid breaking some software such as
37 # database servers. You should change this only after NixOS release
38 # notes say you should.
39 # https://nixos.org/nixos/manual/release-notes.html
40 system.stateVersion = "19.03"; # Did you read the comment?
41}
diff --git a/nixops/Makefile b/nixops/Makefile
index 5e654ee..02d34f8 100644
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -36,6 +36,9 @@ ssh-eldiron:
36ssh-backup-2: 36ssh-backup-2:
37 $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) 37 $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS)
38 38
39ssh-monitoring-1:
40 $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS)
41
39info: 42info:
40 $(NIXOPS_PRIV) list 43 $(NIXOPS_PRIV) list
41 $(NIXOPS_PRIV) info 44 $(NIXOPS_PRIV) info
@@ -74,11 +77,15 @@ list-generations:
74delete-generations: 77delete-generations:
75 nix-env -p $(profile) --delete-generations $(GEN) 78 nix-env -p $(profile) --delete-generations $(GEN)
76 $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) 79 $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
80 $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
81 $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
77.PHONY: delete-generations 82.PHONY: delete-generations
78 83
79cleanup: delete-generations 84cleanup: delete-generations
80 nix-store --gc 85 nix-store --gc
81 $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc 86 $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc
87 $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc
88 $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc
82.PHONY: cleanup 89.PHONY: cleanup
83 90
84###### Pull environment and deployment from remote 91###### Pull environment and deployment from remote
diff --git a/nixops/default.nix b/nixops/default.nix
index 45a235e..5f4f4d2 100644
--- a/nixops/default.nix
+++ b/nixops/default.nix
@@ -9,4 +9,5 @@
9 resources.sshKeyPairs.ssh-key = {}; 9 resources.sshKeyPairs.ssh-key = {};
10 eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; 10 eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; };
11 backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; 11 backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; };
12 monitoring-1 = import ../modules/private/system/monitoring-1.nix { inherit privateFiles; };
12} 13}