diff options
Diffstat (limited to 'flakes/private/monitoring/myplugins.nix')
-rw-r--r-- | flakes/private/monitoring/myplugins.nix | 400 |
1 files changed, 400 insertions, 0 deletions
diff --git a/flakes/private/monitoring/myplugins.nix b/flakes/private/monitoring/myplugins.nix new file mode 100644 index 0000000..35730bb --- /dev/null +++ b/flakes/private/monitoring/myplugins.nix | |||
@@ -0,0 +1,400 @@ | |||
1 | { sudo, pkgs, lib, config }: | ||
2 | let | ||
3 | cfg = config.myServices.monitoring; | ||
4 | in | ||
5 | { | ||
6 | notify-secondary = { | ||
7 | resources = { | ||
8 | USER200 = config.myEnv.monitoring.status_url; | ||
9 | USER201 = config.myEnv.monitoring.status_token; | ||
10 | }; | ||
11 | commands = { | ||
12 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\""; | ||
13 | }; | ||
14 | chunk = '' | ||
15 | cp ${./plugins}/send_nrdp.sh $out | ||
16 | patchShebangs $out/send_nrdp.sh | ||
17 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | ||
18 | pkgs.curl pkgs.jq | ||
19 | ]} | ||
20 | ''; | ||
21 | }; | ||
22 | notify-primary = { | ||
23 | resources = { | ||
24 | USER210 = config.myEnv.monitoring.apprise_urls; | ||
25 | }; | ||
26 | commands = { | ||
27 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
28 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
29 | # $OVE is to force naemon to run via shell instead of execve which fails here | ||
30 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | ||
31 | notify-host-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_apprise host \"$ARG1$\""; | ||
32 | notify-service-by-apprise = "HOST=\"$HOSTALIAS$\" NOTIFICATIONTYPE=\"$NOTIFICATIONTYPE$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_apprise service \"$ARG1$\""; | ||
33 | }; | ||
34 | chunk = '' | ||
35 | cp ${./plugins}/{notify_by_email,notify_by_apprise} $out | ||
36 | patchShebangs $out/{notify_by_email,notify_by_apprise} | ||
37 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | ||
38 | pkgs.mailutils | ||
39 | ]} | ||
40 | wrapProgram $out/notify_by_apprise --prefix PATH : ${lib.makeBinPath [ | ||
41 | pkgs.apprise | ||
42 | ]} | ||
43 | ''; | ||
44 | }; | ||
45 | bandwidth = { | ||
46 | commands = { | ||
47 | check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$"; | ||
48 | }; | ||
49 | chunk = '' | ||
50 | cp ${./plugins}/check_bandwidth $out/ | ||
51 | patchShebangs $out/check_bandwidth | ||
52 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | ||
53 | pkgs.iproute pkgs.bc | ||
54 | ]} | ||
55 | ''; | ||
56 | }; | ||
57 | command = { | ||
58 | commands = { | ||
59 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | ||
60 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | ||
61 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | ||
62 | }; | ||
63 | chunk = '' | ||
64 | cp ${./plugins}/check_command $out/ | ||
65 | patchShebangs $out/check_command | ||
66 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | ||
67 | ''; | ||
68 | }; | ||
69 | dns = { | ||
70 | commands = { | ||
71 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | ||
72 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | ||
73 | }; | ||
74 | }; | ||
75 | mdadm = { | ||
76 | commands = { | ||
77 | check_mdadm = "$USER2$/check_command -c \"${pkgs.mdadm}/bin/mdadm --monitor --scan -1\" -s 0 -o \"^$\" -r root"; | ||
78 | }; | ||
79 | sudo = _: { | ||
80 | commands = [ | ||
81 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | ||
82 | ]; | ||
83 | runAs = "root"; | ||
84 | }; | ||
85 | }; | ||
86 | postfix = { | ||
87 | commands = { | ||
88 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; | ||
89 | }; | ||
90 | sudo = _: { | ||
91 | commands = [ | ||
92 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | ||
93 | ]; | ||
94 | runAs = "root"; | ||
95 | }; | ||
96 | }; | ||
97 | emails = { | ||
98 | resources = { | ||
99 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | ||
100 | }; | ||
101 | commands = { | ||
102 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | ||
103 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | ||
104 | }; | ||
105 | chunk = let | ||
106 | send_mails = pkgs.runCommand "send_mails" { | ||
107 | buildInputs = [ pkgs.makeWrapper ]; | ||
108 | } '' | ||
109 | mkdir -p $out/bin | ||
110 | cp ${./send_mails} $out/bin/send_mails | ||
111 | patchShebangs $out | ||
112 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | ||
113 | pkgs.mailutils | ||
114 | ]} | ||
115 | ''; | ||
116 | in '' | ||
117 | cp ${./plugins}/check_emails $out/ | ||
118 | patchShebangs $out/check_emails | ||
119 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | ||
120 | pkgs.openssh send_mails | ||
121 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | ||
122 | pkgs.perlPackages.TimeDate | ||
123 | ]} | ||
124 | ''; | ||
125 | }; | ||
126 | eriomem = { | ||
127 | resources = { | ||
128 | USER208 = builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys); | ||
129 | }; | ||
130 | commands = { | ||
131 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; | ||
132 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; | ||
133 | }; | ||
134 | chunk = '' | ||
135 | cp ${./plugins}/check_eriomem $out/ | ||
136 | patchShebangs $out/check_eriomem | ||
137 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | ||
138 | pkgs.s3cmd pkgs.python38 | ||
139 | ]} | ||
140 | cp ${./plugins}/check_backup_age $out/check_backup_eriomem_age | ||
141 | patchShebangs $out/check_backup_eriomem_age | ||
142 | wrapProgram $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | ||
143 | pkgs.duplicity | ||
144 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | ||
145 | ''; | ||
146 | }; | ||
147 | file_date = { | ||
148 | commands = { | ||
149 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | ||
150 | }; | ||
151 | chunk = '' | ||
152 | cp ${./plugins}/check_last_file_date $out/ | ||
153 | patchShebangs $out/check_last_file_date | ||
154 | ''; | ||
155 | sudo = myplugins: { | ||
156 | commands = [ | ||
157 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | ||
158 | ]; | ||
159 | runAs = "ALL"; | ||
160 | }; | ||
161 | }; | ||
162 | ftp = { | ||
163 | commands = { | ||
164 | check_ftp_database = "$USER2$/check_ftp_database"; | ||
165 | }; | ||
166 | chunk = '' | ||
167 | cp ${./plugins}/check_ftp_database $out/ | ||
168 | patchShebangs $out/check_ftp_database | ||
169 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | ||
170 | pkgs.lftp | ||
171 | ]} | ||
172 | ''; | ||
173 | }; | ||
174 | git = { | ||
175 | resources = { | ||
176 | USER203 = config.secrets.fullPaths."naemon/id_rsa"; | ||
177 | }; | ||
178 | commands = { | ||
179 | check_git = "$USER2$/check_git $USER203$"; | ||
180 | }; | ||
181 | chunk = '' | ||
182 | cp ${./plugins}/check_git $out/ | ||
183 | patchShebangs $out/check_git | ||
184 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | ||
185 | pkgs.git pkgs.openssh | ||
186 | ]} | ||
187 | ''; | ||
188 | }; | ||
189 | http = { | ||
190 | resources = { | ||
191 | USER202 = config.myEnv.monitoring.http_user_password; | ||
192 | }; | ||
193 | commands = { | ||
194 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
195 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
196 | check_https_4 = "$USER1$/check_http -4 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
197 | check_https_6 = "$USER1$/check_http -6 --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
198 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
199 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | ||
200 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | ||
201 | }; | ||
202 | }; | ||
203 | imap = { | ||
204 | resources = { | ||
205 | USER204 = config.myEnv.monitoring.imap_login; | ||
206 | USER205 = config.myEnv.monitoring.imap_password; | ||
207 | }; | ||
208 | commands = { | ||
209 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | ||
210 | }; | ||
211 | chunk = '' | ||
212 | cp ${./plugins}/check_imap_connection $out/ | ||
213 | patchShebangs $out/check_imap_connection | ||
214 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | ||
215 | pkgs.openssl | ||
216 | ]} | ||
217 | ''; | ||
218 | }; | ||
219 | megaraid = let | ||
220 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | ||
221 | in { | ||
222 | commands = { | ||
223 | check_megaraid = "$USER2$/check_megaraid_sas --sudo"; | ||
224 | }; | ||
225 | chunk = let | ||
226 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | ||
227 | plugin = pkgs.fetchurl { | ||
228 | name = "check_megaraid_sas"; | ||
229 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | ||
230 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | ||
231 | }; | ||
232 | } '' | ||
233 | mkdir $out | ||
234 | cp $plugin $out/check_megaraid_sas | ||
235 | chmod +x $out/check_megaraid_sas | ||
236 | patchShebangs $out | ||
237 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | ||
238 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '${sudo} $megacli' | ||
239 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | ||
240 | ''; | ||
241 | in '' | ||
242 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | ||
243 | patchShebangs $out/check_megaraid_sas | ||
244 | ''; | ||
245 | sudo = _: { | ||
246 | commands = [ | ||
247 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | ||
248 | ]; | ||
249 | runAs = "root"; | ||
250 | }; | ||
251 | }; | ||
252 | memory = { | ||
253 | commands = { | ||
254 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | ||
255 | }; | ||
256 | chunk = '' | ||
257 | cp ${./plugins}/check_mem.sh $out/ | ||
258 | patchShebangs $out/check_mem.sh | ||
259 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | ||
260 | pkgs.gnugrep pkgs.gawk pkgs.procps | ||
261 | ]} | ||
262 | ''; | ||
263 | }; | ||
264 | mysql = { | ||
265 | commands = { | ||
266 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | ||
267 | }; | ||
268 | chunk = '' | ||
269 | cp ${./plugins}/check_mysql_replication $out/ | ||
270 | patchShebangs $out/check_mysql_replication | ||
271 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | ||
272 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | ||
273 | ]} | ||
274 | ''; | ||
275 | sudo = myplugins: { | ||
276 | commands = [ | ||
277 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | ||
278 | ]; | ||
279 | runAs = "mysql"; | ||
280 | }; | ||
281 | }; | ||
282 | openldap = { | ||
283 | commands = { | ||
284 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | ||
285 | }; | ||
286 | chunk = '' | ||
287 | cp ${./plugins}/check_openldap_replication $out/ | ||
288 | patchShebangs $out/check_openldap_replication | ||
289 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | ||
290 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | ||
291 | ]} | ||
292 | ''; | ||
293 | sudo = myplugins: { | ||
294 | commands = [ | ||
295 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | ||
296 | ]; | ||
297 | runAs = "openldap"; | ||
298 | }; | ||
299 | }; | ||
300 | ovh = { | ||
301 | resources = { | ||
302 | USER209 = builtins.concatStringsSep "," [ | ||
303 | config.myEnv.monitoring.ovh_sms.endpoint | ||
304 | config.myEnv.monitoring.ovh_sms.application_key | ||
305 | config.myEnv.monitoring.ovh_sms.application_secret | ||
306 | config.myEnv.monitoring.ovh_sms.consumer_key | ||
307 | config.myEnv.monitoring.ovh_sms.account | ||
308 | ]; | ||
309 | }; | ||
310 | commands = { | ||
311 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | ||
312 | check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\""; | ||
313 | }; | ||
314 | chunk = '' | ||
315 | cp ${./plugins}/check_backup_age $out/check_backup_ovh_age | ||
316 | patchShebangs $out/check_backup_ovh_age | ||
317 | wrapProgram $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
318 | pkgs.duplicity | ||
319 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
320 | cp ${./plugins}/check_ovh_sms $out/ | ||
321 | patchShebangs $out/check_ovh_sms | ||
322 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | ||
323 | (pkgs.python38.withPackages (ps: [ps.ovh])) | ||
324 | ]} | ||
325 | ''; | ||
326 | }; | ||
327 | postgresql = { package }: { | ||
328 | commands = { | ||
329 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | ||
330 | check_postgresql_database_count = "$USER2$/check_postgres_database_count \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | ||
331 | }; | ||
332 | chunk = '' | ||
333 | cp ${./plugins}/check_postgres_replication $out/ | ||
334 | patchShebangs $out/check_postgres_replication | ||
335 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | ||
336 | package | ||
337 | ]} | ||
338 | cp ${./plugins}/check_postgres_database_count $out/ | ||
339 | patchShebangs $out/check_postgres_database_count | ||
340 | wrapProgram $out/check_postgres_database_count --prefix PATH : ${lib.makeBinPath [ | ||
341 | package | ||
342 | ]} | ||
343 | ''; | ||
344 | |||
345 | sudo = myplugins: { | ||
346 | commands = [ | ||
347 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | ||
348 | ]; | ||
349 | runAs = "postgres"; | ||
350 | }; | ||
351 | }; | ||
352 | redis = { | ||
353 | commands = { | ||
354 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | ||
355 | }; | ||
356 | chunk = '' | ||
357 | cp ${./plugins}/check_redis_replication $out/ | ||
358 | patchShebangs $out/check_redis_replication | ||
359 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | ||
360 | pkgs.gnugrep pkgs.coreutils pkgs.redis | ||
361 | ]} | ||
362 | ''; | ||
363 | sudo = myplugins: { | ||
364 | commands = [ | ||
365 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | ||
366 | ]; | ||
367 | runAs = "redis"; | ||
368 | }; | ||
369 | }; | ||
370 | tcp = { | ||
371 | commands = { | ||
372 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | ||
373 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | ||
374 | }; | ||
375 | }; | ||
376 | zfs = { | ||
377 | commands = { | ||
378 | check_zfs = "$USER2$/check_zpool.sh -p ALL -w 80 -c 90"; | ||
379 | check_zfs_snapshot = "$USER2$/check_zfs_snapshot -d $ARG1$ -c 18000 -w 14400"; | ||
380 | }; | ||
381 | chunk = let | ||
382 | zfsPlugin = pkgs.fetchurl { | ||
383 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | ||
384 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | ||
385 | }; | ||
386 | in '' | ||
387 | cp ${zfsPlugin} $out/check_zpool.sh | ||
388 | chmod +x $out/check_zpool.sh | ||
389 | patchShebangs $out/check_zpool.sh | ||
390 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | ||
391 | pkgs.which pkgs.zfs pkgs.gawk | ||
392 | ]} | ||
393 | cp ${./plugins}/check_zfs_snapshot $out | ||
394 | patchShebangs $out/check_zfs_snapshot | ||
395 | wrapProgram $out/check_zfs_snapshot --prefix PATH : ${lib.makeBinPath [ | ||
396 | pkgs.zfs pkgs.coreutils pkgs.gawk pkgs.gnugrep | ||
397 | ]} | ||
398 | ''; | ||
399 | }; | ||
400 | } | ||