diff options
Diffstat (limited to 'modules/private/monitoring/default.nix')
-rw-r--r-- | modules/private/monitoring/default.nix | 249 |
1 files changed, 0 insertions, 249 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix deleted file mode 100644 index 0783c2f..0000000 --- a/modules/private/monitoring/default.nix +++ /dev/null | |||
@@ -1,249 +0,0 @@ | |||
1 | { config, pkgs, lib, name, nodes, ... }: | ||
2 | let | ||
3 | cfg = config.myServices.monitoring; | ||
4 | activatedPlugins = [ "memory" "command" "bandwidth" ] | ||
5 | ++ (if cfg.master then (masterObjects.activatedPlugins or []) else []) | ||
6 | ++ (if cfg.master then (lib.flatten (map (v: v.activatedPlugins or []) otherObjects)) else []) | ||
7 | ++ (hostObjects.activatedPlugins or []) | ||
8 | ++ (if cfg.master then ["notify-primary"] else ["notify-secondary"]); | ||
9 | allPluginsConfig = import ./myplugins.nix { | ||
10 | inherit pkgs lib config; | ||
11 | sudo = "/run/wrappers/bin/sudo"; | ||
12 | }; | ||
13 | mypluginsConfig = lib.getAttrs activatedPlugins allPluginsConfig; | ||
14 | myplugins = let | ||
15 | mypluginsChunk = builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (k: v: v.chunk or "") mypluginsConfig); | ||
16 | in pkgs.runCommand "buildplugins" { | ||
17 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | ||
18 | } '' | ||
19 | mkdir $out | ||
20 | ${mypluginsChunk} | ||
21 | ''; | ||
22 | toObjects = pkgs.callPackage ./to_objects.nix {}; | ||
23 | commonConfig = { | ||
24 | dilion = { | ||
25 | processWarn = "250"; processAlert = "400"; | ||
26 | loadWarn = "1.0"; loadAlert = "1.2"; | ||
27 | interface = "eth0"; | ||
28 | }; | ||
29 | eldiron = { | ||
30 | processWarn = "550"; processAlert = "650"; | ||
31 | loadWarn = "1.0"; loadAlert = "1.2"; | ||
32 | interface = "eth0"; | ||
33 | }; | ||
34 | backup-2 = { | ||
35 | processWarn = "60"; processAlert = "70"; | ||
36 | loadWarn = "1.0"; loadAlert = "2.0"; | ||
37 | interface = "ens3"; | ||
38 | }; | ||
39 | monitoring-1 = { | ||
40 | processWarn = "50"; processAlert = "60"; | ||
41 | loadWarn = "4.0"; loadAlert = "6.0"; | ||
42 | load15Warn = "1.0"; load15Alert = "2.0"; | ||
43 | interface = "ens3"; | ||
44 | }; | ||
45 | quatresaisons = { | ||
46 | processWarn = "250"; processAlert = "400"; | ||
47 | loadWarn = "1.0"; loadAlert = "1.2"; | ||
48 | interface = "eth0"; | ||
49 | }; | ||
50 | }; | ||
51 | externalObjects = lib.genAttrs [ "tiboqorl-fr" ] | ||
52 | (n: pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }); | ||
53 | masterPassiveObjects = let | ||
54 | passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron" "quatresaisons" "dilion"]) nodes; | ||
55 | toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo); | ||
56 | passiveServices = lib.flatten (lib.attrsets.mapAttrsToList | ||
57 | (_: n: toPassiveServices n.config.myServices.monitoring.services) | ||
58 | passiveNodes | ||
59 | ) ++ lib.flatten (lib.attrsets.mapAttrsToList | ||
60 | (_: n: toPassiveServices n.service) | ||
61 | externalObjects); | ||
62 | in { | ||
63 | service = passiveServices; | ||
64 | host = lib.lists.foldr | ||
65 | (a: b: a//b) | ||
66 | {} | ||
67 | (lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes | ||
68 | ++ lib.attrsets.mapAttrsToList (_: n: n.host) externalObjects); | ||
69 | }; | ||
70 | emailCheck = host: hostFQDN: let | ||
71 | allCfg = config.myEnv.monitoring.email_check; | ||
72 | cfg = allCfg."${host}"; | ||
73 | reverseTargets = builtins.attrNames (lib.attrsets.filterAttrs (k: v: builtins.elem host v.targets) allCfg); | ||
74 | to_email = cfg': host': | ||
75 | let sep = if lib.strings.hasInfix "+" cfg'.mail_address then "_" else "+"; | ||
76 | in "${cfg'.mail_address}${sep}${host'}@${cfg'.mail_domain}"; | ||
77 | mails_to_send = builtins.concatStringsSep "," (map (n: to_email allCfg."${n}" host) cfg.targets); | ||
78 | mails_to_receive = builtins.concatStringsSep "," (map (n: "${to_email cfg n}:${n}") reverseTargets); | ||
79 | command = if cfg.local | ||
80 | then | ||
81 | [ "check_emails_local" "/var/lib/naemon/checks/email" mails_to_send mails_to_receive ] | ||
82 | else | ||
83 | [ "check_emails" cfg.login cfg.port mails_to_send mails_to_receive ]; | ||
84 | in | ||
85 | { | ||
86 | service_description = "${hostFQDN} email service is active"; | ||
87 | use = "mail-service"; | ||
88 | host_name = hostFQDN; | ||
89 | servicegroups = "webstatus-email"; | ||
90 | check_command = command; | ||
91 | }; | ||
92 | otherObjects = map | ||
93 | (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; })) | ||
94 | [ "ulminfo-fr" "phare" "eban" ]; | ||
95 | masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; | ||
96 | commonObjects = pkgs.callPackage ./objects_common.nix ({ | ||
97 | master = cfg.master; | ||
98 | hostFQDN = config.hostEnv.fqdn; | ||
99 | hostName = name; | ||
100 | inherit mypluginsConfig; | ||
101 | } // builtins.getAttr name commonConfig); | ||
102 | hostObjects = | ||
103 | let | ||
104 | specific_file = ./. + "/objects_" + name + ".nix"; | ||
105 | in | ||
106 | lib.attrsets.optionalAttrs | ||
107 | (builtins.pathExists specific_file) | ||
108 | (pkgs.callPackage specific_file { | ||
109 | inherit config nodes emailCheck; | ||
110 | hostFQDN = config.hostEnv.fqdn; | ||
111 | hostName = name; | ||
112 | }); | ||
113 | objectsFiles = lib.mapAttrs' (name: value: lib.nameValuePair | ||
114 | "=/${name}/objects.conf" { alias = pkgs.writeText "objects.conf" (toObjects value); } | ||
115 | ) externalObjects; | ||
116 | in | ||
117 | { | ||
118 | options = { | ||
119 | myServices.monitoring = { | ||
120 | enable = lib.mkOption { | ||
121 | type = lib.types.bool; | ||
122 | default = false; | ||
123 | description = '' | ||
124 | Whether to enable monitoring. | ||
125 | ''; | ||
126 | }; | ||
127 | master = lib.mkOption { | ||
128 | type = lib.types.bool; | ||
129 | default = false; | ||
130 | description = '' | ||
131 | This instance is the master instance | ||
132 | ''; | ||
133 | }; | ||
134 | hosts = lib.mkOption { | ||
135 | readOnly = true; | ||
136 | description = "Hosts list for this host"; | ||
137 | default = (commonObjects.host or {}) // (hostObjects.host or {}); | ||
138 | }; | ||
139 | services = lib.mkOption { | ||
140 | readOnly = true; | ||
141 | description = "Services list for this host"; | ||
142 | default = commonObjects.service ++ hostObjects.service; | ||
143 | }; | ||
144 | }; | ||
145 | }; | ||
146 | |||
147 | config = lib.mkIf cfg.enable { | ||
148 | services.nginx = lib.mkIf config.myServices.status.enable { | ||
149 | virtualHosts."status.immae.eu".locations = objectsFiles // { | ||
150 | "=/common/immae.cfg" = { | ||
151 | alias = pkgs.writeText "immae.cfg" '' | ||
152 | # put me for instance in /etc/naemon/module-conf.d/immae.cfg | ||
153 | # Make sure that you have include_dir=module-conf.d in | ||
154 | # naemon.cfg | ||
155 | log_initial_states=1 | ||
156 | date_format=iso8601 | ||
157 | admin_email=${config.myEnv.monitoring.email} | ||
158 | obsess_over_services=1 | ||
159 | ocsp_command=notify-master | ||
160 | ''; | ||
161 | }; | ||
162 | "=/common/resource.cfg" = { | ||
163 | alias = pkgs.writeText "resource.cfg" '' | ||
164 | # Resource.cfg file | ||
165 | # Replace this with path to monitoring plugins | ||
166 | $USER1$=@@COMMON_PLUGINS@@ | ||
167 | # Replace this with a path to scripts from | ||
168 | # https://git.immae.eu/cgit/perso/Immae/Config/Nix.git/tree/modules/private/monitoring/plugins | ||
169 | $USER2$=@@IMMAE_PLUGINS@@ | ||
170 | $USER200$=https://status.immae.eu/ | ||
171 | $USER201$=@@TOKEN@@ | ||
172 | ''; | ||
173 | }; | ||
174 | }; | ||
175 | }; | ||
176 | |||
177 | security.sudo.extraRules = let | ||
178 | pluginsSudo = lib.lists.remove null (lib.attrsets.mapAttrsToList (k: v: | ||
179 | if (v ? sudo) | ||
180 | then ({ users = [ "naemon" ]; } // (v.sudo myplugins)) | ||
181 | else null) mypluginsConfig); | ||
182 | in [ | ||
183 | { | ||
184 | commands = [ | ||
185 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | ||
186 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | ||
187 | ]; | ||
188 | users = [ "naemon" ]; | ||
189 | runAs = "root"; | ||
190 | } | ||
191 | ] ++ pluginsSudo; | ||
192 | environment.etc."mdadm.conf" = { | ||
193 | enable = true; | ||
194 | mode = "0644"; | ||
195 | user = "root"; | ||
196 | text = "MAILADDR ${config.myEnv.monitoring.email}"; | ||
197 | }; | ||
198 | |||
199 | secrets.keys = { | ||
200 | "naemon/id_rsa" = { | ||
201 | user = "naemon"; | ||
202 | group = "naemon"; | ||
203 | permissions = "0400"; | ||
204 | text = config.myEnv.monitoring.ssh_secret_key; | ||
205 | }; | ||
206 | } // lib.optionalAttrs cfg.master ( | ||
207 | lib.mapAttrs' (k: v: lib.nameValuePair "${k}_access_key" { | ||
208 | user = "naemon"; | ||
209 | group = "naemon"; | ||
210 | permissions = "0400"; | ||
211 | text = '' | ||
212 | export AWS_ACCESS_KEY_ID="${v.accessKeyId}" | ||
213 | export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}" | ||
214 | export BASE_URL="${v.remote "immae-eldiron"}" | ||
215 | ''; | ||
216 | }) config.myEnv.backup.remotes | ||
217 | ); | ||
218 | # needed since extraResource is not in the closure | ||
219 | systemd.services.naemon.path = [ myplugins ]; | ||
220 | services.naemon = { | ||
221 | enable = true; | ||
222 | extraConfig = '' | ||
223 | use_syslog=1 | ||
224 | log_initial_states=1 | ||
225 | date_format=iso8601 | ||
226 | admin_email=${config.myEnv.monitoring.email} | ||
227 | '' + lib.optionalString (!cfg.master) '' | ||
228 | obsess_over_services=1 | ||
229 | ocsp_command=notify-master | ||
230 | '' + lib.optionalString (cfg.master) '' | ||
231 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live | ||
232 | broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0 | ||
233 | ''; | ||
234 | extraResource = let | ||
235 | resources = [hostObjects.resources or {}] ++ (lib.mapAttrsToList (k: v: v.resources or {}) mypluginsConfig); | ||
236 | joined = lib.zipAttrsWith (n: v: if builtins.length (lib.unique v) == 1 then builtins.head v else abort "Non-unique resources names") resources; | ||
237 | joinedStr = builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "$" + "${k}$=${v}") joined); | ||
238 | in '' | ||
239 | $USER2$=${myplugins} | ||
240 | ${joinedStr} | ||
241 | ''; | ||
242 | objectDefs = toObjects commonObjects | ||
243 | + toObjects hostObjects | ||
244 | + lib.optionalString cfg.master (toObjects masterObjects) | ||
245 | + lib.optionalString cfg.master (toObjects masterPassiveObjects) | ||
246 | + lib.optionalString cfg.master (builtins.concatStringsSep "\n" (map toObjects otherObjects)); | ||
247 | }; | ||
248 | }; | ||
249 | } | ||