10 files changed, 111 insertions, 5 deletions
diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock
index c2a087b..5a21b51 100644
--- a/systems/backup-2/flake.lock
+++ b/systems/backup-2/flake.lock
@@ -417,7 +417,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",
+        "narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
        "path": "../../flakes/private/monitoring",
        "type": "path"
      },
diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock
index 0156cab..c55de32 100644
--- a/systems/dilion/flake.lock
+++ b/systems/dilion/flake.lock
@@ -207,7 +207,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",
+        "narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
        "path": "../../flakes/private/monitoring",
        "type": "path"
      },
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index 8392aa7..52b9d03 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -2066,7 +2066,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",
+        "narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
        "path": "../../flakes/private/monitoring",
        "type": "path"
      },
diff --git a/systems/monitoring-1/flake.lock b/systems/monitoring-1/flake.lock
index eb2e4a9..5685340 100644
--- a/systems/monitoring-1/flake.lock
+++ b/systems/monitoring-1/flake.lock
@@ -277,7 +277,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",
+        "narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
        "path": "../../flakes/private/monitoring",
        "type": "path"
      },
diff --git a/systems/monitoring-1/monitoring-master.nix b/systems/monitoring-1/monitoring-master.nix
index e9362d9..6981672 100644
--- a/systems/monitoring-1/monitoring-master.nix
+++ b/systems/monitoring-1/monitoring-master.nix
@@ -66,6 +66,10 @@ in
          $USER201$=@@TOKEN@@
        '';
      };
+      "=/common/.env.example".alias = ./monitoring/env.example;
+      "=/common/docker-compose.yml".alias = ./monitoring/docker-compose.yml;
+      "=/common/Dockerfile".alias = ./monitoring/Dockerfile;
+      "=/common/run.sh".alias = ./monitoring/run.sh;
    };
  };
diff --git a/systems/monitoring-1/monitoring/Dockerfile b/systems/monitoring-1/monitoring/Dockerfile
new file mode 100644
index 0000000..4bbf01b
--- /dev/null
+++ b/systems/monitoring-1/monitoring/Dockerfile
@@ -0,0 +1,35 @@
+FROM debian:bookworm
+ARG namespace
+RUN \
+  apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    curl \
+    gnupg
+RUN \
+  curl -s "https://build.opensuse.org/projects/home:naemon/signing_keys/download?kind=gpg" | gpg --dearmor > /usr/share/keyrings/naemon.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/naemon.gpg] https://download.opensuse.org/repositories/home:/naemon/Debian_12/ ./" >> /etc/apt/sources.list.d/naemon-stable.list
+# Install the baseline packages for this image. Note, these 
+# packages are not version controlled and may change between
+# builds.
+RUN apt-get update && \
+  DEBIAN_FRONTEND=noninteractive \
+  # La liste des packages debian à installer est directement fournie par Immae
+  apt-get install -y $(curl https://status.immae.eu/$namespace/debian-packages)
+# Perform the data directory initialization
+RUN mkdir -p /data/var/log/naemon \
+    && rm -rf /var/log/naemon \
+    && ln -s /data/var/log/naemon /var/log/naemon \
+    && find /etc/naemon -type f -not -name "naemon.cfg" -delete
+# Add the bootstrap script
+RUN curl https://status.immae.eu/common/run.sh > /run.sh
+RUN chmod 755 /run.sh
+# All data is stored on the root data volme
+VOLUME ["/data"]
+ENTRYPOINT ["/run.sh"]
diff --git a/systems/monitoring-1/monitoring/docker-compose.yml b/systems/monitoring-1/monitoring/docker-compose.yml
new file mode 100644
index 0000000..b369463
--- /dev/null
+++ b/systems/monitoring-1/monitoring/docker-compose.yml
@@ -0,0 +1,15 @@
+services:
+  naemon:
+    build:
+      context: https://status.immae.eu/common/Dockerfile
+      args:
+        - namespace=${NAMESPACE}
+    container_name: naemon
+    restart: unless-stopped
+    environment:
+      - NOTIFY_REMOTE_TOKEN=${NOTIFY_REMOTE_TOKEN}
+      - NAMESPACE=${NAMESPACE}
+    pid: host
+    network_mode: host
+    volumes:
+      - ./data/log:/data/var/log/naemon
diff --git a/systems/monitoring-1/monitoring/env.example b/systems/monitoring-1/monitoring/env.example
new file mode 100644
index 0000000..bace5a5
--- /dev/null
+++ b/systems/monitoring-1/monitoring/env.example
@@ -0,0 +1,5 @@
+# Les deux variables ci-dessous sont à demander à Immae
+# Token pour notifier le serveur distant (immae)
+NOTIFY_REMOTE_TOKEN=
+# Namespace sur immae.eu
+NAMESPACE=
diff --git a/systems/monitoring-1/monitoring/run.sh b/systems/monitoring-1/monitoring/run.sh
new file mode 100644
index 0000000..9a57990
--- /dev/null
+++ b/systems/monitoring-1/monitoring/run.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+function graceful_exit(){
+  # Note, "service naemon stop" does not work in the phusion image
+  # We just kill the process rather than chase this down.
+  pkill naemon
+  exit $1
+}
+# Recup fichiers Ismael
+if [ -n "$NAMESPACE" ]; then
+  echo "Namespace: $NAMESPACE"
+else
+  echo "Le namespace n'a pas été défini dans \$NAMESPACE."
+  exit 1
+fi
+curl -o /etc/naemon/conf.d/objects.cfg "https://status.immae.eu/$NAMESPACE/objects.conf"
+curl -o /etc/naemon/module-conf.d/immae.cfg "https://status.immae.eu/common/immae.cfg"
+curl -o /etc/naemon/resource.cfg "https://status.immae.eu/common/resource.cfg"
+curl "https://status.immae.eu/$NAMESPACE/plugins.tar" | tar -C /etc/naemon -x
+sed -i -e "s|@@COMMON_PLUGINS@@|/usr/lib/naemon/plugins|" \
+       -e "s|@@IMMAE_PLUGINS@@|/etc/naemon/immae_plugins/|" \
+       -e "s|@@TOKEN@@|$NOTIFY_REMOTE_TOKEN|" \
+       /etc/naemon/resource.cfg
+# Ensure consistent ownership for the data volume, even if the
+# UID/GID's changes
+chown -R naemon:naemon /etc/naemon /data/var/log/naemon
+# Start the services
+service naemon start
+# Trap exit signals and do a proper shutdown
+trap "graceful_exit 0;" SIGINT SIGTERM
+sleep 5
+while true
+do
+  if ! [ -d "/proc/$(cat /var/run/naemon/naemon.pid)" ]; then
+    echo "Naemon no longer running"
+    graceful_exit 1
+  fi
+  sleep 1
+done
diff --git a/systems/quatresaisons/flake.lock b/systems/quatresaisons/flake.lock
index 6aab914..55bb07d 100644
--- a/systems/quatresaisons/flake.lock
+++ b/systems/quatresaisons/flake.lock
@@ -239,7 +239,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",
+        "narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
        "path": "../../flakes/private/monitoring",
        "type": "path"
      },

diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock index c2a087b..5a21b51 100644 --- a/systems/backup-2/flake.lock +++ b/systems/backup-2/flake.lock
@@ -417,7 +417,7 @@
417	},	417	},
418	"locked": {	418	"locked": {
419	"lastModified": 1,	419	"lastModified": 1,
420	"narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",	420	"narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
421	"path": "../../flakes/private/monitoring",	421	"path": "../../flakes/private/monitoring",
422	"type": "path"	422	"type": "path"
423	},	423	},


diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock index 0156cab..c55de32 100644 --- a/systems/dilion/flake.lock +++ b/systems/dilion/flake.lock
@@ -207,7 +207,7 @@
207	},	207	},
208	"locked": {	208	"locked": {
209	"lastModified": 1,	209	"lastModified": 1,
210	"narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",	210	"narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
211	"path": "../../flakes/private/monitoring",	211	"path": "../../flakes/private/monitoring",
212	"type": "path"	212	"type": "path"
213	},	213	},


diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock index 8392aa7..52b9d03 100644 --- a/systems/eldiron/flake.lock +++ b/systems/eldiron/flake.lock
@@ -2066,7 +2066,7 @@
2066	},	2066	},
2067	"locked": {	2067	"locked": {
2068	"lastModified": 1,	2068	"lastModified": 1,
2069	"narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",	2069	"narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
2070	"path": "../../flakes/private/monitoring",	2070	"path": "../../flakes/private/monitoring",
2071	"type": "path"	2071	"type": "path"
2072	},	2072	},


diff --git a/systems/monitoring-1/flake.lock b/systems/monitoring-1/flake.lock index eb2e4a9..5685340 100644 --- a/systems/monitoring-1/flake.lock +++ b/systems/monitoring-1/flake.lock
@@ -277,7 +277,7 @@
277	},	277	},
278	"locked": {	278	"locked": {
279	"lastModified": 1,	279	"lastModified": 1,
280	"narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",	280	"narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
281	"path": "../../flakes/private/monitoring",	281	"path": "../../flakes/private/monitoring",
282	"type": "path"	282	"type": "path"
283	},	283	},


diff --git a/systems/monitoring-1/monitoring-master.nix b/systems/monitoring-1/monitoring-master.nix index e9362d9..6981672 100644 --- a/systems/monitoring-1/monitoring-master.nix +++ b/systems/monitoring-1/monitoring-master.nix
@@ -66,6 +66,10 @@ in
66	$USER201$=@@TOKEN@@	66	$USER201$=@@TOKEN@@
67	'';	67	'';
68	};	68	};
		69	"=/common/.env.example".alias = ./monitoring/env.example;
		70	"=/common/docker-compose.yml".alias = ./monitoring/docker-compose.yml;
		71	"=/common/Dockerfile".alias = ./monitoring/Dockerfile;
		72	"=/common/run.sh".alias = ./monitoring/run.sh;
69	};	73	};
70	};	74	};
71		75


diff --git a/systems/monitoring-1/monitoring/Dockerfile b/systems/monitoring-1/monitoring/Dockerfile new file mode 100644 index 0000000..4bbf01b --- /dev/null +++ b/systems/monitoring-1/monitoring/Dockerfile
@@ -0,0 +1,35 @@
		1	FROM debian:bookworm
		2
		3	ARG namespace
		4
		5	RUN \
		6	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
		7	curl \
		8	gnupg
		9
		10	RUN \
		11	curl -s "https://build.opensuse.org/projects/home:naemon/signing_keys/download?kind=gpg" \| gpg --dearmor > /usr/share/keyrings/naemon.gpg \
		12	&& echo "deb [signed-by=/usr/share/keyrings/naemon.gpg] https://download.opensuse.org/repositories/home:/naemon/Debian_12/ ./" >> /etc/apt/sources.list.d/naemon-stable.list
		13
		14	# Install the baseline packages for this image. Note, these
		15	# packages are not version controlled and may change between
		16	# builds.
		17	RUN apt-get update && \
		18	DEBIAN_FRONTEND=noninteractive \
		19	# La liste des packages debian à installer est directement fournie par Immae
		20	apt-get install -y $(curl https://status.immae.eu/$namespace/debian-packages)
		21
		22	# Perform the data directory initialization
		23	RUN mkdir -p /data/var/log/naemon \
		24	&& rm -rf /var/log/naemon \
		25	&& ln -s /data/var/log/naemon /var/log/naemon \
		26	&& find /etc/naemon -type f -not -name "naemon.cfg" -delete
		27
		28	# Add the bootstrap script
		29	RUN curl https://status.immae.eu/common/run.sh > /run.sh
		30	RUN chmod 755 /run.sh
		31
		32	# All data is stored on the root data volme
		33	VOLUME ["/data"]
		34
		35	ENTRYPOINT ["/run.sh"]


diff --git a/systems/monitoring-1/monitoring/docker-compose.yml b/systems/monitoring-1/monitoring/docker-compose.yml new file mode 100644 index 0000000..b369463 --- /dev/null +++ b/systems/monitoring-1/monitoring/docker-compose.yml
@@ -0,0 +1,15 @@
		1	services:
		2	naemon:
		3	build:
		4	context: https://status.immae.eu/common/Dockerfile
		5	args:
		6	- namespace=${NAMESPACE}
		7	container_name: naemon
		8	restart: unless-stopped
		9	environment:
		10	- NOTIFY_REMOTE_TOKEN=${NOTIFY_REMOTE_TOKEN}
		11	- NAMESPACE=${NAMESPACE}
		12	pid: host
		13	network_mode: host
		14	volumes:
		15	- ./data/log:/data/var/log/naemon


diff --git a/systems/monitoring-1/monitoring/env.example b/systems/monitoring-1/monitoring/env.example new file mode 100644 index 0000000..bace5a5 --- /dev/null +++ b/systems/monitoring-1/monitoring/env.example
@@ -0,0 +1,5 @@
		1	# Les deux variables ci-dessous sont à demander à Immae
		2	# Token pour notifier le serveur distant (immae)
		3	NOTIFY_REMOTE_TOKEN=
		4	# Namespace sur immae.eu
		5	NAMESPACE=


diff --git a/systems/monitoring-1/monitoring/run.sh b/systems/monitoring-1/monitoring/run.sh new file mode 100644 index 0000000..9a57990 --- /dev/null +++ b/systems/monitoring-1/monitoring/run.sh
@@ -0,0 +1,47 @@
		1	#!/bin/bash
		2
		3	function graceful_exit(){
		4	# Note, "service naemon stop" does not work in the phusion image
		5	# We just kill the process rather than chase this down.
		6	pkill naemon
		7	exit $1
		8	}
		9
		10	# Recup fichiers Ismael
		11	if [ -n "$NAMESPACE" ]; then
		12	echo "Namespace: $NAMESPACE"
		13	else
		14	echo "Le namespace n'a pas été défini dans \$NAMESPACE."
		15	exit 1
		16	fi
		17
		18	curl -o /etc/naemon/conf.d/objects.cfg "https://status.immae.eu/$NAMESPACE/objects.conf"
		19	curl -o /etc/naemon/module-conf.d/immae.cfg "https://status.immae.eu/common/immae.cfg"
		20	curl -o /etc/naemon/resource.cfg "https://status.immae.eu/common/resource.cfg"
		21
		22	curl "https://status.immae.eu/$NAMESPACE/plugins.tar" \| tar -C /etc/naemon -x
		23
		24	sed -i -e "s\|@@COMMON_PLUGINS@@\|/usr/lib/naemon/plugins\|" \
		25	-e "s\|@@IMMAE_PLUGINS@@\|/etc/naemon/immae_plugins/\|" \
		26	-e "s\|@@TOKEN@@\|$NOTIFY_REMOTE_TOKEN\|" \
		27	/etc/naemon/resource.cfg
		28
		29	# Ensure consistent ownership for the data volume, even if the
		30	# UID/GID's changes
		31	chown -R naemon:naemon /etc/naemon /data/var/log/naemon
		32
		33	# Start the services
		34	service naemon start
		35
		36	# Trap exit signals and do a proper shutdown
		37	trap "graceful_exit 0;" SIGINT SIGTERM
		38
		39	sleep 5
		40	while true
		41	do
		42	if ! [ -d "/proc/$(cat /var/run/naemon/naemon.pid)" ]; then
		43	echo "Naemon no longer running"
		44	graceful_exit 1
		45	fi
		46	sleep 1
		47	done


diff --git a/systems/quatresaisons/flake.lock b/systems/quatresaisons/flake.lock index 6aab914..55bb07d 100644 --- a/systems/quatresaisons/flake.lock +++ b/systems/quatresaisons/flake.lock
@@ -239,7 +239,7 @@
239	},	239	},
240	"locked": {	240	"locked": {
241	"lastModified": 1,	241	"lastModified": 1,
242	"narHash": "sha256-hkZiW8Nyd9pNIXhV/AQaJZQ1peOvTBMD8zjEtSAkh3E=",	242	"narHash": "sha256-d2Qc6vQHwjxXQqM76iLVNMFFux1HUZcpGZ8A8hPkYlE=",
243	"path": "../../flakes/private/monitoring",	243	"path": "../../flakes/private/monitoring",
244	"type": "path"	244	"type": "path"
245	},	245	},