From 3bc32d9ebd9b0900eeef756122ad28f8857f8bfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 17 Jul 2019 11:33:57 +0200 Subject: Add monitoring modules via naemon --- modules/private/monitoring/default.nix | 111 +++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 modules/private/monitoring/default.nix (limited to 'modules/private/monitoring/default.nix') diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix new file mode 100644 index 0000000..11861ad --- /dev/null +++ b/modules/private/monitoring/default.nix @@ -0,0 +1,111 @@ +{ config, myconfig, pkgs, lib, ... }: +let + myplugins = pkgs.runCommand "buildplugins" { + buildInputs = [ pkgs.makeWrapper pkgs.perl ]; + } '' + mkdir $out + cp ${./plugins}/* $out/ + patchShebangs $out + wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} + wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ + pkgs.curl pkgs.which pkgs.coreutils + ]} + wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ + pkgs.gnugrep pkgs.gawk pkgs.procps-ng + ]} + ''; +in +{ + options = { + myServices.monitoring.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable monitoring. + ''; + }; + }; + + config = lib.mkIf config.myServices.monitoring.enable { + security.sudo.extraRules = [ + { + commands = [ + { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } + { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } + ]; + users = [ "naemon" ]; + runAs = "root"; + } + ]; + environment.etc."mdadm.conf" = { + enable = true; + mode = "0644"; + user = "root"; + text = "MAILADDR naemon@immae.eu"; + }; + + # needed since extraResource is not in the closure + systemd.services.naemon.path = [ myplugins ]; + services.naemon = { + enable = true; + extraConfig = '' + broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live + use_syslog=1 + log_initial_states=1 + date_format=iso8601 + admin_email=naemon@immae.eu + + obsess_over_services=1 + ocsp_command=notify-master + ''; + extraResource = '' + $USER2$=${myplugins} + $USER200$=${myconfig.env.monitoring.status_url} + $USER201$=${myconfig.env.monitoring.status_token} + ''; + objectDefs = builtins.readFile ./conf/local_services.cfg + + builtins.readFile ./conf/timeperiods.cfg + + builtins.readFile ./conf/services.cfg + + builtins.readFile ./conf/contacts.cfg + + builtins.readFile ./conf/hosts.cfg + + '' + define command { + command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$" + command_name notify-master + } + define service { + service_description No mdadm array is degraded + use local-service + check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root + } + + define service { + service_description mailq is empty + use local-service + check_command check_mailq + } + + define command { + command_name check_mailq + command_line $USER1$/check_mailq -s -w 1 -c 2 + } + + define service { + name local-service + use generic-service + host_name eldiron.immae.eu + check_interval 5 + max_check_attempts 4 + register 0 + retry_interval 1 + } + define host { + host_name eldiron.immae.eu + alias eldiron.immae.eu + address eldiron.immae.eu + use linux-server + } + ''; + }; + }; +} -- cgit v1.2.3