blob: d9805ef3153826525a66862bb4580a88b602d75f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
{ config, myconfig, pkgs, lib, ... }:
let
myplugins = pkgs.runCommand "buildplugins" {
buildInputs = [ pkgs.makeWrapper pkgs.perl ];
} ''
mkdir $out
cp ${./plugins}/* $out/
patchShebangs $out
wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir}
wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [
pkgs.curl pkgs.which pkgs.coreutils
]}
wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [
pkgs.gnugrep pkgs.gawk pkgs.procps-ng
]}
'';
in
{
options = {
myServices.monitoring.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable monitoring.
'';
};
};
config = lib.mkIf config.myServices.monitoring.enable {
services.backup.profiles.monitoring = {
rootDir = config.services.naemon.varDir;
};
security.sudo.extraRules = [
{
commands = [
{ command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; }
];
users = [ "naemon" ];
runAs = "root";
}
];
environment.etc."mdadm.conf" = {
enable = true;
mode = "0644";
user = "root";
text = "MAILADDR ${myconfig.env.monitoring.email}";
};
# needed since extraResource is not in the closure
systemd.services.naemon.path = [ myplugins ];
services.naemon = {
enable = true;
extraConfig = ''
broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live
use_syslog=1
log_initial_states=1
date_format=iso8601
admin_email=${myconfig.env.monitoring.email}
obsess_over_services=1
ocsp_command=notify-master
'';
extraResource = ''
$USER2$=${myplugins}
$USER200$=${myconfig.env.monitoring.status_url}
$USER201$=${myconfig.env.monitoring.status_token}
'';
objectDefs = builtins.readFile ./conf/local_services.cfg
+ builtins.readFile ./conf/timeperiods.cfg
+ builtins.readFile ./conf/services.cfg
+ builtins.readFile ./conf/contacts.cfg
+ builtins.readFile ./conf/hosts.cfg
+ ''
define command {
command_line ${myplugins}/send_nrdp.sh -u "$USER200$" -t "$USER201$" -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"
command_name notify-master
}
define service {
service_description No mdadm array is degraded
use local-service
check_command check_command_output!${pkgs.mdadm}/bin/mdadm --monitor --scan -1!^$!-s 0 -r root
}
define service {
service_description mailq is empty
use local-service
check_command check_mailq
}
define command {
command_name check_mailq
command_line $USER1$/check_mailq -s -w 1 -c 2
}
define service {
name local-service
use generic-service
host_name eldiron.immae.eu
check_interval 5
max_check_attempts 4
register 0
retry_interval 1
}
define host {
host_name eldiron.immae.eu
alias eldiron.immae.eu
address eldiron.immae.eu
use linux-server
}
'';
};
};
}
|
