summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-02-09 14:54:56 +0100
committertv <tv@krebsco.de>2017-02-09 14:54:56 +0100
commit38d2ff961f2ad8d02ae6061952abe42e4de89f75 (patch)
treea8573db9389ba5268a8fb83ddef6d92e3e1a7815 /lass/2configs
parented406bd979609fd05f5846049f571f43e6512050 (diff)
parent954477b8674156754cd51021d92885b456a04a5b (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--lass/2configs/mail.nix4
-rw-r--r--lass/2configs/monitoring/client.nix105
-rw-r--r--lass/2configs/monitoring/server.nix83
-rw-r--r--lass/2configs/newsbot-js.nix5
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/repo-sync.nix3
-rw-r--r--lass/2configs/websites/domsen.nix10
9 files changed, 88 insertions, 127 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e879e8e58..2933ca0e4 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -66,7 +66,6 @@ in {
youtube-tools
rxvt_unicode
- termite
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index c9e2928b3..cd11254d6 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -11,7 +11,7 @@ let
in {
config.krebs.buildbot.master = let
- stockholm-mirror-url = http://cgit.prism/stockholm ;
+ stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
in {
workers = {
testworker = "lasspass";
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 872acc003..e4b319528 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -17,7 +17,7 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
- source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
+ source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0x976A7E4D
set crypt_autosign = yes
@@ -99,7 +99,7 @@ let
'';
mutt = pkgs.writeDashBin "mutt" ''
- exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
+ exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
'';
in {
diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix
index e879d6960..e2b7dcae6 100644
--- a/lass/2configs/monitoring/client.nix
+++ b/lass/2configs/monitoring/client.nix
@@ -1,94 +1,35 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
- lass.telegraf = {
+ services.telegraf = {
enable = true;
- interval = "1s";
-
- outputs = ''
- [outputs.influxdb]
- urls = ["http://prism:8086"]
- database = "telegraf_db"
- user_agent = "telegraf"
- '';
- inputs = [
- ''
- [cpu]
- percpu = false
- totalcpu = true
- drop = ["cpu_time"]
- ''
- ''
- [[inputs.mem]]
- ''
- ''
- [[inputs.ping]]
- urls = ["8.8.8.8"]
- ''
- ''
- [[inputs.net]]
- ''
- ''
- [[inputs.dns_query]]
- servers = ["8.8.8.8"]
- ''
- ];
+ extraConfig = {
+ agent.interval = "1s";
+ outputs = {
+ influxdb = {
+ urls = ["http://prism:8086"];
+ database = "telegraf_db";
+ user_agent = "telegraf";
+ };
+ };
+ inputs = {
+ cpu = {
+ percpu = false;
+ totalcpu = true;
+ };
+ mem = {};
+ net = {};
+ };
+ };
};
- systemd.services.telegraf.path = with pkgs; [
- iputils
- lm_sensors
- ];
- services.collectd = {
+ services.journalbeat = {
enable = true;
- autoLoadPlugin = true;
extraConfig = ''
- Hostname ${config.krebs.build.host.name}
- LoadPlugin load
- LoadPlugin disk
- LoadPlugin memory
- Interval 30.0
-
- LoadPlugin interface
- <Plugin "interface">
- Interface "*Link"
- Interface "lo"
- Interface "vboxnet*"
- Interface "virbr*"
- IgnoreSelected true
- </Plugin>
-
- LoadPlugin df
- <Plugin "df">
- MountPoint "/nix/store"
- FSType "tmpfs"
- FSType "binfmt_misc"
- FSType "debugfs"
- FSType "mqueue"
- FSType "hugetlbfs"
- FSType "systemd-1"
- FSType "cgroup"
- FSType "securityfs"
- FSType "ramfs"
- FSType "proc"
- FSType "devpts"
- FSType "devtmpfs"
- MountPoint "/var/lib/docker/devicemapper"
- IgnoreSelected true
- </Plugin>
-
- LoadPlugin cpu
- <Plugin cpu>
- ReportByCpu true
- ReportByState true
- ValuesPercentage true
- </Plugin>
-
- LoadPlugin network
- <Plugin "network">
- Server "prism" "25826"
- </Plugin>
+ output.elasticsearch:
+ hosts: ["prism:9200"]
+ template.enabled: false
'';
};
}
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
index 2e1c15ca1..bbae4511e 100644
--- a/lass/2configs/monitoring/server.nix
+++ b/lass/2configs/monitoring/server.nix
@@ -1,15 +1,14 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
- services.influxdb = {
- enable = true;
- };
+ services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":8086";
admin.bind-address = ":8083";
+ http.log-enabled = false;
monitoring = {
enabled = false;
# write-interval = "24h";
@@ -22,45 +21,79 @@ with import <stockholm/lib>;
}];
};
- lass.kapacitor =
+ krebs.kapacitor =
let
+ db = "telegraf_db";
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
- irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
+ ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
'';
in {
enable = true;
alarms = {
- test2 = ''
- batch
- |query(${"'''"}
- SELECT mean("usage_user") AS mean
- FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
- ${"'''"})
- .every(3m)
- .period(1m)
- .groupBy('host')
- |alert()
- .crit(lambda: "mean" > 90)
- // Whenever we get an alert write it to a file.
- .log('/tmp/alerts.log')
- .exec('${echoToIrc}')
- '';
+ cpu = {
+ database = db;
+ text = ''
+ var data = batch
+ |query(${"'''"}
+ SELECT mean("usage_user") AS mean
+ FROM "${db}"."default"."cpu"
+ ${"'''"})
+ .period(10m)
+ .every(1m)
+ .groupBy('host')
+ data |alert()
+ .crit(lambda: "mean" > 90)
+ .exec('${echoToIrc}')
+ data |deadman(1.0,5m)
+ .stateChangesOnly()
+ .exec('${echoToIrc}')
+ '';
+ };
+ ram = {
+ database = db;
+ text = ''
+ var data = batch
+ |query(${"'''"}
+ SELECT mean("used_percent") AS mean
+ FROM "${db}"."default"."mem"
+ ${"'''"})
+ .period(10m)
+ .every(1m)
+ .groupBy('host')
+ data |alert()
+ .crit(lambda: "mean" > 90)
+ .exec('${echoToIrc}')
+ '';
+ };
};
};
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
- { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
- { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
- ];
services.grafana = {
enable = true;
addr = "0.0.0.0";
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
+
+ services.elasticsearch = {
+ enable = true;
+ listenAddress = "0.0.0.0";
+ };
+
+ services.kibana = {
+ enable = true;
+ listenAddress = "0.0.0.0";
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
+ { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
+ { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
+ { predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; }
+ { predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; }
+ ];
}
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 46ff3fbf9..3c6c5dc88 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -10,10 +10,6 @@ let
arbor|http://feeds2.feedburner.com/asert/|#news
archlinux|http://www.archlinux.org/feeds/news/|#news
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
- asiaone_asia|http://news.asiaone.com/rss/asia|#news
- asiaone_business|http://business.asiaone.com/rss.xml|#news
- asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
- asiaone_world|http://news.asiaone.com/rss/world|#news
augustl|http://augustl.com/atom.xml|#news
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
@@ -78,7 +74,6 @@ let
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
hindu|http://www.thehindu.com/?service=rss|#news
- hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
ign|http://feeds.ign.com/ign/all|#news
independent|http://www.independent.com/rss/headlines/|#news
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 4a1b0379b..aef9dd8b4 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
+ ref = "f7b7d8e";
};
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index b1a26b171..83f646130 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -49,7 +49,7 @@ let
mirror.url = "${mirror}${name}";
};
lassulus = {
- origin.url = "http://cgit.prism/${name}";
+ origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
"@latest" = {
@@ -102,6 +102,7 @@ in {
(sync-retiolum "go")
(sync-retiolum "much")
(sync-retiolum "newsbot-js")
+ (sync-retiolum "populate")
(sync-retiolum "stockholm")
(sync-retiolum "wai-middleware-time")
(sync-retiolum "web-routes-wai-custom")
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 66fc681b1..0b75425c4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -118,8 +118,7 @@ in {
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
- { from = "nrg@ubikmedia.eu"; to = "nrg"; }
- { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
+ { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
@@ -161,13 +160,6 @@ in {
createHome = true;
};
- users.users.nrg = {
- uid = genid_signed "nrg";
- home = "/home/nrg";
- useDefaultShell = true;
- createHome = true;
- };
-
users.users.testuser = {
uid = genid_signed "testuser";
home = "/home/testuser";