diff options
-rw-r--r-- | krebs/5pkgs/simple/ejabberd/default.nix | 27 | ||||
-rw-r--r-- | krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 | ||||
-rw-r--r-- | krebs/5pkgs/simple/font-size.nix (renamed from tv/5pkgs/simple/font-size.nix) | 0 | ||||
-rw-r--r-- | krebs/5pkgs/simple/kops.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pass-otp/default.nix | 30 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pass/default.nix | 121 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pass/no-darwin-getopt.patch | 9 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pass/rofi-pass.nix | 57 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch | 69 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pssh/default.nix | 36 | ||||
-rw-r--r-- | krebs/5pkgs/simple/ucspi-tcp/chmod.patch | 15 | ||||
-rw-r--r-- | krebs/5pkgs/simple/ucspi-tcp/default.nix | 86 | ||||
-rw-r--r-- | krebs/5pkgs/simple/urlwatch/default.nix | 29 | ||||
-rw-r--r-- | lass/2configs/monitoring/node-exporter.nix | 13 | ||||
-rw-r--r-- | lass/2configs/monitoring/prometheus-server.nix | 179 |
15 files changed, 528 insertions, 179 deletions
diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix index 2799241fa..9e4ed3df5 100644 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -1,5 +1,6 @@ { stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd +, flock , withMysql ? false , withPgsql ? false , withSqlite ? false, sqlite @@ -23,17 +24,17 @@ let ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; in stdenv.mkDerivation rec { - version = "17.07"; + version = "18.01"; name = "ejabberd-${version}"; src = fetchurl { url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; }; nativeBuildInputs = [ fakegit ]; - buildInputs = [ erlang openssl expat libyaml ] + buildInputs = [ erlang openssl expat libyaml gd ] ++ lib.optional withSqlite sqlite ++ lib.optional withPam pam ++ lib.optional withZlib zlib @@ -50,7 +51,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -74,7 +75,7 @@ in stdenv.mkDerivation rec { outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; }; configureFlags = @@ -92,6 +93,10 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ + ./ejabberdctl.patch + ]; + preBuild = '' cp -r $deps deps chmod -R +w deps @@ -101,18 +106,18 @@ in stdenv.mkDerivation rec { postInstall = '' sed -i \ -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ + -e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \ -e 's,\(^ *JOT=\).*,\1,' \ -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ $out/sbin/ejabberdctl ''; - meta = { + meta = with stdenv.lib; { description = "Open-source XMPP application server written in Erlang"; - license = lib.licenses.gpl2; + license = licenses.gpl2; homepage = http://www.ejabberd.im; - platforms = lib.platforms.linux; - maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + platforms = platforms.linux; + maintainers = with maintainers; [ sander abbradar ]; broken = withElixir; }; } diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch new file mode 100644 index 000000000..f7c842b7b --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch @@ -0,0 +1,32 @@ +--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 ++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 +@@ -42,19 +42,18 @@ + esac + + # parse command line parameters +-for arg; do +- case $arg in +- -n|--node) ERLANG_NODE_ARG=$2; shift;; +- -s|--spool) SPOOL_DIR=$2; shift;; +- -l|--logs) LOGS_DIR=$2; shift;; +- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; +- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; +- -d|--config-dir) ETC_DIR=$2; shift;; +- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; +- --) :;; ++while test $# -gt 0; do ++ case $1 in ++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; ++ -s|--spool) SPOOL_DIR=$2; shift 2;; ++ -l|--logs) LOGS_DIR=$2; shift 2;; ++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; ++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; ++ -d|--config-dir) ETC_DIR=$2; shift 2;; ++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; ++ # --) :;; what is this for? + *) break;; + esac +- shift + done + + # define ejabberd variables if not already defined from the command line diff --git a/tv/5pkgs/simple/font-size.nix b/krebs/5pkgs/simple/font-size.nix index 21097ed6a..21097ed6a 100644 --- a/tv/5pkgs/simple/font-size.nix +++ b/krebs/5pkgs/simple/font-size.nix diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix index a6c82f3ca..8db4b8ddd 100644 --- a/krebs/5pkgs/simple/kops.nix +++ b/krebs/5pkgs/simple/kops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/kops; - rev = "refs/tags/v1.0.0"; - sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; + rev = "refs/tags/v1.1.0"; + sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb"; } diff --git a/krebs/5pkgs/simple/pass-otp/default.nix b/krebs/5pkgs/simple/pass-otp/default.nix new file mode 100644 index 000000000..33411180a --- /dev/null +++ b/krebs/5pkgs/simple/pass-otp/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, oathToolkit }: +stdenv.mkDerivation rec { + name = "pass-otp-${version}"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb"; + }; + + buildInputs = [ oathToolkit ]; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installPhase = '' + make PREFIX=$out install + ''; + + meta = with stdenv.lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = https://github.com/tadfisher/pass-otp; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/krebs/5pkgs/simple/pass/default.nix b/krebs/5pkgs/simple/pass/default.nix new file mode 100644 index 000000000..3b6928087 --- /dev/null +++ b/krebs/5pkgs/simple/pass/default.nix @@ -0,0 +1,121 @@ +{ stdenv, lib, fetchurl, fetchFromGitHub +, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode +, makeWrapper + +, pass-otp + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin +, tombPluginSupport ? false, tomb +}: + +with lib; + +assert x11Support -> xclip != null + && xdotool != null + && dmenu != null; + +let + plugins = map (p: (fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-${p.name}"; + inherit (p) rev sha256; + })) + ([ + { name = "import"; + rev = "491935bd275f29ceac2b876b3a288011d1ce31e7"; + sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; } + { name = "update"; + rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde"; + sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; } + ] ++ stdenv.lib.optional tombPluginSupport { + name = "tomb"; + rev = "3368134898a42c1b758fabac625ec240e125c6be"; + sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; } + ); + +in stdenv.mkDerivation rec { + version = "1.7.1"; + name = "pass-${version}"; + + src = fetchurl { + url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; + sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"; + }; + + patches = [ ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # plugins + ${stdenv.lib.concatStringsSep "\n" (map (plugin: '' + pushd ${plugin} + PREFIX=$out make install + popd + '') plugins)} + + ln -s \ + ${pass-otp}/lib/password-store/extensions/otp.bash \ + $out/lib/password-store/extensions/ + + ln -s \ + ${pass-otp}/share/man/man1/pass-otp.1.gz \ + $out/share/man/man1/ + + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + getopt + git + gnupg + gnused + tree + which + qrencode + ] ++ optional tombPluginSupport tomb + ++ optional stdenv.isLinux procps + ++ ifEnable x11Support [ dmenu xclip xdotool ]); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString x11Support '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = https://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; +} diff --git a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch new file mode 100644 index 000000000..e8f7e138f --- /dev/null +++ b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch @@ -0,0 +1,9 @@ +diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh +--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 ++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 +@@ -31,5 +31,4 @@ + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." + } + +-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" diff --git a/krebs/5pkgs/simple/pass/rofi-pass.nix b/krebs/5pkgs/simple/pass/rofi-pass.nix new file mode 100644 index 000000000..61f51973e --- /dev/null +++ b/krebs/5pkgs/simple/pass/rofi-pass.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "rofi-pass-${version}"; + version = "1.5.3"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + pass + pwgen + rofi + utillinux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = https://github.com/carnager/rofi-pass; + maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ]; + license = stdenv.lib.licenses.gpl3; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000..782e06e20 --- /dev/null +++ b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,69 @@ +From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001 +From: "Andrew R. M" <andrewmiller237@gmail.com> +Date: Sat, 8 Apr 2017 13:50:01 -0400 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 6a4172d..4dbd6b8 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -155,11 +155,11 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | base64)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 6e5dd86..f3574c4 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(base64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(base64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + echo "$before" | base64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 86eb325..deb04c4 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | openssl base64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | openssl base64)" + [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" + echo "$before" | openssl base64 -d | pbcopy +-- +2.12.2 + diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix deleted file mode 100644 index 2676af0cf..000000000 --- a/krebs/5pkgs/simple/pssh/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ writeDashBin }: - -writeDashBin "pssh" '' - set -efu - case ''${1-} in - - # TODO create plog with -o json | jq ... | map date - - # usage: pssh {-j,--journal} host... - # Follow journal at each host. - -j|--journal) - shift - "$0" journalctl -n0 -ocat --follow --all ::: "$@" \ - | while read line; do - printf '%s %s\n' "$(date --rfc-3339=s)" "$line" - done - ;; - - -*) - echo $0: unknown option: $1 >&2 - exit 1 - ;; - - # usage: pssh command [arg...] ::: host... - # Run command at each host. - *) - exec parallel \ - --line-buffer \ - -j0 \ - --no-notice \ - --tagstring {} \ - ssh -T {} "$@" - ;; - - esac -'' diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch deleted file mode 100644 index dd6933208..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/hier.c b/hier.c -index 5663ada..1d73b84 100644 ---- a/hier.c -+++ b/hier.c -@@ -2,8 +2,8 @@ - - void hier() - { -- h(auto_home,-1,-1,02755); -- d(auto_home,"bin",-1,-1,02755); -+ h(auto_home,-1,-1,0755); -+ d(auto_home,"bin",-1,-1,0755); - - c(auto_home,"bin","tcpserver",-1,-1,0755); - c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix deleted file mode 100644 index 3b043be06..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - name = "ucspi-tcp-0.88"; - - src = fetchurl { - url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; - sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; - }; - - # Plain upstream tarball doesn't build, get patches from Debian - patches = [ - (fetchurl { - url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; - sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; - }) - ./chmod.patch - ]; - - # Apply Debian patches - postPatch = '' - for fname in debian/diff/*.diff; do - echo "Applying patch $fname" - patch < "$fname" - done - ''; - - # The build system is weird; 'make install' doesn't install anything, instead - # it builds an executable called ./install (from C code) which installs - # binaries to the directory given on line 1 in ./conf-home. - # - # Also, assume getgroups and setgroups work, instead of doing a build time - # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID - # capability). - preBuild = '' - echo "$out" > conf-home - - echo "main() { return 0; }" > chkshsgr.c - ''; - - installPhase = '' - mkdir -p "$out/bin" - mkdir -p "$out/share/man/man1" - - # run the newly built installer - ./install - - # Install Debian man pages (upstream has none) - cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" - ''; - - meta = with stdenv.lib; { - description = "Command-line tools for building TCP client-server applications"; - longDescription = '' - tcpserver waits for incoming connections and, for each connection, runs a - program of your choice. Your program receives environment variables - showing the local and remote host names, IP addresses, and port numbers. - - tcpserver offers a concurrency limit to protect you from running out of - processes and memory. When you are handling 40 (by default) simultaneous - connections, tcpserver smoothly defers acceptance of new connections. - - tcpserver also provides TCP access control features, similar to - tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules - are compiled into a hashed format with cdb, so it can easily deal with - thousands of different hosts. - - This package includes a recordio tool that monitors all the input and - output of a server. - - tcpclient makes a TCP connection and runs a program of your choice. It - sets up the same environment variables as tcpserver. - - This package includes several sample clients built on top of tcpclient: - who@, date@, finger@, http@, tcpcat, and mconnect. - - tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program - Interface, using the TCP protocol. UCSPI tools are available for several - different networks. - ''; - homepage = http://cr.yp.to/ucspi-tcp.html; - license = licenses.publicDomain; - platforms = platforms.linux; - maintainers = [ maintainers.bjornfor ]; - }; -} diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix deleted file mode 100644 index 64f3ad1ac..000000000 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub, python3Packages }: - -python3Packages.buildPythonApplication rec { - name = "urlwatch-${version}"; - version = "2.8"; - - src = fetchFromGitHub { - owner = "thp"; - repo = "urlwatch"; - rev = version; - sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4"; - }; - - propagatedBuildInputs = with python3Packages; [ - appdirs - keyring - minidb - pycodestyle - pyyaml - requests - ]; - - meta = with stdenv.lib; { - description = "A tool for monitoring webpages for updates"; - homepage = https://thp.io/2008/urlwatch/; - license = licenses.bsd3; - maintainers = with maintainers; [ tv ]; - }; -} diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix new file mode 100644 index 000000000..8c27e90d4 --- /dev/null +++ b/lass/2configs/monitoring/node-exporter.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 9100 ]; + + services.prometheus.exporters = { + node = { + enable = true; + enabledCollectors = [ + "systemd" + ]; + }; + }; +} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix new file mode 100644 index 000000000..d56d7e552 --- /dev/null +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -0,0 +1,179 @@ +{ pkgs, lib, config, ... }: +{ + #networking = { + # firewall.allowedTCPPorts = [ + # 3000 # grafana + # 9090 # prometheus + # 9093 # alertmanager + # ]; + # useDHCP = true; + #}; + + services = { + prometheus = { + enable = true; + extraFlags = [ + "-storage.local.retention 8760h" + "-storage.local.series-file-shrink-ratio 0.3" + "-storage.local.memory-chunks 2097152" + "-storage.local.max-chunks-to-persist 1048576" + "-storage.local.index-cache-size.fingerprint-to-metric 2097152" + "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" + "-storage.local.index-cache-size.label-name-to-label-values 2097152" + "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" + ]; + alertmanagerURL = [ "http://localhost:9093" ]; + rules = [ + '' + ALERT node_down + IF up == 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Node is down.", + description = "{{$labels.alias}} has been down for more than 5 minutes." + } + ALERT node_systemd_service_failed + IF node_systemd_unit_state{state="failed"} == 1 + FOR 4m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", + description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." + } + ALERT node_filesystem_full_90percent + IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space soon.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." + } + ALERT node_filesystem_full_in_4h + IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" + } + ALERT node_filedescriptors_full_in_3h + IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum + FOR 20m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", + description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" + } + ALERT node_load1_90percent + IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Running on high load.", + description = "{{$labels.alias}} is running with > 90% total load for at least 1h." + } + ALERT node_cpu_util_90percent + IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: High CPU utilization.", + description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." + } + ALERT node_ram_using_90percent + IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 + FOR 30m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Using lots of RAM.", + description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", + } + ALERT node_swap_using_80percent + IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 + FOR 10m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Running out of swap soon.", + description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." + } + '' + ]; + scrapeConfigs = [ + { + job_name = "node"; + scrape_interval = "10s"; + static_configs = [ + { + targets = [ + "localhost:9100" + ]; + labels = { + alias = "prometheus.example.com"; + }; + } + ]; + } + ]; + alertmanager = { + enable = true; + listenAddress = "0.0.0.0"; + configuration = { + "global" = { + "smtp_smarthost" = "smtp.example.com:587"; + "smtp_from" = "alertmanager@example.com"; + }; + "route" = { + "group_by" = [ "alertname" "alias" ]; + "group_wait" = "30s"; + "group_interval" = "2m"; + "repeat_interval" = "4h"; + "receiver" = "team-admins"; + }; + "receivers" = [ + { + "name" = "team-admins"; + "email_configs" = [ + { + "to" = "devnull@example.com"; + "send_resolved" = true; + } + ]; + "webhook_configs" = [ + { + "url" = "https://example.com/prometheus-alerts"; + "send_resolved" = true; + } + ]; + } + ]; + }; + }; + }; + grafana = { + enable = true; + addr = "0.0.0.0"; + domain = "grafana.example.com"; + rootUrl = "https://grafana.example.com/"; + security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} + }; + }; +} |