diff options
-rw-r--r-- | makefu/1systems/omo.nix | 5 | ||||
-rw-r--r-- | makefu/2configs/git/brain-retiolum.nix | 67 | ||||
-rw-r--r-- | makefu/2configs/logging/central-stats-server.nix | 36 |
3 files changed, 40 insertions, 68 deletions
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 609d52134..422fe7c48 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -53,6 +53,8 @@ in { #../2configs/share-user-sftp.nix ../2configs/omo-share.nix ../2configs/tinc/retiolum.nix + ../2configs/logging/central-stats-server.nix + ../2configs/logging/central-stats-client.nix # ../2configs/torrent.nix # ../2configs/elchos/search.nix @@ -63,6 +65,7 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; makefu.full-populate = true; + makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { downloadDir = lib.mkForce "/media/crypt0/torrent"; extraConfig = '' @@ -111,7 +114,7 @@ in { (d: "install -m 755 -d " + (toMapper d) ) [ 0 1 2 "X" ]} ''; - environment.systemPackages = with pkgs;[ + environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount wol # wake up filepimp f3 diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix deleted file mode 100644 index b637ca039..000000000 --- a/makefu/2configs/git/brain-retiolum.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import <stockholm/lib>; -let - - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - - krebs-repos = mapAttrs make-krebs-repo { - brain = { }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - pass = { }; - }; - - # TODO move users to separate module - make-priv-repo = name: { ... }: { - inherit name; - public = false; - }; - - make-krebs-repo = with git; name: { ... }: { - inherit name; - public = false; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - channel = "#retiolum"; - # TODO remove the hardcoded hostname - server = "ni.r"; - }; - }; - }; - - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - - set-ro-access = with git; repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - - priv-rules = repo: set-owners repo all-makefu; - - krebs-rules = repo: - set-owners repo all-makefu ++ set-ro-access repo krebsminister; - -in { - imports = [ ]; - krebs.git = { - enable = true; - cgit.enable = false; - inherit repos rules; - }; -} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 69e37e493..d4e73ab79 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -6,6 +6,9 @@ let influx-port = 8086; grafana-port = 3000; # TODO nginx forward in { + imports = [ + ../../lass/3modules/kapacitor.nix + ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -28,6 +31,39 @@ in { port = collectd-port; }]; }; + lass.kapacitor = + let + echoToIrc = pkgs.writeDash "echo_irc" '' + set -euf + data="$(${pkgs.jq}/bin/jq -r .message)" + export LOGNAME=malarm + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ''; + in { + enable = true; + alarms = { + cpu_deadman = '' + var data = batch + |query(''' + SELECT mean("value") AS mean + FROM "collectd_db"."default"."cpu_value" + WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0) + ''') + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" < 50) + .stateChangesOnly() + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + }; + + }; networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT |