summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--makefu/1systems/omo.nix5
-rw-r--r--makefu/2configs/git/brain-retiolum.nix67
-rw-r--r--makefu/2configs/logging/central-stats-server.nix36
3 files changed, 40 insertions, 68 deletions
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 609d52134..422fe7c48 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -53,6 +53,8 @@ in {
#../2configs/share-user-sftp.nix
../2configs/omo-share.nix
../2configs/tinc/retiolum.nix
+ ../2configs/logging/central-stats-server.nix
+ ../2configs/logging/central-stats-client.nix
# ../2configs/torrent.nix
# ../2configs/elchos/search.nix
@@ -63,6 +65,7 @@ in {
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
];
makefu.full-populate = true;
+ makefu.server.primary-itf = primaryInterface;
krebs.rtorrent = {
downloadDir = lib.mkForce "/media/crypt0/torrent";
extraConfig = ''
@@ -111,7 +114,7 @@ in {
(d: "install -m 755 -d " + (toMapper d) )
[ 0 1 2 "X" ]}
'';
- environment.systemPackages = with pkgs;[
+ environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
wol # wake up filepimp
f3
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
deleted file mode 100644
index b637ca039..000000000
--- a/makefu/2configs/git/brain-retiolum.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
-# TODO: remove tv lib :)
-with import <stockholm/lib>;
-let
-
- repos = priv-repos // krebs-repos ;
- rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
-
- krebs-repos = mapAttrs make-krebs-repo {
- brain = { };
- };
-
- priv-repos = mapAttrs make-priv-repo {
- autosync = { };
- pass = { };
- };
-
- # TODO move users to separate module
- make-priv-repo = name: { ... }: {
- inherit name;
- public = false;
- };
-
- make-krebs-repo = with git; name: { ... }: {
- inherit name;
- public = false;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- channel = "#retiolum";
- # TODO remove the hardcoded hostname
- server = "ni.r";
- };
- };
- };
-
- set-owners = with git;repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- };
-
- set-ro-access = with git; repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = fetch;
- };
-
- # TODO: get the list of all krebsministers
- krebsminister = with config.krebs.users; [ lass tv ];
- all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
-
- priv-rules = repo: set-owners repo all-makefu;
-
- krebs-rules = repo:
- set-owners repo all-makefu ++ set-ro-access repo krebsminister;
-
-in {
- imports = [ ];
- krebs.git = {
- enable = true;
- cgit.enable = false;
- inherit repos rules;
- };
-}
diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix
index 69e37e493..d4e73ab79 100644
--- a/makefu/2configs/logging/central-stats-server.nix
+++ b/makefu/2configs/logging/central-stats-server.nix
@@ -6,6 +6,9 @@ let
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
in {
+ imports = [
+ ../../lass/3modules/kapacitor.nix
+ ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@@ -28,6 +31,39 @@ in {
port = collectd-port;
}];
};
+ lass.kapacitor =
+ let
+ echoToIrc = pkgs.writeDash "echo_irc" ''
+ set -euf
+ data="$(${pkgs.jq}/bin/jq -r .message)"
+ export LOGNAME=malarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null
+ '';
+ in {
+ enable = true;
+ alarms = {
+ cpu_deadman = ''
+ var data = batch
+ |query('''
+ SELECT mean("value") AS mean
+ FROM "collectd_db"."default"."cpu_value"
+ WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0)
+ ''')
+ .period(10m)
+ .every(1m)
+ .groupBy('host')
+ data |alert()
+ .crit(lambda: "mean" < 50)
+ .stateChangesOnly()
+ .exec('${echoToIrc}')
+ data |deadman(1.0,5m)
+ .stateChangesOnly()
+ .exec('${echoToIrc}')
+ '';
+ };
+
+ };
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT