makefu/2configs/logging/central-stats-server.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

{pkgs, config, ...}:

with import <stockholm/lib>;
let
  collectd-port = 25826;
  influx-port = 8086;
  grafana-port = 3000; # TODO nginx forward
  db = "collectd_db";
  logging-interface = config.makefu.server.primary-itf;
in {
  services.grafana.enable = true;
  services.grafana.addr = "0.0.0.0";

  services.influxdb.enable = true;

  # forward these via nginx
  services.influxdb.extraConfig = {
    meta.hostname = config.krebs.build.host.name;
    # meta.logging-enabled = true;
    http.bind-address = ":${toString influx-port}";
    admin.bind-address = ":8083";
    monitoring = {
      enabled = false;
      # write-interval = "24h";
    };
    collectd = [{
      enabled = true;
      typesdb = "${pkgs.collectd}/share/collectd/types.db";
      database = db;
      port = collectd-port;
    }];
  };
  krebs.kapacitor =
   let
      echoToIrc = pkgs.writeDash "echo_irc" ''
        set -euf
        data="$(${pkgs.jq}/bin/jq -r .message)"
        export LOGNAME=malarm
        ${pkgs.irc-announce}/bin/irc-announce \
          irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null
      '';
  in {
    enable = true;
    alarms = {
      cpu_deadman.database = db;
      cpu_deadman.text = ''
        var data = batch
            |query(${"'''"}
                  SELECT mean("value") AS mean
                  FROM "collectd_db"."default"."cpu_value"
                  WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0)
                ${"'''"})
                .period(10m)
                .every(1m)
                .groupBy('host')
        data |alert()
                .crit(lambda: "mean" < 50)
                .stateChangesOnly()
                .exec('${echoToIrc}')
        data |deadman(1.0,5m)
                .stateChangesOnly()
                .exec('${echoToIrc}')
      '';
    };

  };
  networking.firewall.extraCommands = ''
    iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
    iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
    iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
    iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
    iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
    iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT

    ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
    ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
    ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
    ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
    ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
    ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
  '';
}