diff options
author | tv <tv@krebsco.de> | 2017-02-09 14:54:56 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-02-09 14:54:56 +0100 |
commit | 38d2ff961f2ad8d02ae6061952abe42e4de89f75 (patch) | |
tree | a8573db9389ba5268a8fb83ddef6d92e3e1a7815 /krebs/3modules | |
parent | ed406bd979609fd05f5846049f571f43e6512050 (diff) | |
parent | 954477b8674156754cd51021d92885b456a04a5b (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/kapacitor.nix | 173 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 4 |
3 files changed, 177 insertions, 1 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 4b17c4abd..e0810ab63 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -21,6 +21,7 @@ let ./git.nix ./go.nix ./iptables.nix + ./kapacitor.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/kapacitor.nix b/krebs/3modules/kapacitor.nix new file mode 100644 index 000000000..2ec67c73d --- /dev/null +++ b/krebs/3modules/kapacitor.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with import <stockholm/lib>; + +let + cfg = config.krebs.kapacitor; + + out = { + options.krebs.kapacitor = api; + config = mkIf cfg.enable imp; + }; + + configOptions = recursiveUpdate { + hostname = "localhost"; + data_dir = cfg.dataDir; + http = { + bind-address = ":9092"; + auth-enabled = false; + log-enabled = false; + gtgwrite-tracing = false; + pprof-enabled = false; + https-enabled = false; + https-certificate = "/etc/ssl/kapacitor.pem"; + shutdown-timeout = "10s"; + shared-secret = ""; + }; + + replay ={ + dir = "${cfg.dataDir}/replay"; + }; + + storage = { + boltdb = "${cfg.dataDir}/kapacitor.db"; + }; + + task = { + dir = "${cfg.dataDir}/tasks"; + snapshot-interval = "1m0s"; + }; + + influxdb = [{ + enabled = true; + name = "default"; + default = false; + urls = ["http://localhost:8086"]; + username = ""; + password = ""; + ssl-ca = ""; + ssl-cert = ""; + ssl-key = ""; + insecure-skip-verify = false; + timeout = "0s"; + disable-subscriptions = false; + subscription-protocol = "http"; + udp-bind = ""; + udp-buffer = 1000; + udp-read-buffer = 0; + startup-timeout = "5m0s"; + subscriptions-sync-interval = "1m0s"; + influxdb.excluded-subscriptions = { + _kapacitor = ["autogen"]; + }; + }]; + + logging = { + file = "STDERR"; + level = "INFO"; + }; + + deadman = { + interval = "10s"; + id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"; + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."; + global = false; + }; + } cfg.extraConfig; + + api = { + enable = mkEnableOption "kapacitor"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/kapacitor"; + }; + user = mkOption { + type = types.user; + default = { + name = "kapacitor"; + home = cfg.dataDir; + }; + }; + group = mkOption { + type = types.group; + default = { + name = "kapacitor"; + }; + }; + extraConfig = mkOption { + type = types.attrs; + default = {}; + }; + alarms = mkOption { + type = with types; attrsOf (submodule { + options = { + database = mkOption { + type = str; + }; + text = mkOption { + type = str; + }; + }; + }); + default = {}; + }; + }; + + configFile = pkgs.runCommand "kapacitor.toml" {} '' + ${pkgs.remarshal}/bin/remarshal -if json -of toml \ + < ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \ + > $out + ''; + + imp = { + users = { + groups.${cfg.group.name} = { + inherit (cfg.group) name gid; + }; + users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + group = cfg.group.name; + }; + }; + + systemd.services.kapacitor = { + description = "kapacitor"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + User = cfg.user.name; + ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; + }; + }; + + systemd.services.kapacitor-alarms = { + description = "kapacitor-alarms"; + after = [ "kapacitor.service" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user.name; + ExecStart = pkgs.writeDash "add_alarms" '' + ${pkgs.kapacitor}/bin/kapacitor delete tasks \* + ${concatStrings (mapAttrsToList (name: alarm: '' + ${pkgs.kapacitor}/bin/kapacitor define ${name} \ + -type batch \ + -tick ${pkgs.writeText "${name}.tick" alarm.text} \ + -dbrp ${alarm.database}.default + ${pkgs.kapacitor}/bin/kapacitor enable ${name} + '') cfg.alarms)} + ''; + }; + }; + + }; +in out diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d35a9f357..0b67abd11 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -302,7 +302,9 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; }; - + iso = { + cores = 1; + }; }; users = { lass = { |