summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-02-09 14:54:56 +0100
committertv <tv@krebsco.de>2017-02-09 14:54:56 +0100
commit38d2ff961f2ad8d02ae6061952abe42e4de89f75 (patch)
treea8573db9389ba5268a8fb83ddef6d92e3e1a7815 /krebs/3modules
parented406bd979609fd05f5846049f571f43e6512050 (diff)
parent954477b8674156754cd51021d92885b456a04a5b (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/kapacitor.nix173
-rw-r--r--krebs/3modules/lass/default.nix4
3 files changed, 177 insertions, 1 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 4b17c4abd..e0810ab63 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -21,6 +21,7 @@ let
./git.nix
./go.nix
./iptables.nix
+ ./kapacitor.nix
./newsbot-js.nix
./nginx.nix
./nixpkgs.nix
diff --git a/krebs/3modules/kapacitor.nix b/krebs/3modules/kapacitor.nix
new file mode 100644
index 000000000..2ec67c73d
--- /dev/null
+++ b/krebs/3modules/kapacitor.nix
@@ -0,0 +1,173 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with import <stockholm/lib>;
+
+let
+ cfg = config.krebs.kapacitor;
+
+ out = {
+ options.krebs.kapacitor = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ configOptions = recursiveUpdate {
+ hostname = "localhost";
+ data_dir = cfg.dataDir;
+ http = {
+ bind-address = ":9092";
+ auth-enabled = false;
+ log-enabled = false;
+ gtgwrite-tracing = false;
+ pprof-enabled = false;
+ https-enabled = false;
+ https-certificate = "/etc/ssl/kapacitor.pem";
+ shutdown-timeout = "10s";
+ shared-secret = "";
+ };
+
+ replay ={
+ dir = "${cfg.dataDir}/replay";
+ };
+
+ storage = {
+ boltdb = "${cfg.dataDir}/kapacitor.db";
+ };
+
+ task = {
+ dir = "${cfg.dataDir}/tasks";
+ snapshot-interval = "1m0s";
+ };
+
+ influxdb = [{
+ enabled = true;
+ name = "default";
+ default = false;
+ urls = ["http://localhost:8086"];
+ username = "";
+ password = "";
+ ssl-ca = "";
+ ssl-cert = "";
+ ssl-key = "";
+ insecure-skip-verify = false;
+ timeout = "0s";
+ disable-subscriptions = false;
+ subscription-protocol = "http";
+ udp-bind = "";
+ udp-buffer = 1000;
+ udp-read-buffer = 0;
+ startup-timeout = "5m0s";
+ subscriptions-sync-interval = "1m0s";
+ influxdb.excluded-subscriptions = {
+ _kapacitor = ["autogen"];
+ };
+ }];
+
+ logging = {
+ file = "STDERR";
+ level = "INFO";
+ };
+
+ deadman = {
+ interval = "10s";
+ id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'";
+ message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL.";
+ global = false;
+ };
+ } cfg.extraConfig;
+
+ api = {
+ enable = mkEnableOption "kapacitor";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/kapacitor";
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "kapacitor";
+ home = cfg.dataDir;
+ };
+ };
+ group = mkOption {
+ type = types.group;
+ default = {
+ name = "kapacitor";
+ };
+ };
+ extraConfig = mkOption {
+ type = types.attrs;
+ default = {};
+ };
+ alarms = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ database = mkOption {
+ type = str;
+ };
+ text = mkOption {
+ type = str;
+ };
+ };
+ });
+ default = {};
+ };
+ };
+
+ configFile = pkgs.runCommand "kapacitor.toml" {} ''
+ ${pkgs.remarshal}/bin/remarshal -if json -of toml \
+ < ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \
+ > $out
+ '';
+
+ imp = {
+ users = {
+ groups.${cfg.group.name} = {
+ inherit (cfg.group) name gid;
+ };
+ users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ group = cfg.group.name;
+ };
+ };
+
+ systemd.services.kapacitor = {
+ description = "kapacitor";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ User = cfg.user.name;
+ ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
+ };
+ };
+
+ systemd.services.kapacitor-alarms = {
+ description = "kapacitor-alarms";
+ after = [ "kapacitor.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Type = "oneshot";
+ User = cfg.user.name;
+ ExecStart = pkgs.writeDash "add_alarms" ''
+ ${pkgs.kapacitor}/bin/kapacitor delete tasks \*
+ ${concatStrings (mapAttrsToList (name: alarm: ''
+ ${pkgs.kapacitor}/bin/kapacitor define ${name} \
+ -type batch \
+ -tick ${pkgs.writeText "${name}.tick" alarm.text} \
+ -dbrp ${alarm.database}.default
+ ${pkgs.kapacitor}/bin/kapacitor enable ${name}
+ '') cfg.alarms)}
+ '';
+ };
+ };
+
+ };
+in out
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index d35a9f357..0b67abd11 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -302,7 +302,9 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
};
-
+ iso = {
+ cores = 1;
+ };
};
users = {
lass = {