diff options
author | tv <tv@krebsco.de> | 2017-02-09 14:54:56 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-02-09 14:54:56 +0100 |
commit | 38d2ff961f2ad8d02ae6061952abe42e4de89f75 (patch) | |
tree | a8573db9389ba5268a8fb83ddef6d92e3e1a7815 /lass/2configs | |
parent | ed406bd979609fd05f5846049f571f43e6512050 (diff) | |
parent | 954477b8674156754cd51021d92885b456a04a5b (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 2 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 4 | ||||
-rw-r--r-- | lass/2configs/monitoring/client.nix | 105 | ||||
-rw-r--r-- | lass/2configs/monitoring/server.nix | 83 | ||||
-rw-r--r-- | lass/2configs/newsbot-js.nix | 5 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 3 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 10 |
9 files changed, 88 insertions, 127 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e879e8e58..2933ca0e4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -66,7 +66,6 @@ in { youtube-tools rxvt_unicode - termite #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index c9e2928b3..cd11254d6 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -11,7 +11,7 @@ let in { config.krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.prism/stockholm ; + stockholm-mirror-url = http://cgit.lassul.us/stockholm ; in { workers = { testworker = "lasspass"; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 872acc003..e4b319528 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -17,7 +17,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0x976A7E4D set crypt_autosign = yes @@ -99,7 +99,7 @@ let ''; mutt = pkgs.writeDashBin "mutt" '' - exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ ''; in { diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index e879d6960..e2b7dcae6 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -1,94 +1,35 @@ {pkgs, config, ...}: with import <stockholm/lib>; { - lass.telegraf = { + services.telegraf = { enable = true; - interval = "1s"; - - outputs = '' - [outputs.influxdb] - urls = ["http://prism:8086"] - database = "telegraf_db" - user_agent = "telegraf" - ''; - inputs = [ - '' - [cpu] - percpu = false - totalcpu = true - drop = ["cpu_time"] - '' - '' - [[inputs.mem]] - '' - '' - [[inputs.ping]] - urls = ["8.8.8.8"] - '' - '' - [[inputs.net]] - '' - '' - [[inputs.dns_query]] - servers = ["8.8.8.8"] - '' - ]; + extraConfig = { + agent.interval = "1s"; + outputs = { + influxdb = { + urls = ["http://prism:8086"]; + database = "telegraf_db"; + user_agent = "telegraf"; + }; + }; + inputs = { + cpu = { + percpu = false; + totalcpu = true; + }; + mem = {}; + net = {}; + }; + }; }; - systemd.services.telegraf.path = with pkgs; [ - iputils - lm_sensors - ]; - services.collectd = { + services.journalbeat = { enable = true; - autoLoadPlugin = true; extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - LoadPlugin df - <Plugin "df"> - MountPoint "/nix/store" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - </Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "prism" "25826" - </Plugin> + output.elasticsearch: + hosts: ["prism:9200"] + template.enabled: false ''; }; } diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index 2e1c15ca1..bbae4511e 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -1,15 +1,14 @@ {pkgs, config, ...}: with import <stockholm/lib>; { - services.influxdb = { - enable = true; - }; + services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; http.bind-address = ":8086"; admin.bind-address = ":8083"; + http.log-enabled = false; monitoring = { enabled = false; # write-interval = "24h"; @@ -22,45 +21,79 @@ with import <stockholm/lib>; }]; }; - lass.kapacitor = + krebs.kapacitor = let + db = "telegraf_db"; echoToIrc = pkgs.writeDash "echo_irc" '' set -euf data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null + ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null ''; in { enable = true; alarms = { - test2 = '' - batch - |query(${"'''"} - SELECT mean("usage_user") AS mean - FROM "${config.lass.kapacitor.check_db}"."default"."cpu" - ${"'''"}) - .every(3m) - .period(1m) - .groupBy('host') - |alert() - .crit(lambda: "mean" > 90) - // Whenever we get an alert write it to a file. - .log('/tmp/alerts.log') - .exec('${echoToIrc}') - ''; + cpu = { + database = db; + text = '' + var data = batch + |query(${"'''"} + SELECT mean("usage_user") AS mean + FROM "${db}"."default"."cpu" + ${"'''"}) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" > 90) + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + }; + ram = { + database = db; + text = '' + var data = batch + |query(${"'''"} + SELECT mean("used_percent") AS mean + FROM "${db}"."default"."mem" + ${"'''"}) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" > 90) + .exec('${echoToIrc}') + ''; + }; }; }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } - { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } - ]; services.grafana = { enable = true; addr = "0.0.0.0"; auth.anonymous.enable = true; security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} }; + + services.elasticsearch = { + enable = true; + listenAddress = "0.0.0.0"; + }; + + services.kibana = { + enable = true; + listenAddress = "0.0.0.0"; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } + { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; } + ]; } diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 46ff3fbf9..3c6c5dc88 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -10,10 +10,6 @@ let arbor|http://feeds2.feedburner.com/asert/|#news archlinux|http://www.archlinux.org/feeds/news/|#news ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news - asiaone_asia|http://news.asiaone.com/rss/asia|#news - asiaone_business|http://business.asiaone.com/rss.xml|#news - asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news - asiaone_world|http://news.asiaone.com/rss/world|#news augustl|http://augustl.com/atom.xml|#news bbc|http://feeds.bbci.co.uk/news/rss.xml|#news bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag @@ -78,7 +74,6 @@ let heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial hindu|http://www.thehindu.com/?service=rss|#news - hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news ign|http://feeds.ign.com/ign/all|#news independent|http://www.independent.com/rss/headlines/|#news indymedia|http://de.indymedia.org/RSS/newswire.xml|#news diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 4a1b0379b..aef9dd8b4 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "5fff5a902594b34471b613eb2babcec923e1e1f1"; + ref = "f7b7d8e"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index b1a26b171..83f646130 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -49,7 +49,7 @@ let mirror.url = "${mirror}${name}"; }; lassulus = { - origin.url = "http://cgit.prism/${name}"; + origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; "@latest" = { @@ -102,6 +102,7 @@ in { (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") + (sync-retiolum "populate") (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "web-routes-wai-custom") diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 66fc681b1..0b75425c4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -118,8 +118,7 @@ in { { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } - { from = "nrg@ubikmedia.eu"; to = "nrg"; } - { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; } + { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; @@ -161,13 +160,6 @@ in { createHome = true; }; - users.users.nrg = { - uid = genid_signed "nrg"; - home = "/home/nrg"; - useDefaultShell = true; - createHome = true; - }; - users.users.testuser = { uid = genid_signed "testuser"; home = "/home/testuser"; |