diff options
Diffstat (limited to 'lass/3modules')
-rw-r--r-- | lass/3modules/default.nix | 2 | ||||
-rw-r--r-- | lass/3modules/kapacitor.nix | 221 | ||||
-rw-r--r-- | lass/3modules/telegraf.nix | 67 | ||||
-rw-r--r-- | lass/3modules/usershadow.nix | 7 |
4 files changed, 295 insertions, 2 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b169fea40..2bf2df8b3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,5 +9,7 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./kapacitor.nix + ./telegraf.nix ]; } diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix new file mode 100644 index 000000000..8524c8198 --- /dev/null +++ b/lass/3modules/kapacitor.nix @@ -0,0 +1,221 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.kapacitor; + + out = { + options.lass.kapacitor = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "kapacitor"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/kapacitor"; + }; + user = mkOption { + type = types.str; + default = "kapacitor"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + hostname = "localhost" + data_dir = "${cfg.dataDir}" + + [http] + bind-address = ":9092" + auth-enabled = false + log-enabled = true + write-tracing = false + pprof-enabled = false + https-enabled = false + https-certificate = "/etc/ssl/kapacitor.pem" + shutdown-timeout = "10s" + shared-secret = "" + + [replay] + dir = "${cfg.dataDir}/replay" + + [storage] + boltdb = "${cfg.dataDir}/kapacitor.db" + + [task] + dir = "${cfg.dataDir}/tasks" + snapshot-interval = "1m0s" + + [[influxdb]] + enabled = true + name = "default" + default = false + urls = ["http://localhost:8086"] + username = "" + password = "" + ssl-ca = "" + ssl-cert = "" + ssl-key = "" + insecure-skip-verify = false + timeout = "0s" + disable-subscriptions = false + subscription-protocol = "http" + udp-bind = "" + udp-buffer = 1000 + udp-read-buffer = 0 + startup-timeout = "5m0s" + subscriptions-sync-interval = "1m0s" + [influxdb.subscriptions] + [influxdb.excluded-subscriptions] + _kapacitor = ["autogen"] + + [logging] + file = "STDERR" + level = "INFO" + + [collectd] + enabled = false + bind-address = ":25826" + database = "collectd" + retention-policy = "" + batch-size = 5000 + batch-pending = 10 + batch-timeout = "10s" + read-buffer = 0 + typesdb = "/usr/share/collectd/types.db" + + [opentsdb] + enabled = false + bind-address = ":4242" + database = "opentsdb" + retention-policy = "" + consistency-level = "one" + tls-enabled = false + certificate = "/etc/ssl/influxdb.pem" + batch-size = 1000 + batch-pending = 5 + batch-timeout = "1s" + log-point-errors = true + + [smtp] + enabled = false + host = "localhost" + port = 25 + username = "" + password = "" + no-verify = false + global = false + state-changes-only = false + from = "" + idle-timeout = "30s" + + [opsgenie] + enabled = false + api-key = "" + url = "https://api.opsgenie.com/v1/json/alert" + recovery_url = "https://api.opsgenie.com/v1/json/alert/note" + global = false + + [victorops] + enabled = false + api-key = "" + routing-key = "" + url = "https://alert.victorops.com/integrations/generic/20131114/alert" + global = false + + [pagerduty] + enabled = false + url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json" + service-key = "" + global = false + + [sensu] + enabled = false + addr = "" + source = "Kapacitor" + + [slack] + enabled = false + url = "" + channel = "" + global = false + state-changes-only = false + + [telegram] + enabled = false + url = "https://api.telegram.org/bot" + token = "" + chat-id = "" + parse-mode = "" + disable-web-page-preview = false + disable-notification = false + global = false + state-changes-only = false + + [hipchat] + enabled = false + url = "" + token = "" + room = "" + global = false + state-changes-only = false + + [alerta] + enabled = false + url = "" + token = "" + environment = "" + origin = "" + + [reporting] + enabled = true + url = "https://usage.influxdata.com" + + [stats] + enabled = true + stats-interval = "10s" + database = "_kapacitor" + retention-policy = "autogen" + timing-sample-rate = 0.1 + timing-movavg-size = 1000 + + [udf] + + [deadman] + interval = "10s" + threshold = 0.0 + id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'" + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL." + global = false + + [talk] + enabled = false + url = "" + author_name = "" + ''; + description = "configuration kapacitor is started with"; + }; + }; + + configFile = pkgs.writeText "kapacitor.conf" cfg.config; + + imp = { + + systemd.services.kapacitor = { + description = "kapacitor"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; + }; + }; + }; + +in out diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix new file mode 100644 index 000000000..64b323460 --- /dev/null +++ b/lass/3modules/telegraf.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.telegraf; + + out = { + options.lass.telegraf = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "telegraf"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/telegraf"; + }; + user = mkOption { + type = types.str; + default = "telegraf"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + [agent] + interval = "1s" + + [outputs] + + # Configuration to send data to InfluxDB. + [outputs.influxdb] + urls = ["http://localhost:8086"] + database = "kapacitor_example" + user_agent = "telegraf" + + # Collect metrics about cpu usage + [cpu] + percpu = false + totalcpu = true + drop = ["cpu_time"] + ''; + description = "configuration telegraf is started with"; + }; + }; + + configFile = pkgs.writeText "telegraf.conf" cfg.config; + + imp = { + + systemd.services.telegraf = { + description = "telegraf"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}"; + }; + }; + }; + +in out diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index c0be053ab..fc9e63e31 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,10 +22,13 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so account required pam_permit.so + auth required pam_env.so envfile=${config.system.build.pamEnvironment} + auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth sufficient pam_unix.so likeauth try_first_pass + session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_permit.so + session required pam_loginuid.so ''; security.pam.services.dovecot2.text = '' |