summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/kapacitor.nix221
-rw-r--r--lass/3modules/telegraf.nix67
-rw-r--r--lass/3modules/usershadow.nix7
4 files changed, 295 insertions, 2 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index b169fea40..2bf2df8b3 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,5 +9,7 @@ _:
./urxvtd.nix
./usershadow.nix
./xresources.nix
+ ./kapacitor.nix
+ ./telegraf.nix
];
}
diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix
new file mode 100644
index 000000000..8524c8198
--- /dev/null
+++ b/lass/3modules/kapacitor.nix
@@ -0,0 +1,221 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.kapacitor;
+
+ out = {
+ options.lass.kapacitor = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "kapacitor";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/kapacitor";
+ };
+ user = mkOption {
+ type = types.str;
+ default = "kapacitor";
+ };
+ config = mkOption {
+ type = types.str;
+ #TODO: find a good default
+ default = ''
+ hostname = "localhost"
+ data_dir = "${cfg.dataDir}"
+
+ [http]
+ bind-address = ":9092"
+ auth-enabled = false
+ log-enabled = true
+ write-tracing = false
+ pprof-enabled = false
+ https-enabled = false
+ https-certificate = "/etc/ssl/kapacitor.pem"
+ shutdown-timeout = "10s"
+ shared-secret = ""
+
+ [replay]
+ dir = "${cfg.dataDir}/replay"
+
+ [storage]
+ boltdb = "${cfg.dataDir}/kapacitor.db"
+
+ [task]
+ dir = "${cfg.dataDir}/tasks"
+ snapshot-interval = "1m0s"
+
+ [[influxdb]]
+ enabled = true
+ name = "default"
+ default = false
+ urls = ["http://localhost:8086"]
+ username = ""
+ password = ""
+ ssl-ca = ""
+ ssl-cert = ""
+ ssl-key = ""
+ insecure-skip-verify = false
+ timeout = "0s"
+ disable-subscriptions = false
+ subscription-protocol = "http"
+ udp-bind = ""
+ udp-buffer = 1000
+ udp-read-buffer = 0
+ startup-timeout = "5m0s"
+ subscriptions-sync-interval = "1m0s"
+ [influxdb.subscriptions]
+ [influxdb.excluded-subscriptions]
+ _kapacitor = ["autogen"]
+
+ [logging]
+ file = "STDERR"
+ level = "INFO"
+
+ [collectd]
+ enabled = false
+ bind-address = ":25826"
+ database = "collectd"
+ retention-policy = ""
+ batch-size = 5000
+ batch-pending = 10
+ batch-timeout = "10s"
+ read-buffer = 0
+ typesdb = "/usr/share/collectd/types.db"
+
+ [opentsdb]
+ enabled = false
+ bind-address = ":4242"
+ database = "opentsdb"
+ retention-policy = ""
+ consistency-level = "one"
+ tls-enabled = false
+ certificate = "/etc/ssl/influxdb.pem"
+ batch-size = 1000
+ batch-pending = 5
+ batch-timeout = "1s"
+ log-point-errors = true
+
+ [smtp]
+ enabled = false
+ host = "localhost"
+ port = 25
+ username = ""
+ password = ""
+ no-verify = false
+ global = false
+ state-changes-only = false
+ from = ""
+ idle-timeout = "30s"
+
+ [opsgenie]
+ enabled = false
+ api-key = ""
+ url = "https://api.opsgenie.com/v1/json/alert"
+ recovery_url = "https://api.opsgenie.com/v1/json/alert/note"
+ global = false
+
+ [victorops]
+ enabled = false
+ api-key = ""
+ routing-key = ""
+ url = "https://alert.victorops.com/integrations/generic/20131114/alert"
+ global = false
+
+ [pagerduty]
+ enabled = false
+ url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json"
+ service-key = ""
+ global = false
+
+ [sensu]
+ enabled = false
+ addr = ""
+ source = "Kapacitor"
+
+ [slack]
+ enabled = false
+ url = ""
+ channel = ""
+ global = false
+ state-changes-only = false
+
+ [telegram]
+ enabled = false
+ url = "https://api.telegram.org/bot"
+ token = ""
+ chat-id = ""
+ parse-mode = ""
+ disable-web-page-preview = false
+ disable-notification = false
+ global = false
+ state-changes-only = false
+
+ [hipchat]
+ enabled = false
+ url = ""
+ token = ""
+ room = ""
+ global = false
+ state-changes-only = false
+
+ [alerta]
+ enabled = false
+ url = ""
+ token = ""
+ environment = ""
+ origin = ""
+
+ [reporting]
+ enabled = true
+ url = "https://usage.influxdata.com"
+
+ [stats]
+ enabled = true
+ stats-interval = "10s"
+ database = "_kapacitor"
+ retention-policy = "autogen"
+ timing-sample-rate = 0.1
+ timing-movavg-size = 1000
+
+ [udf]
+
+ [deadman]
+ interval = "10s"
+ threshold = 0.0
+ id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
+ message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
+ global = false
+
+ [talk]
+ enabled = false
+ url = ""
+ author_name = ""
+ '';
+ description = "configuration kapacitor is started with";
+ };
+ };
+
+ configFile = pkgs.writeText "kapacitor.conf" cfg.config;
+
+ imp = {
+
+ systemd.services.kapacitor = {
+ description = "kapacitor";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
+ };
+ };
+ };
+
+in out
diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix
new file mode 100644
index 000000000..64b323460
--- /dev/null
+++ b/lass/3modules/telegraf.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.telegraf;
+
+ out = {
+ options.lass.telegraf = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "telegraf";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/telegraf";
+ };
+ user = mkOption {
+ type = types.str;
+ default = "telegraf";
+ };
+ config = mkOption {
+ type = types.str;
+ #TODO: find a good default
+ default = ''
+ [agent]
+ interval = "1s"
+
+ [outputs]
+
+ # Configuration to send data to InfluxDB.
+ [outputs.influxdb]
+ urls = ["http://localhost:8086"]
+ database = "kapacitor_example"
+ user_agent = "telegraf"
+
+ # Collect metrics about cpu usage
+ [cpu]
+ percpu = false
+ totalcpu = true
+ drop = ["cpu_time"]
+ '';
+ description = "configuration telegraf is started with";
+ };
+ };
+
+ configFile = pkgs.writeText "telegraf.conf" cfg.config;
+
+ imp = {
+
+ systemd.services.telegraf = {
+ description = "telegraf";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
+ };
+ };
+ };
+
+in out
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index c0be053ab..fc9e63e31 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -22,10 +22,13 @@
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
account required pam_permit.so
+ auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+ auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+ auth sufficient pam_unix.so likeauth try_first_pass
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_permit.so
+ session required pam_loginuid.so
'';
security.pam.services.dovecot2.text = ''