From 2c484daf3cb78deefdcfe2ef6cececaab397dace Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 00:23:44 +0100 Subject: l 2 monitoring client: remove dns query --- lass/2configs/monitoring/client.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index e879d696..210fd2d1 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -29,10 +29,6 @@ with import ; '' [[inputs.net]] '' - '' - [[inputs.dns_query]] - servers = ["8.8.8.8"] - '' ]; }; systemd.services.telegraf.path = with pkgs; [ -- cgit v1.2.3 From 0ea991ffe9252041751e6e740c5166e164541928 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 00:25:39 +0100 Subject: l 2 monitoring server: add ram & deadman alarm --- lass/2configs/monitoring/server.nix | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index 2e1c15ca..505cb7a1 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -1,9 +1,7 @@ {pkgs, config, ...}: with import ; { - services.influxdb = { - enable = true; - }; + services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; @@ -29,24 +27,39 @@ with import ; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null + ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null ''; in { enable = true; + check_db = "telegraf_db"; alarms = { - test2 = '' - batch + cpu = '' + var data = batch |query(${"'''"} SELECT mean("usage_user") AS mean FROM "${config.lass.kapacitor.check_db}"."default"."cpu" ${"'''"}) - .every(3m) - .period(1m) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" > 90) + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + ram = '' + var data = batch + |query(${"'''"} + SELECT mean("used_percent") AS mean + FROM "${config.lass.kapacitor.check_db}"."default"."mem" + ${"'''"}) + .period(10m) + .every(1m) .groupBy('host') - |alert() - .crit(lambda: "mean" > 90) - // Whenever we get an alert write it to a file. - .log('/tmp/alerts.log') + data |alert() + .crit(lambda: "mean" > 90) .exec('${echoToIrc}') ''; }; -- cgit v1.2.3 From 2a3176d871497daf95cd5c28fc5c2d02d1bd32fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 00:28:41 +0100 Subject: l 2 nixpkgs: 5fff5a9 -> f66d782 unstable --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 4a1b0379..e7229654 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "5fff5a902594b34471b613eb2babcec923e1e1f1"; + ref = "f66d782"; }; } -- cgit v1.2.3 From 25597af7630ba57a771c90748dd7e0d18e42052b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 00:48:06 +0100 Subject: l 3: remove urxvtd --- lass/3modules/default.nix | 1 - lass/3modules/urxvtd.nix | 55 ----------------------------------------------- 2 files changed, 56 deletions(-) delete mode 100644 lass/3modules/urxvtd.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 2bf2df8b..f97b041a 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -6,7 +6,6 @@ _: ./hosts.nix ./mysql-backup.nix ./umts.nix - ./urxvtd.nix ./usershadow.nix ./xresources.nix ./kapacitor.nix diff --git a/lass/3modules/urxvtd.nix b/lass/3modules/urxvtd.nix deleted file mode 100644 index 469616a9..00000000 --- a/lass/3modules/urxvtd.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -let -in - -with builtins; -with lib; - -{ - options = { - services.urxvtd = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable urxvtd per user"; - }; - users = mkOption { - type = types.listOf types.string; - default = []; - description = "users to run urxvtd for"; - }; - urxvtPackage = mkOption { - type = types.package; - default = pkgs.rxvt_unicode; - description = "urxvt package to use"; - }; - }; - }; - - config = - let - cfg = config.services.urxvtd; - users = cfg.users; - urxvt = cfg.urxvtPackage; - mkService = user: { - description = "urxvt terminal daemon"; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = false; - path = [ pkgs.xlibs.xrdb ]; - environment = { - DISPLAY = ":0"; - URXVT_PERL_LIB = "${urxvt}/lib/urxvt/perl"; - }; - serviceConfig = { - Restart = "always"; - User = user; - ExecStart = "${urxvt}/bin/urxvtd"; - }; - }; - in - mkIf cfg.enable { - environment.systemPackages = [ urxvt ]; - systemd.services = listToAttrs (map (u: { name = "${u}-urxvtd"; value = mkService u; }) users); - }; -} -- cgit v1.2.3 From 2d8c8c4cf51db69912633283c53327197ad5b437 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 01:18:53 +0100 Subject: l 2 baseX: remove broken termite --- lass/2configs/baseX.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e879e8e5..2933ca0e 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -66,7 +66,6 @@ in { youtube-tools rxvt_unicode - termite #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh -- cgit v1.2.3 From 427482e4793cb679804d2d0c1f8b5a809502464f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 01:19:10 +0100 Subject: l 5 xmonad: remove broken termite --- lass/5pkgs/xmonad-lass.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index cf8eaf05..dd4d8803 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -129,7 +129,6 @@ myKeyMap = , ("M4-", toggleWS) , ("M4-S-", spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath) - , ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) -- cgit v1.2.3 From cf5cb7267f0df98997452a1d9faf910946c709ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 09:30:56 +0100 Subject: l 2 mail: mutt-kz -> neomutt --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 872acc00..5ca84133 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -17,7 +17,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0x976A7E4D set crypt_autosign = yes @@ -99,7 +99,7 @@ let ''; mutt = pkgs.writeDashBin "mutt" '' - exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ ''; in { -- cgit v1.2.3 From 035dce390cf0de75cf9e10e67c51388a9d1b648b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 09:35:31 +0100 Subject: l 2 websites domsen: remove user nrg --- lass/2configs/websites/domsen.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 66fc681b..0b75425c 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -118,8 +118,7 @@ in { { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } - { from = "nrg@ubikmedia.eu"; to = "nrg"; } - { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; } + { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; @@ -161,13 +160,6 @@ in { createHome = true; }; - users.users.nrg = { - uid = genid_signed "nrg"; - home = "/home/nrg"; - useDefaultShell = true; - createHome = true; - }; - users.users.testuser = { uid = genid_signed "testuser"; home = "/home/testuser"; -- cgit v1.2.3 From 6ad79bd34eb62d916d5802536174bdb6c3fcd363 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 12:15:17 +0100 Subject: l 2 monitoring client: use services.telegraf --- lass/2configs/monitoring/client.nix | 105 ++++++++---------------------------- 1 file changed, 22 insertions(+), 83 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index 210fd2d1..d20ad475 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -1,90 +1,29 @@ {pkgs, config, ...}: with import ; { - lass.telegraf = { + services.telegraf = { enable = true; - interval = "1s"; - - outputs = '' - [outputs.influxdb] - urls = ["http://prism:8086"] - database = "telegraf_db" - user_agent = "telegraf" - ''; - inputs = [ - '' - [cpu] - percpu = false - totalcpu = true - drop = ["cpu_time"] - '' - '' - [[inputs.mem]] - '' - '' - [[inputs.ping]] - urls = ["8.8.8.8"] - '' - '' - [[inputs.net]] - '' - ]; - }; - systemd.services.telegraf.path = with pkgs; [ - iputils - lm_sensors - ]; - - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - Interval 30.0 - - LoadPlugin interface - - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - - - LoadPlugin df - - MountPoint "/nix/store" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - - - LoadPlugin cpu - - ReportByCpu true - ReportByState true - ValuesPercentage true - - - LoadPlugin network - - Server "prism" "25826" - - ''; + extraConfig = { + interval = "1s"; + outputs = { + influxdb = { + urls = ["http://prism:8086"]; + database = "telegraf_db"; + user_agent = "telegraf"; + }; + }; + inputs = { + cpu = { + percpu = false; + totalcpu = true; + }; + mem = {}; + ping = { + urls = ["8.8.8.8"]; + }; + net = {}; + }; + }; }; } -- cgit v1.2.3 From 53532e63f006479bc3ff57c93a2b5f52d4709545 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 14:20:55 +0100 Subject: l 2 monitoring: remove broken ping statistics --- lass/2configs/monitoring/client.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index d20ad475..bd7d6acb 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -19,9 +19,6 @@ with import ; totalcpu = true; }; mem = {}; - ping = { - urls = ["8.8.8.8"]; - }; net = {}; }; }; -- cgit v1.2.3 From a5bd0ad7742260db8893d8578950a0cfd0cbc62e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Feb 2017 14:21:42 +0100 Subject: l 2 monitoring: set agent interval to 1s --- lass/2configs/monitoring/client.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index bd7d6acb..b8c24521 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -5,7 +5,7 @@ with import ; enable = true; extraConfig = { - interval = "1s"; + agent.interval = "1s"; outputs = { influxdb = { urls = ["http://prism:8086"]; -- cgit v1.2.3 From b24a84a4e12e0943a17c7afb715bd728a6a6e47f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2017 15:08:49 +0100 Subject: l 2 repo-sync: also sync populate --- lass/2configs/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index b1a26b17..5b6930c9 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -102,6 +102,7 @@ in { (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") + (sync-retiolum "populate") (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "web-routes-wai-custom") -- cgit v1.2.3 From 9439a1579ed84af8b43eb5ddb01b7aa19e060b79 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2017 15:09:10 +0100 Subject: l 2 mail: fix path to gpg.rc --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 5ca84133..e4b31952 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -17,7 +17,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0x976A7E4D set crypt_autosign = yes -- cgit v1.2.3 From 96ab457d0985aa9fec742430a285012a797ba8d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2017 16:20:45 +0100 Subject: l 2 repo-sync: use lassul.us instead of prism workaround because cgit http is currently broken on prism --- lass/2configs/repo-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 5b6930c9..83f64613 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -49,7 +49,7 @@ let mirror.url = "${mirror}${name}"; }; lassulus = { - origin.url = "http://cgit.prism/${name}"; + origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; "@latest" = { -- cgit v1.2.3 From 8d5484a79763cc4d4f4feebc5cb1fa27d3d44764 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2017 17:02:41 +0100 Subject: l 2 buildbot: use cgit.lassul.us --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index c9e2928b..cd11254d 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -11,7 +11,7 @@ let in { config.krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.prism/stockholm ; + stockholm-mirror-url = http://cgit.lassul.us/stockholm ; in { workers = { testworker = "lasspass"; -- cgit v1.2.3 From 73f72eeaf128104328b5e53257e3ca92c8441df5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2017 19:13:59 +0100 Subject: l 3: remove obsolete telegraf module --- lass/3modules/default.nix | 1 - lass/3modules/telegraf.nix | 84 ---------------------------------------------- 2 files changed, 85 deletions(-) delete mode 100644 lass/3modules/telegraf.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index f97b041a..f4a2b456 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,6 +9,5 @@ _: ./usershadow.nix ./xresources.nix ./kapacitor.nix - ./telegraf.nix ]; } diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix deleted file mode 100644 index 0b3be2d6..00000000 --- a/lass/3modules/telegraf.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: - -with builtins; -with lib; - -let - cfg = config.lass.telegraf; - - out = { - options.lass.telegraf = api; - config = mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "telegraf"; - dataDir = mkOption { - type = types.str; - default = "/var/lib/telegraf"; - }; - user = mkOption { - type = types.str; - default = "telegraf"; - }; - outputs = mkOption { - type = types.str; - default = '' - [outputs.influxdb] - urls = ["http://localhost:8086"] - database = "telegraf_db" - user_agent = "telegraf" - ''; - }; - inputs = mkOption { - type = with types; listOf str; - default = [ - '' - [cpu] - percpu = false - totalcpu = true - drop = ["cpu_time"] - '' - ]; - }; - interval = mkOption { - type = types.str; - default = "10s"; - }; - config = mkOption { - type = types.str; - #TODO: find a good default - default = '' - [agent] - interval = "${cfg.interval}" - - [outputs] - - ${cfg.outputs} - - ${concatStringsSep "\n" cfg.inputs} - - ''; - description = "configuration telegraf is started with"; - }; - }; - - configFile = pkgs.writeText "telegraf.conf" cfg.config; - - imp = { - - systemd.services.telegraf = { - description = "telegraf"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = true; - - serviceConfig = { - Restart = "always"; - ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}"; - }; - }; - }; - -in out -- cgit v1.2.3 From 2b68541e297fd6fcb67a117c7d816dbcca9e8c64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:09:39 +0100 Subject: l 3 kapacitor: use extraConfig & start as user --- lass/3modules/kapacitor.nix | 188 +++++++++++++++++++++++++------------------- 1 file changed, 109 insertions(+), 79 deletions(-) (limited to 'lass') diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix index 299a56d9..09289081 100644 --- a/lass/3modules/kapacitor.nix +++ b/lass/3modules/kapacitor.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with lib; +with import ; let cfg = config.lass.kapacitor; @@ -11,6 +11,71 @@ let config = mkIf cfg.enable imp; }; + configOptions = recursiveUpdate { + hostname = "localhost"; + data_dir = cfg.dataDir; + http = { + bind-address = ":9092"; + auth-enabled = false; + log-enabled = false; + gtgwrite-tracing = false; + pprof-enabled = false; + https-enabled = false; + https-certificate = "/etc/ssl/kapacitor.pem"; + shutdown-timeout = "10s"; + shared-secret = ""; + }; + + replay ={ + dir = "${cfg.dataDir}/replay"; + }; + + storage = { + boltdb = "${cfg.dataDir}/kapacitor.db"; + }; + + task = { + dir = "${cfg.dataDir}/tasks"; + snapshot-interval = "1m0s"; + }; + + influxdb = [{ + enabled = true; + name = "default"; + default = false; + urls = ["http://localhost:8086"]; + username = ""; + password = ""; + ssl-ca = ""; + ssl-cert = ""; + ssl-key = ""; + insecure-skip-verify = false; + timeout = "0s"; + disable-subscriptions = false; + subscription-protocol = "http"; + udp-bind = ""; + udp-buffer = 1000; + udp-read-buffer = 0; + startup-timeout = "5m0s"; + subscriptions-sync-interval = "1m0s"; + influxdb.excluded-subscriptions = { + _kapacitor = ["autogen"]; + }; + }]; + + logging = { + file = "STDERR"; + level = "INFO"; + }; + + deadman = { + interval = "10s"; + id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"; + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."; + global = false; + }; + } cfg.extraConfig; + api = { enable = mkEnableOption "kapacitor"; dataDir = mkOption { @@ -18,90 +83,54 @@ let default = "/var/lib/kapacitor"; }; user = mkOption { - type = types.str; - default = "kapacitor"; + type = types.user; + default = { + name = "kapacitor"; + home = cfg.dataDir; + }; }; - logLevel = mkOption { - type = types.enum ["DEBUG" "INFO" "WARN" "ERROR" "OFF"]; - default = "INFO"; + group = mkOption { + type = types.group; + default = { + name = "kapacitor"; + }; }; - alarms = mkOption { - type = with types; attrsOf str; + extraConfig = mkOption { + type = types.attrs; default = {}; }; - check_db = mkOption { - type = types.str; - default = "all_data"; - }; - config = mkOption { - type = types.str; - #TODO: find a good default - default = '' - hostname = "localhost" - data_dir = "${cfg.dataDir}" - - [http] - bind-address = ":9092" - auth-enabled = false - log-enabled = true - write-tracing = false - pprof-enabled = false - https-enabled = false - https-certificate = "/etc/ssl/kapacitor.pem" - shutdown-timeout = "10s" - shared-secret = "" - - [replay] - dir = "${cfg.dataDir}/replay" - - [storage] - boltdb = "${cfg.dataDir}/kapacitor.db" - - [task] - dir = "${cfg.dataDir}/tasks" - snapshot-interval = "1m0s" - - [[influxdb]] - enabled = true - name = "default" - default = false - urls = ["http://localhost:8086"] - username = "" - password = "" - ssl-ca = "" - ssl-cert = "" - ssl-key = "" - insecure-skip-verify = false - timeout = "0s" - disable-subscriptions = false - subscription-protocol = "http" - udp-bind = "" - udp-buffer = 1000 - udp-read-buffer = 0 - startup-timeout = "5m0s" - subscriptions-sync-interval = "1m0s" - [influxdb.subscriptions] - [influxdb.excluded-subscriptions] - _kapacitor = ["autogen"] - - [logging] - file = "STDERR" - level = "${cfg.logLevel}" - - [deadman] - interval = "10s" - threshold = 0.0 - id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'" - message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL." - global = false - ''; - description = "configuration kapacitor is started with"; + alarms = mkOption { + type = with types; attrsOf (submodule { + options = { + database = mkOption { + type = str; + }; + text = mkOption { + type = str; + }; + }; + }); + default = {}; }; }; - configFile = pkgs.writeText "kapacitor.conf" cfg.config; + configFile = pkgs.runCommand "kapacitor.toml" {} '' + ${pkgs.remarshal}/bin/remarshal -if json -of toml \ + < ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \ + > $out + ''; imp = { + users = { + groups.${cfg.group.name} = { + inherit (cfg.group) name gid; + }; + users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + group = cfg.group.name; + }; + }; systemd.services.kapacitor = { description = "kapacitor"; @@ -112,6 +141,7 @@ let serviceConfig = { Restart = "always"; + User = cfg.user.name; ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; }; }; @@ -125,13 +155,14 @@ let serviceConfig = { Type = "oneshot"; + User = cfg.user.name; ExecStart = pkgs.writeDash "add_alarms" '' ${pkgs.kapacitor}/bin/kapacitor delete tasks \* ${concatStrings (mapAttrsToList (name: alarm: '' ${pkgs.kapacitor}/bin/kapacitor define ${name} \ -type batch \ - -tick ${pkgs.writeText "${name}.tick" alarm} \ - -dbrp ${cfg.check_db}.default + -tick ${pkgs.writeText "${name}.tick" alarm.text} \ + -dbrp ${alarm.database}.default ${pkgs.kapacitor}/bin/kapacitor enable ${name} '') cfg.alarms)} ''; @@ -139,5 +170,4 @@ let }; }; - in out -- cgit v1.2.3 From f39df4913b225ec67ca0557e3b702323bcb2bf2b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:10:34 +0100 Subject: l 2 monitoring server: use new kapacitor config --- lass/2configs/monitoring/server.nix | 66 ++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 30 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index 505cb7a1..1b556c56 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -22,6 +22,7 @@ with import ; lass.kapacitor = let + db = "telegraf_db"; echoToIrc = pkgs.writeDash "echo_irc" '' set -euf data="$(${pkgs.jq}/bin/jq -r .message)" @@ -31,37 +32,42 @@ with import ; ''; in { enable = true; - check_db = "telegraf_db"; alarms = { - cpu = '' - var data = batch - |query(${"'''"} - SELECT mean("usage_user") AS mean - FROM "${config.lass.kapacitor.check_db}"."default"."cpu" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - data |deadman(1.0,5m) - .stateChangesOnly() - .exec('${echoToIrc}') - ''; - ram = '' - var data = batch - |query(${"'''"} - SELECT mean("used_percent") AS mean - FROM "${config.lass.kapacitor.check_db}"."default"."mem" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - ''; + cpu = { + database = db; + text = '' + var data = batch + |query(${"'''"} + SELECT mean("usage_user") AS mean + FROM "${db}"."default"."cpu" + ${"'''"}) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" > 90) + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + }; + ram = { + database = db; + text = '' + var data = batch + |query(${"'''"} + SELECT mean("used_percent") AS mean + FROM "${db}"."default"."mem" + ${"'''"}) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" > 90) + .exec('${echoToIrc}') + ''; + }; }; }; -- cgit v1.2.3 From 3085d190485d2b4e822bf4a507104ace155c52b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:11:30 +0100 Subject: l 2 monitoring: disable influx http logging --- lass/2configs/monitoring/server.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index 1b556c56..ff6e980c 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -8,6 +8,7 @@ with import ; # meta.logging-enabled = true; http.bind-address = ":8086"; admin.bind-address = ":8083"; + http.log-enabled = false; monitoring = { enabled = false; # write-interval = "24h"; -- cgit v1.2.3 From 73140ed18358e25983b28874c220f8e882e5e95f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:12:21 +0100 Subject: l 2 monitoring server: add kibana + elasticsearch --- lass/2configs/monitoring/server.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index ff6e980c..f3d8026a 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -72,15 +72,28 @@ with import ; }; }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } - { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } - ]; services.grafana = { enable = true; addr = "0.0.0.0"; auth.anonymous.enable = true; security = import ; # { AdminUser = ""; adminPassword = ""} }; + + services.elasticsearch = { + enable = true; + listenAddress = "0.0.0.0"; + }; + + services.kibana = { + enable = true; + listenAddress = "0.0.0.0"; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } + { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; } + ]; } -- cgit v1.2.3 From aaf1f55626f16c7f9dcb681eb2d34743345e0e29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:12:50 +0100 Subject: l 2 monitoring client: add journalbeat --- lass/2configs/monitoring/client.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index b8c24521..e2b7dcae 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -23,4 +23,13 @@ with import ; }; }; }; + + services.journalbeat = { + enable = true; + extraConfig = '' + output.elasticsearch: + hosts: ["prism:9200"] + template.enabled: false + ''; + }; } -- cgit v1.2.3 From 1d26ac7771945590d3c3bc0a6a53b90037c11084 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:13:07 +0100 Subject: l 1 prism: scatter repo-sync timers --- lass/1systems/prism.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index f9654ac4..c0c22a0d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,7 +215,8 @@ in { } { krebs.repo-sync.timerConfig = { - OnCalendar = "*:0/5"; + OnUnitInactiveSec = "5min"; + RandomizedDelaySec = "2min"; }; } { -- cgit v1.2.3 From 69f6bd19714ece1f14fdbbc4314b5b7fe0fada31 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:13:47 +0100 Subject: l 2 newsbot-js: remove some obsolete feeds --- lass/2configs/newsbot-js.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 46ff3fbf..3c6c5dc8 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -10,10 +10,6 @@ let arbor|http://feeds2.feedburner.com/asert/|#news archlinux|http://www.archlinux.org/feeds/news/|#news ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news - asiaone_asia|http://news.asiaone.com/rss/asia|#news - asiaone_business|http://business.asiaone.com/rss.xml|#news - asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news - asiaone_world|http://news.asiaone.com/rss/world|#news augustl|http://augustl.com/atom.xml|#news bbc|http://feeds.bbci.co.uk/news/rss.xml|#news bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag @@ -78,7 +74,6 @@ let heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial hindu|http://www.thehindu.com/?service=rss|#news - hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news ign|http://feeds.ign.com/ign/all|#news independent|http://www.independent.com/rss/headlines/|#news indymedia|http://de.indymedia.org/RSS/newswire.xml|#news -- cgit v1.2.3 From cb044e37e657f3a5c5dad69353b42695f742d65f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:14:35 +0100 Subject: l 1: add iso --- lass/1systems/iso.nix | 152 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 152 insertions(+) create mode 100644 lass/1systems/iso.nix (limited to 'lass') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix new file mode 100644 index 00000000..9dfbf7cb --- /dev/null +++ b/lass/1systems/iso.nix @@ -0,0 +1,152 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + ../../krebs + ../3modules + ../5pkgs + ../2configs/binary-cache/client.nix + ../2configs/mc.nix + ../2configs/nixpkgs.nix + ../2configs/vim.nix + { + krebs.enable = true; + krebs.build.user = config.krebs.users.lass; + krebs.build.host = config.krebs.hosts.iso; + krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; + } + { + nixpkgs.config.allowUnfree = true; + } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.lass-shodan.pubkey + config.krebs.users.lass-icarus.pubkey + ]; + }; + }; + } + { + environment.extraInit = '' + EDITOR=vim + ''; + } + { + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + krebspaste + pciutils + pop + psmisc + q + rs + tmux + untilport + usbutils + + #unpack stuff + p7zip + unzip + unrar + + #data recovery + ddrescue + ntfs3g + dosfstools + ]; + } + { + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' + fi + ''; + }; + } + { + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + } + { + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + } + ]; +} -- cgit v1.2.3 From 54e16f7a9e059991c85098e5e274bbadb8e93497 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:21:25 +0100 Subject: move kapacitor to k 3 --- lass/3modules/default.nix | 1 - lass/3modules/kapacitor.nix | 173 -------------------------------------------- 2 files changed, 174 deletions(-) delete mode 100644 lass/3modules/kapacitor.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index f4a2b456..959c9d1b 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,5 @@ _: ./umts.nix ./usershadow.nix ./xresources.nix - ./kapacitor.nix ]; } diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix deleted file mode 100644 index 09289081..00000000 --- a/lass/3modules/kapacitor.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with builtins; -with import ; - -let - cfg = config.lass.kapacitor; - - out = { - options.lass.kapacitor = api; - config = mkIf cfg.enable imp; - }; - - configOptions = recursiveUpdate { - hostname = "localhost"; - data_dir = cfg.dataDir; - http = { - bind-address = ":9092"; - auth-enabled = false; - log-enabled = false; - gtgwrite-tracing = false; - pprof-enabled = false; - https-enabled = false; - https-certificate = "/etc/ssl/kapacitor.pem"; - shutdown-timeout = "10s"; - shared-secret = ""; - }; - - replay ={ - dir = "${cfg.dataDir}/replay"; - }; - - storage = { - boltdb = "${cfg.dataDir}/kapacitor.db"; - }; - - task = { - dir = "${cfg.dataDir}/tasks"; - snapshot-interval = "1m0s"; - }; - - influxdb = [{ - enabled = true; - name = "default"; - default = false; - urls = ["http://localhost:8086"]; - username = ""; - password = ""; - ssl-ca = ""; - ssl-cert = ""; - ssl-key = ""; - insecure-skip-verify = false; - timeout = "0s"; - disable-subscriptions = false; - subscription-protocol = "http"; - udp-bind = ""; - udp-buffer = 1000; - udp-read-buffer = 0; - startup-timeout = "5m0s"; - subscriptions-sync-interval = "1m0s"; - influxdb.excluded-subscriptions = { - _kapacitor = ["autogen"]; - }; - }]; - - logging = { - file = "STDERR"; - level = "INFO"; - }; - - deadman = { - interval = "10s"; - id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"; - message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."; - global = false; - }; - } cfg.extraConfig; - - api = { - enable = mkEnableOption "kapacitor"; - dataDir = mkOption { - type = types.str; - default = "/var/lib/kapacitor"; - }; - user = mkOption { - type = types.user; - default = { - name = "kapacitor"; - home = cfg.dataDir; - }; - }; - group = mkOption { - type = types.group; - default = { - name = "kapacitor"; - }; - }; - extraConfig = mkOption { - type = types.attrs; - default = {}; - }; - alarms = mkOption { - type = with types; attrsOf (submodule { - options = { - database = mkOption { - type = str; - }; - text = mkOption { - type = str; - }; - }; - }); - default = {}; - }; - }; - - configFile = pkgs.runCommand "kapacitor.toml" {} '' - ${pkgs.remarshal}/bin/remarshal -if json -of toml \ - < ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \ - > $out - ''; - - imp = { - users = { - groups.${cfg.group.name} = { - inherit (cfg.group) name gid; - }; - users.${cfg.user.name} = { - inherit (cfg.user) home name uid; - createHome = true; - group = cfg.group.name; - }; - }; - - systemd.services.kapacitor = { - description = "kapacitor"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = true; - - serviceConfig = { - Restart = "always"; - User = cfg.user.name; - ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; - }; - }; - - systemd.services.kapacitor-alarms = { - description = "kapacitor-alarms"; - after = [ "kapacitor.service" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = true; - - serviceConfig = { - Type = "oneshot"; - User = cfg.user.name; - ExecStart = pkgs.writeDash "add_alarms" '' - ${pkgs.kapacitor}/bin/kapacitor delete tasks \* - ${concatStrings (mapAttrsToList (name: alarm: '' - ${pkgs.kapacitor}/bin/kapacitor define ${name} \ - -type batch \ - -tick ${pkgs.writeText "${name}.tick" alarm.text} \ - -dbrp ${alarm.database}.default - ${pkgs.kapacitor}/bin/kapacitor enable ${name} - '') cfg.alarms)} - ''; - }; - }; - - }; -in out -- cgit v1.2.3 From dc4dcb80d39d0429c108c2b2258d4074eede2122 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Feb 2017 17:44:24 +0100 Subject: l 2 monitoring server: use krebs.kapacitor --- lass/2configs/monitoring/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index f3d8026a..bbae4511 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -21,7 +21,7 @@ with import ; }]; }; - lass.kapacitor = + krebs.kapacitor = let db = "telegraf_db"; echoToIrc = pkgs.writeDash "echo_irc" '' -- cgit v1.2.3 From c12d68c1b41e4b6d5f31b65e4f2be0741b4b1d4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Feb 2017 11:57:21 +0100 Subject: l 2 nixpkgs: f66d782 -> f7b7d8e --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index e7229654..aef9dd8b 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f66d782"; + ref = "f7b7d8e"; }; } -- cgit v1.2.3