l 2 monitoring: introduce {client,server}.nix

2017-01-30 22:56:43 +01:00 · 2017-01-30 22:56:43 +01:00 · 1d2c058d78
parent f0a345d79b
commit 1d2c058d78
2 changed files with 91 additions and 0 deletions
--- a/lass/2configs/monitoring/client.nix
+++ b/lass/2configs/monitoring/client.nix
@ -0,0 +1,32 @@
 {pkgs, config, ...}:
 with import <stockholm/lib>;
 {
  lass.telegraf = {
    enable = true;
    outputs = ''
      [outputs.influxdb]
        urls = ["http://prism:8086"]
        database = "all_data"
        user_agent = "telegraf"
    '';
    inputs = [
      ''
        [cpu]
          percpu = false
          totalcpu = true
          drop = ["cpu_time"]
      ''
      ''
        [[inputs.mem]]
      ''
      ''
        [[inputs.ping]]
        urls = ["8.8.8.8"]
      ''
    ];
  };
  systemd.services.telegraf.path = with pkgs; [
    iputils
    lm_sensors
  ];
 }
--- a/lass/2configs/monitoring/server.nix
+++ b/lass/2configs/monitoring/server.nix
@ -0,0 +1,59 @@
 {pkgs, config, ...}:
 with import <stockholm/lib>;
 {
  services.influxdb = {
    enable = true;
  };
  services.influxdb.extraConfig = {
    meta.hostname = config.krebs.build.host.name;
    # meta.logging-enabled = true;
    http.bind-address = ":8086";
    admin.bind-address = ":8083";
    monitoring = {
      enabled = false;
      # write-interval = "24h";
    };
  };
  lass.kapacitor =
    let
      echoToIrc = pkgs.writeDash "echo_irc" ''
        set -euf
        data="$(${pkgs.jq}/bin/jq -r .message)"
        export LOGNAME=prism-alarm
        ${pkgs.irc-announce}/bin/irc-announce \
          irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
      '';
    in {
      enable = true;
      alarms = {
        test2 = ''
          batch
            |query(${"'''"}
              SELECT mean("usage_user") AS mean
              FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
            ${"'''"})
            .every(3m)
            .period(1m)
            .groupBy('host')
            |alert()
              .crit(lambda: "mean" >  90)
              // Whenever we get an alert write it to a file.
              .log('/tmp/alerts.log')
              .exec('${echoToIrc}')
        '';
      };
  };
  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
    { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
  ];
  services.grafana = {
    enable = true;
    addr = "0.0.0.0";
    auth.anonymous.enable = true;
    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
  };
 }