diff options
Diffstat (limited to 'makefu/2configs')
| -rw-r--r-- | makefu/2configs/git/brain-retiolum.nix | 67 | ||||
| -rw-r--r-- | makefu/2configs/logging/central-stats-server.nix | 36 |
2 files changed, 36 insertions, 67 deletions
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix deleted file mode 100644 index b637ca039..000000000 --- a/makefu/2configs/git/brain-retiolum.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import <stockholm/lib>; -let - - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - - krebs-repos = mapAttrs make-krebs-repo { - brain = { }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - pass = { }; - }; - - # TODO move users to separate module - make-priv-repo = name: { ... }: { - inherit name; - public = false; - }; - - make-krebs-repo = with git; name: { ... }: { - inherit name; - public = false; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - channel = "#retiolum"; - # TODO remove the hardcoded hostname - server = "ni.r"; - }; - }; - }; - - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - - set-ro-access = with git; repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - - priv-rules = repo: set-owners repo all-makefu; - - krebs-rules = repo: - set-owners repo all-makefu ++ set-ro-access repo krebsminister; - -in { - imports = [ ]; - krebs.git = { - enable = true; - cgit.enable = false; - inherit repos rules; - }; -} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 69e37e493..d4e73ab79 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -6,6 +6,9 @@ let influx-port = 8086; grafana-port = 3000; # TODO nginx forward in { + imports = [ + ../../lass/3modules/kapacitor.nix + ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -28,6 +31,39 @@ in { port = collectd-port; }]; }; + lass.kapacitor = + let + echoToIrc = pkgs.writeDash "echo_irc" '' + set -euf + data="$(${pkgs.jq}/bin/jq -r .message)" + export LOGNAME=malarm + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ''; + in { + enable = true; + alarms = { + cpu_deadman = '' + var data = batch + |query(''' + SELECT mean("value") AS mean + FROM "collectd_db"."default"."cpu_value" + WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0) + ''') + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" < 50) + .stateChangesOnly() + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + }; + + }; networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT |