mirror of
https://forgejo.altau.su/lego/lego-monitoring.git
synced 2026-03-09 20:31:10 +00:00
101 lines
3 KiB
Nix
101 lines
3 KiB
Nix
package:
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
./options.nix
|
|
];
|
|
|
|
config = let
|
|
cfg = config.services.lego-monitoring;
|
|
json = pkgs.formats.json {};
|
|
toml = pkgs.formats.toml {};
|
|
|
|
# This monstrous incantation has the effect of converting the options to snake_case
|
|
# and removing those that are null (because TOML does not support null values)
|
|
vulnixWhitelistFile = toml.generate "vulnix-whitelist.toml" (lib.attrsets.filterAttrsRecursive (
|
|
k: v: v != null
|
|
) (
|
|
lib.mapAttrs (_: rule: {
|
|
inherit (rule) cve until;
|
|
issue_url = rule.issueUrl;
|
|
}) cfg.checks.vulnix.whitelist
|
|
));
|
|
|
|
serviceConfigFile = json.generate "config.json" {
|
|
enabled_check_sets = cfg.enabledCheckSets;
|
|
log_level = cfg.logLevel;
|
|
alert_channels = {
|
|
telegram = with cfg.alertChannels.telegram; if enable then
|
|
{
|
|
creds_secret_path = credsSecretPath;
|
|
room_id = roomId;
|
|
} else null;
|
|
healthchecks = with cfg.alertChannels.healthchecks; if enable then {
|
|
pinging_keys_secret_path = pingingKeysSecretPath;
|
|
pinging_api_endpoint = pingingApiEndpoint;
|
|
} else null;
|
|
};
|
|
checks = {
|
|
temp.sensors = lib.mapAttrs (_: sensorCfg: {
|
|
|
|
inherit (sensorCfg) name enabled;
|
|
readings = lib.mapAttrs (_: readingCfg: {
|
|
|
|
inherit (readingCfg) label enabled;
|
|
warning_temp = readingCfg.warningTemp;
|
|
critical_temp = readingCfg.criticalTemp;
|
|
|
|
}) sensorCfg.readings;
|
|
|
|
}) cfg.checks.temp.sensors;
|
|
|
|
vulnix.whitelist_path = vulnixWhitelistFile;
|
|
|
|
cpu = with cfg.checks.cpu; {
|
|
warning_percentage = warningPercentage;
|
|
critical_percentage = criticalPercentage;
|
|
};
|
|
|
|
ram = with cfg.checks.ram; {
|
|
warning_percentage = warningPercentage;
|
|
critical_percentage = criticalPercentage;
|
|
};
|
|
|
|
net.interfaces = lib.mapAttrs (_: interfaceCfg: {
|
|
warning_threshold_sent_bytes = interfaceCfg.warningThresholdSentBytes;
|
|
critical_threshold_sent_bytes = interfaceCfg.criticalThresholdSentBytes;
|
|
warning_threshold_recv_bytes = interfaceCfg.warningThresholdRecvBytes;
|
|
critical_threshold_recv_bytes = interfaceCfg.warningThresholdRecvBytes;
|
|
warning_threshold_comb_bytes = interfaceCfg.warningThresholdCombBytes;
|
|
critical_threshold_comb_bytes = interfaceCfg.criticalThresholdCombBytes;
|
|
}) cfg.checks.net.interfaces;
|
|
|
|
ups = with cfg.checks.ups; {
|
|
ups_to_check = upsToCheck;
|
|
};
|
|
};
|
|
};
|
|
in lib.mkIf cfg.enable {
|
|
systemd.services.lego-monitoring = {
|
|
name = "lego-monitoring.service";
|
|
description = "Lego-monitoring service";
|
|
script = "${package}/bin/lego-monitoring -c ${serviceConfigFile}";
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
RestartSec = "5";
|
|
};
|
|
unitConfig = {
|
|
StartLimitIntervalSec = 20;
|
|
StartLimitBurst = 3;
|
|
};
|
|
};
|
|
};
|
|
}
|