xin/monitoring/default.nix

{ config, lib, ... }:
with lib;
let
  cfg = config.services.xin-monitoring;
  inherit (builtins)
    readFile concatStringsSep attrValues mapAttrs replaceStrings;

  nginxCfg = config.services.nginx;
  buildFSChecker = fsList:
    (concatStringsSep "\n" (attrValues (mapAttrs (f: v:
      if v.fsType != "sshfs" then ''
        check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}
           if space usage > 90% then alert
           if inode usage > 90% then alert
      '' else
        "") fsList)));
  buildNginxChecker = vhostList:
    (concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''
      check host ${f} with address ${f}
          if failed port 80 protocol http then alert
          ${
            if v.enableACME then
              "if failed port 443 protocol https then alert"
            else
              ""
          }
    '') vhostList)));
  nginxChecks = if nginxCfg.enable then
    if config.networking.hostName == "h" then
      (buildNginxChecker nginxCfg.virtualHosts)
    else
      ""
  else
    "";

in {
  options = {
    services.xin-monitoring = {
      enable = mkOption {
        type = types.bool;
        default = true;
        description = "Enable Monitoring";
      };
      fs = mkOption {
        type = types.bool;
        default = true;
        description = ''
          Create monitoring entry points from `config.fileSystems`.
        '';
      };
      nginx = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Create monitoring entry points from `services.nginx.virtualHosts`.
        '';
      };
    };
  };
  config = mkIf cfg.enable {
    sops.secrets = {
      monit_cfg = {
        sopsFile = config.xin-secrets.deploy;
        owner = "root";
        mode = "400";
      };
    };
    services.monit = {
      enable = true;
      config = concatStrings [
        (readFile ./monitrc)
        (optionalString cfg.fs (buildFSChecker config.fileSystems))
        (optionalString cfg.nginx nginxChecks)
      ];
    };
  };
}
monitoring: optionify config 2023-04-07 21:47:00 -06:00			`{ config, lib, ... }:`
			`with lib;`
monitoring: build fs list from config 2023-03-29 09:00:55 -06:00			`let`
monitoring: optionify config 2023-04-07 21:47:00 -06:00			`cfg = config.services.xin-monitoring;`
monitoring: build fs list from config 2023-03-29 09:00:55 -06:00			`inherit (builtins)`
			`readFile concatStringsSep attrValues mapAttrs replaceStrings;`
all: enable monitoring with monit 2023-03-29 08:01:58 -06:00
monitoring: add nginx builder for monitoring, use it on h 2023-03-29 10:54:41 -06:00			`nginxCfg = config.services.nginx;`
			`buildFSChecker = fsList:`
monitoring: ignore sshfs filesystems 2023-06-25 05:37:36 -06:00			`(concatStringsSep "\n" (attrValues (mapAttrs (f: v:`
			`if v.fsType != "sshfs" then ''`
			`check filesystem ${replaceStrings [ "/" ] [ "_" ] f} with path ${f}`
			`if space usage > 90% then alert`
			`if inode usage > 90% then alert`
			`'' else`
			`"") fsList)));`
monitoring: add nginx builder for monitoring, use it on h 2023-03-29 10:54:41 -06:00			`buildNginxChecker = vhostList:`
			`(concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''`
			`check host ${f} with address ${f}`
			`if failed port 80 protocol http then alert`
			`${`
			`if v.enableACME then`
			`"if failed port 443 protocol https then alert"`
			`else`
			`""`
			`}`
			`'') vhostList)));`
			`nginxChecks = if nginxCfg.enable then`
			`if config.networking.hostName == "h" then`
			`(buildNginxChecker nginxCfg.virtualHosts)`
			`else`
			`""`
			`else`
			`"";`

monitoring: build fs list from config 2023-03-29 09:00:55 -06:00			`in {`
monitoring: optionify config 2023-04-07 21:47:00 -06:00			`options = {`
			`services.xin-monitoring = {`
			`enable = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = "Enable Monitoring";`
			`};`
			`fs = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = ''`
			Create monitoring entry points from `config.fileSystems`.
			`'';`
			`};`
			`nginx = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			Create monitoring entry points from `services.nginx.virtualHosts`.
			`'';`
			`};`
			`};`
			`};`
			`config = mkIf cfg.enable {`
all: enable monitoring with monit 2023-03-29 08:01:58 -06:00			`sops.secrets = {`
			`monit_cfg = {`
			`sopsFile = config.xin-secrets.deploy;`
			`owner = "root";`
			`mode = "400";`
			`};`
			`};`
			`services.monit = {`
			`enable = true;`
monitoring: optionify config 2023-04-07 21:47:00 -06:00			`config = concatStrings [`
			`(readFile ./monitrc)`
			`(optionalString cfg.fs (buildFSChecker config.fileSystems))`
			`(optionalString cfg.nginx nginxChecks)`
			`];`
all: enable monitoring with monit 2023-03-29 08:01:58 -06:00			`};`
			`};`
			`}`