l 2 monitoring: introduce {client,server}.nix

2017-01-30 22:56:43 +01:00 · 2017-01-30 22:56:43 +01:00 · 1d2c058d78
commit 1d2c058d78
parent f0a345d79b
2 changed files with 91 additions and 0 deletions
--- a/lass/2configs/monitoring/client.nix
+++ b/lass/2configs/monitoring/client.nix
@ -0,0 +1,32 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+{
+  lass.telegraf = {
+    enable = true;
+    outputs = ''
+      [outputs.influxdb]
+        urls = ["http://prism:8086"]
+        database = "all_data"
+        user_agent = "telegraf"
+    '';
+    inputs = [
+      ''
+        [cpu]
+          percpu = false
+          totalcpu = true
+          drop = ["cpu_time"]
+      ''
+      ''
+        [[inputs.mem]]
+      ''
+      ''
+        [[inputs.ping]]
+        urls = ["8.8.8.8"]
+      ''
+    ];
+  };
+  systemd.services.telegraf.path = with pkgs; [
+    iputils
+    lm_sensors
+  ];
+}
--- a/lass/2configs/monitoring/server.nix
+++ b/lass/2configs/monitoring/server.nix
@ -0,0 +1,59 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+{
+  services.influxdb = {
+    enable = true;
+  };
+
+  services.influxdb.extraConfig = {
+    meta.hostname = config.krebs.build.host.name;
+    # meta.logging-enabled = true;
+    http.bind-address = ":8086";
+    admin.bind-address = ":8083";
+    monitoring = {
+      enabled = false;
+      # write-interval = "24h";
+    };
+  };
+
+  lass.kapacitor =
+    let
+      echoToIrc = pkgs.writeDash "echo_irc" ''
+        set -euf
+        data="$(${pkgs.jq}/bin/jq -r .message)"
+        export LOGNAME=prism-alarm
+        ${pkgs.irc-announce}/bin/irc-announce \
+          irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
+      '';
+    in {
+      enable = true;
+      alarms = {
+        test2 = ''
+          batch
+            |query(${"'''"}
+              SELECT mean("usage_user") AS mean
+              FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
+            ${"'''"})
+            .every(3m)
+            .period(1m)
+            .groupBy('host')
+            |alert()
+              .crit(lambda: "mean" >  90)
+              // Whenever we get an alert write it to a file.
+              .log('/tmp/alerts.log')
+              .exec('${echoToIrc}')
+        '';
+      };
+  };
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
+    { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
+  ];
+  services.grafana = {
+    enable = true;
+    addr = "0.0.0.0";
+    auth.anonymous.enable = true;
+    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+  };
+}