# Nagios system/network monitoring daemon.
{config, pkgs, ...}:
###### interface
let
inherit (pkgs.lib) mkOption;
options = {
services = {
nagios = {
enable = mkOption {
default = false;
description = "
Whether to use Nagios to monitor
your system or network.
";
};
objectDefs = mkOption {
description = "
A list of Nagios object configuration files that must define
the hosts, host groups, services and contacts for the
network that you want Nagios to monitor.
";
};
plugins = mkOption {
default = [pkgs.nagiosPluginsOfficial pkgs.ssmtp];
description = "
Packages to be added to the Nagios PATH.
Typically used to add plugins, but can be anything.
";
};
enableWebInterface = mkOption {
default = false;
description = "
Whether to enable the Nagios web interface. You should also
enable Apache ().
";
};
urlPath = mkOption {
default = "/nagios";
description = "
The URL path under which the Nagios web interface appears.
That is, you can access the Nagios web interface through
http://server/urlPath.
";
};
};
};
};
in
###### implementation
let
cfg = config.services.nagios;
inherit (pkgs.lib) mkIf mkThenElse;
nagiosUser = "nagios";
nagiosGroup = "nogroup";
nagiosState = "/var/lib/nagios";
nagiosLogDir = "/var/log/nagios";
nagiosObjectDefs = [
./timeperiods.cfg
./host-templates.cfg
./service-templates.cfg
./commands.cfg
] ++ cfg.objectDefs;
nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
"ensureDir $out; ln -s $nagiosObjectDefs $out/";
nagiosCfgFile = pkgs.writeText "nagios.cfg" "
# Paths for state and logs.
log_file=${nagiosLogDir}/current
log_archive_path=${nagiosLogDir}/archive
status_file=${nagiosState}/status.dat
object_cache_file=${nagiosState}/objects.cache
comment_file=${nagiosState}/comment.dat
downtime_file=${nagiosState}/downtime.dat
temp_file=${nagiosState}/nagios.tmp
lock_file=/var/run/nagios.lock # Not used I think.
state_retention_file=${nagiosState}/retention.dat
# Configuration files.
#resource_file=resource.cfg
cfg_dir=${nagiosObjectDefsDir}
# Uid/gid that the daemon runs under.
nagios_user=${nagiosUser}
nagios_group=${nagiosGroup}
# Misc. options.
illegal_macro_output_chars=`~$&|'\"<>
retain_state_information=1
";
# Plain configuration for the Nagios web-interface with no
# authentication.
nagiosCGICfgFile = pkgs.writeText "nagios.cgi.conf" "
main_config_file=${nagiosCfgFile}
use_authentication=0
url_html_path=/nagios
";
urlPath = cfg.urlPath;
extraHttpdConfig = "
ScriptAlias ${urlPath}/cgi-bin ${pkgs.nagios}/sbin
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
SetEnv NAGIOS_CGI_CONFIG ${nagiosCGICfgFile}
Alias ${urlPath} ${pkgs.nagios}/share
Options None
AllowOverride None
Order allow,deny
Allow from all
";
user = {
name = nagiosUser;
uid = (import ../../system/ids.nix).uids.nagios;
description = "Nagios monitoring daemon";
home = nagiosState;
};
job = {
name = "nagios";
# Run `nagios -v' to check the validity of the configuration file so
# that a nixos-rebuild fails *before* we kill the running Nagios
# daemon.
buildHook = "${pkgs.nagios}/bin/nagios -v ${nagiosCfgFile}";
job = "
description \"Nagios monitoring daemon\"
start on network-interfaces/started
stop on network-interfaces/stop
start script
mkdir -m 0755 -p ${nagiosState} ${nagiosLogDir}
chown ${nagiosUser} ${nagiosState} ${nagiosLogDir}
end script
respawn
script
for i in ${toString config.services.nagios.plugins}; do
export PATH=$i/bin:$i/sbin:$i/libexec:$PATH
done
exec ${pkgs.nagios}/bin/nagios ${nagiosCfgFile}
end script
";
};
in
mkIf cfg.enable {
require = [
../../upstart-jobs/default.nix # config.services.extraJobs
# ../../system/user.nix # users = { .. }
# ? # config.environment.etc
# ? # config.environment.extraPackages
# ../../upstart-jobs/httpd.nix # config.services.httpd
options
];
environment = {
# This isn't needed, it's just so that the user can type "nagiostats
# -c /etc/nagios.cfg".
etc = [
{ source = nagiosCfgFile;
target = "nagios.cfg";
}
];
extraPackages = [pkgs.nagios];
};
users = {
extraUsers = [user];
};
services = {
extraJobs = [job];
httpd = mkIf cfg.enableWebInterface {
extraConfig = mkThenElse {
thenPart = extraHttpdConfig;
elsePart = "";
};
};
};
}