infrastructure/machines/nixos/vault01/ups.nix

103 lines
2.7 KiB
Nix
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2024 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
2024-04-21 15:36:46 +02:00
{
config,
lib,
pkgs,
meta,
name,
2024-04-21 15:36:46 +02:00
...
}:
2024-04-19 21:10:14 +02:00
{
power.ups = {
enable = true;
2024-04-21 15:36:46 +02:00
ups.eaton = {
2024-04-19 21:10:14 +02:00
driver = "usbhid-ups";
port = "auto";
};
2024-04-21 15:36:46 +02:00
users.eatonmon = {
2024-04-20 00:40:44 +02:00
passwordFile = config.age.secrets."eatonmon-password_file".path;
upsmon = "primary";
};
2024-04-21 15:36:46 +02:00
upsmon.monitor.eaton = {
user = "eatonmon";
};
schedulerRules =
let
cmdScript = pkgs.writeShellApplication {
name = "upssched-cmd.sh";
2024-04-20 15:06:49 +02:00
runtimeInputs = with pkgs; [
systemd
msmtp
];
text = ''
case $1 in
shutdown-low) MEANING="Battery is low, shutting down.";;
2024-04-20 15:06:49 +02:00
shutdown-batt) MEANING="On battery for 15min, shutting down.";;
warn-batt) MEANING="Power line faillure, going on battery.";;
warn-comm) MEANING="Communication with the UPS was broken.";;
warn-bypass) MEANING="The UPS is not protecting the server, power line failure would kill $HOSTNAME instantly.";;
*) MEANING="Signal unknown, check configuration.";;
2024-04-20 15:06:49 +02:00
esac
sendmail -i -t <<ERRMAIL
2024-04-21 15:36:46 +02:00
To: fai+monitoring@dgnum.eu
2024-04-20 15:06:49 +02:00
Subject: [$HOSTNAME] Battery signal: $1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
$MEANING
ERRMAIL
case $1 in
shutdown-*) shutdown 20s # let 20s to send the email
esac
'';
};
2024-04-21 15:36:46 +02:00
in
(pkgs.writeTextFile {
name = "upssched.conf";
text = ''
CMDSCRIPT ${lib.getExe cmdScript}
PIPEFN /var/state/ups/upssched/upssched.pipe
LOCKFN /var/state/ups/upssched/upssched.lock
2024-04-20 15:06:49 +02:00
AT LOWBATT * EXECUTE shutdown-low
AT ONBATT * EXECUTE warn-batt
AT ONBATT * START-TIMER shutdown-batt 900
AT ONLINE * CANCEL-TIMER shutdown-batt
AT COMMBAD * EXECUTE warn-comm
AT NOCOMM * EXECUTE warn-comm
AT BYPASS * EXECUTE warn-bypass
'';
}).outPath;
2024-04-19 21:10:14 +02:00
};
systemd.tmpfiles.settings."10-upsmon" =
let
root = {
user = "root";
group = "root";
mode = "0600";
};
in
{
"/var/state/ups/upssched".d = root // {
mode = "0700";
};
"/var/state/ups/upssched/upssched.pipe".p = root;
};
2024-04-19 23:30:26 +02:00
services.prometheus.exporters.nut = {
enable = true;
listenAddress = meta.network.${name}.netbirdIp;
2024-04-19 23:30:26 +02:00
port = 9199;
};
networking.firewall.interfaces.wt0.allowedTCPPorts = [ 9199 ];
2024-04-19 21:10:14 +02:00
}