2024-04-21 23:20:24 +02:00
5 changed files with 127 additions and 0 deletions
--- a/machines/storage01/prometheus.nix
+++ b/machines/storage01/prometheus.nix
@ -64,6 +64,10 @@ in
          password_file = config.age.secrets."prometheus-uptime-kuma-apikey".path;
        };
      }
      {
        job_name = "hyp01_ups";
        static_configs = [ { targets = [ "100.80.255.180:9199" ]; } ];
      }
    ];
  };
--- a/machines/vault01/_configuration.nix
+++ b/machines/vault01/_configuration.nix
@ -10,6 +10,7 @@ lib.extra.mkConfig {
    # List of services to enable
    "k-radius"
    "networking"
    "ups"
  ];
  extraConfig = {
--- a/machines/vault01/secrets/eatonmon-password_file
+++ b/machines/vault01/secrets/eatonmon-password_file
@ -0,0 +1,30 @@
 age-encryption.org/v1
 -> ssh-ed25519 jIXfPA Ja6ye8ABH4ueCSyJhFGU+TeN8RPVGSeV2IYFljvM7UI
 FcvDIOBcKel4Y6DoMmmTuSCzp+3IrWEqhBO87l26dC8
 -> ssh-ed25519 QlRB9Q g8LVlo+1lgQU8zlCnMj5TjhGIlxiSvB0cDRkjVzY3i8
 gB5qfOtFKhZoOuAtsm3X5E5hHUCI6B3Byet7WnQMQRk
 -> ssh-ed25519 r+nK/Q HKHlHM+cPfRkwWp3bc8A7fov+RT9C+9dvCpd4daHFmI
 EJbSVhuPCwqfijFw4HumpFAg+q+2B4gh4pDHjCf+p94
 -> ssh-rsa krWCLQ
 i6ZVdAWq5siE57dP4vz8JYXGO7QiAqQ3+MPSms5pkPktlgQKZGKk+A5S42lAh1K7
 vILNCuvzrQUO4jUNk9RhRnaDoMLBus0xqQtE5vwTbtqGI4P/M5IttyRQ5PuAHNgc
 QSNDRetp0QvAcx9I9v0LxArxkGtBPUyICLKYYQcyttie4lfQbfu4jyjZ2Bqix8a4
 /jFQ2GZgfIdjxfV+45DU3TCwFx0mDnNzHXZsI7u4qul+Z9tm2fYcIeyXCFK+GLa3
 TUY46IeVElqDpBMIOQbnLXcivpbEQS8LAOvYSIAXUTNKs6WukXktLfo1Juc1YPcV
 vSTcyV9EBV3DfcozPVdy9A
 -> ssh-ed25519 /vwQcQ Obd9qr3rphOc9qK+nhSiR1j0Em1uv6OlKt/e76elEHs
 PjjWoGeDiGVNyvPsQx7KvoO7hRL6wbgNN543tQp0+lQ
 -> ssh-ed25519 0R97PA FPENiklw5FmKS0G0aqF4K8EEfzOSn+xiaDhb1jCm1l8
 fswVo+JUSjAK/6P9XTDCRox14AJ25C2H6dqFTqY+UWk
 -> ssh-ed25519 JGx7Ng CdsdUVx536gu6qYWBJY1jC/zfvuR2vgtDtfI0MJ+mRc
 zgDkkN+N0Ig8D02t7/jS7KxYXToDa45pX8GIb9/8ax0
 -> ssh-ed25519 5SY7Kg chOHq4oZGnaq9xRr2lzDBLI3ID90MC6aunlEWEBpgVw
 ne/EgtRHYbCaiM8RyDJZMPheXhh2Z97zff/zs3oW+mE
 -> ssh-ed25519 p/Mg4Q S3knEgzoT+1sgvAWAdx7sWwoaxlZY2DObgzAoQE/RDc
 IXXxmzYKPvaNqFoJjs2278y4ZOfT3ErmZU3C0Fh7EC4
 -> ssh-ed25519 5rrg4g n1Yz6UWkAx9lJfnx7e2kZWIlZNRvvdl8llZpf4yo8AU
 kcmQ7mklyqGHulC35JY4ZaF6HE+uAWUClA6SapffXeY
 -> ssh-ed25519 +mFdtQ 8UW9TtBphutHIMr5Cq1rfMBo2h/VgIAL5YsH4FrCU0U
 F+ouCDOo9SyuIomV2Qmgv0gBBKukgHNmqLCJWH3+hfA
 --- fwMG1ZjFgN0FFKM0KgSoJR+Zttxkwz+GBKasO0EXBn4
 +<2B>šG[þ¿ÐŠeê*Ž*B·`–jVÈ¥ËäÿˆïÜÖ@MI×žé4y<02>tÐ|½¤ã)¬¥^¸V)q<1F>àÿI7>ÚI%R®x/â¯êÏü <20>	ò_](]Œ5øŠ··Ô<C2B7>ñòªÛò‘OBÄËáøŽ˜“Œr xIM‰—«]ïÂÖÇ|.nçzÄ
oñNº„Ø‚;h%Ù
¤."¦ö
--- a/machines/vault01/secrets/secrets.nix
+++ b/machines/vault01/secrets/secrets.nix
@ -9,4 +9,5 @@ lib.setDefault { inherit publicKeys; } [
  "radius-dh_pem_file"
  "radius-key_pem_file"
  "radius-private_key_password_file"
  "eatonmon-password_file"
 ]
--- a/machines/vault01/ups.nix
+++ b/machines/vault01/ups.nix
@ -0,0 +1,91 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  power.ups = {
    enable = true;
    ups.eaton = {
      driver = "usbhid-ups";
      port = "auto";
    };
    upsmon.enable = false;
    users.eatonmon = {
      passwordFile = config.age.secrets."eatonmon-password_file".path;
      upsmon = "primary";
    };
    upsmon.monitor.eaton = {
      user = "eatonmon";
    };
    schedulerRules =
      let
        cmdScript = pkgs.writeShellApplication {
          name = "upssched-cmd.sh";
          runtimeInputs = with pkgs; [
            systemd
            msmtp
          ];
          text = ''
            case $1 in
              shutdown-low) MEANING="Battery is low, shutting down.";;
              shutdown-batt) MEANING="On battery for 15min, shutting down.";;
              warn-batt) MEANING="Power line faillure, going on battery.";;
              warn-comm) MEANING="Communication with the UPS was broken.";;
              warn-bypass) MEANING="The UPS is not protecting the server, power line failure would kill $HOSTNAME instantly.";;
              *) MEANING="Signal unknown, check configuration.";;
            esac
            sendmail -i -t <<ERRMAIL
            To: fai+monitoring@dgnum.eu
            Subject: [$HOSTNAME] Battery signal: $1
            Content-Transfer-Encoding: 8bit
            Content-Type: text/plain; charset=UTF-8
            $MEANING
            ERRMAIL
            case $1 in
              shutdown-*) shutdown 20s # let 20s to send the email
            esac
          '';
        };
      in
      (pkgs.writeTextFile {
        name = "upssched.conf";
        text = ''
          CMDSCRIPT ${lib.getExe cmdScript}
          PIPEFN /var/state/ups/upssched/upssched.pipe
          LOCKFN /var/state/ups/upssched/upssched.lock
          AT LOWBATT * EXECUTE shutdown-low
          AT ONBATT * EXECUTE warn-batt
          AT ONBATT * START-TIMER shutdown-batt 900
          AT ONLINE * CANCEL-TIMER shutdown-batt
          AT COMMBAD * EXECUTE warn-comm
          AT NOCOMM * EXECUTE warn-comm
          AT BYPASS * EXECUTE warn-bypass
        '';
      }).outPath;
  };
  systemd.tmpfiles.settings."10-upsmon" =
    let
      root = {
        user = "root";
        group = "root";
        mode = "0600";
      };
    in
    {
      "/var/state/ups/upssched".d = root // {
        mode = "0700";
      };
      "/var/state/ups/upssched/upssched.pipe".p = root;
    };
  services.prometheus.exporters.nut = {
    enable = true;
    listenAddress = "100.80.255.180";
    port = 9199;
  };
 }