feat(ups): monitoring de l'onduleur #97
|
@ -64,6 +64,10 @@ in
|
|||
password_file = config.age.secrets."prometheus-uptime-kuma-apikey".path;
|
||||
};
|
||||
}
|
||||
{
|
||||
job_name = "hyp01_ups";
|
||||
static_configs = [ { targets = [ "100.80.255.180:9199" ]; } ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ lib.extra.mkConfig {
|
|||
# List of services to enable
|
||||
"k-radius"
|
||||
"networking"
|
||||
"ups"
|
||||
];
|
||||
|
||||
extraConfig = {
|
||||
|
|
30
machines/vault01/secrets/eatonmon-password_file
Normal file
|
@ -0,0 +1,30 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA Ja6ye8ABH4ueCSyJhFGU+TeN8RPVGSeV2IYFljvM7UI
|
||||
FcvDIOBcKel4Y6DoMmmTuSCzp+3IrWEqhBO87l26dC8
|
||||
-> ssh-ed25519 QlRB9Q g8LVlo+1lgQU8zlCnMj5TjhGIlxiSvB0cDRkjVzY3i8
|
||||
gB5qfOtFKhZoOuAtsm3X5E5hHUCI6B3Byet7WnQMQRk
|
||||
-> ssh-ed25519 r+nK/Q HKHlHM+cPfRkwWp3bc8A7fov+RT9C+9dvCpd4daHFmI
|
||||
EJbSVhuPCwqfijFw4HumpFAg+q+2B4gh4pDHjCf+p94
|
||||
-> ssh-rsa krWCLQ
|
||||
i6ZVdAWq5siE57dP4vz8JYXGO7QiAqQ3+MPSms5pkPktlgQKZGKk+A5S42lAh1K7
|
||||
vILNCuvzrQUO4jUNk9RhRnaDoMLBus0xqQtE5vwTbtqGI4P/M5IttyRQ5PuAHNgc
|
||||
QSNDRetp0QvAcx9I9v0LxArxkGtBPUyICLKYYQcyttie4lfQbfu4jyjZ2Bqix8a4
|
||||
/jFQ2GZgfIdjxfV+45DU3TCwFx0mDnNzHXZsI7u4qul+Z9tm2fYcIeyXCFK+GLa3
|
||||
TUY46IeVElqDpBMIOQbnLXcivpbEQS8LAOvYSIAXUTNKs6WukXktLfo1Juc1YPcV
|
||||
vSTcyV9EBV3DfcozPVdy9A
|
||||
-> ssh-ed25519 /vwQcQ Obd9qr3rphOc9qK+nhSiR1j0Em1uv6OlKt/e76elEHs
|
||||
PjjWoGeDiGVNyvPsQx7KvoO7hRL6wbgNN543tQp0+lQ
|
||||
-> ssh-ed25519 0R97PA FPENiklw5FmKS0G0aqF4K8EEfzOSn+xiaDhb1jCm1l8
|
||||
fswVo+JUSjAK/6P9XTDCRox14AJ25C2H6dqFTqY+UWk
|
||||
-> ssh-ed25519 JGx7Ng CdsdUVx536gu6qYWBJY1jC/zfvuR2vgtDtfI0MJ+mRc
|
||||
zgDkkN+N0Ig8D02t7/jS7KxYXToDa45pX8GIb9/8ax0
|
||||
-> ssh-ed25519 5SY7Kg chOHq4oZGnaq9xRr2lzDBLI3ID90MC6aunlEWEBpgVw
|
||||
ne/EgtRHYbCaiM8RyDJZMPheXhh2Z97zff/zs3oW+mE
|
||||
-> ssh-ed25519 p/Mg4Q S3knEgzoT+1sgvAWAdx7sWwoaxlZY2DObgzAoQE/RDc
|
||||
IXXxmzYKPvaNqFoJjs2278y4ZOfT3ErmZU3C0Fh7EC4
|
||||
-> ssh-ed25519 5rrg4g n1Yz6UWkAx9lJfnx7e2kZWIlZNRvvdl8llZpf4yo8AU
|
||||
kcmQ7mklyqGHulC35JY4ZaF6HE+uAWUClA6SapffXeY
|
||||
-> ssh-ed25519 +mFdtQ 8UW9TtBphutHIMr5Cq1rfMBo2h/VgIAL5YsH4FrCU0U
|
||||
F+ouCDOo9SyuIomV2Qmgv0gBBKukgHNmqLCJWH3+hfA
|
||||
--- fwMG1ZjFgN0FFKM0KgSoJR+Zttxkwz+GBKasO0EXBn4
|
||||
+<2B>šG[þ¿ÐŠeê*Ž*B·`–jVÈ¥ËäÿˆïÜÖ@MIמé4y<02>tÐ|½¤ã)¬¥^¸V)q<1F>àÿI7>ÚI%R®x/â¯êÏü <20> ò_](]Œ5øŠ··Ô<C2B7>ñòªÛò‘OBÄËáøŽ˜“Œr xIM‰—«]ïÂÖÇ|.nçzÄ
oñNº„Ø‚;h%Ù
¤."¦ö
|
|
@ -9,4 +9,5 @@ lib.setDefault { inherit publicKeys; } [
|
|||
"radius-dh_pem_file"
|
||||
"radius-key_pem_file"
|
||||
"radius-private_key_password_file"
|
||||
"eatonmon-password_file"
|
||||
]
|
||||
|
|
91
machines/vault01/ups.nix
Normal file
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
lbailly marked this conversation as resolved
Outdated
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
lbailly marked this conversation as resolved
Outdated
thubrecht
commented
```diff
ups.eaton = {
```
|
||||
}:
|
||||
{
|
||||
power.ups = {
|
||||
enable = true;
|
||||
ups.eaton = {
|
||||
lbailly marked this conversation as resolved
Outdated
thubrecht
commented
Y'a pas besoin de quotes pour le username, et les majscules c'est chelou je mettrai Y'a pas besoin de quotes pour le username, et les majscules c'est chelou je mettrai `eatonmon` plutôt
lbailly
commented
Perso j'aime bien mettre les clefs des attrsOf en quotes pour bien voir que c'est pas un truc du module mais as you want Perso j'aime bien mettre les clefs des attrsOf en quotes pour bien voir que c'est pas un truc du module mais as you want
|
||||
driver = "usbhid-ups";
|
||||
port = "auto";
|
||||
};
|
||||
upsmon.enable = false;
|
||||
lbailly marked this conversation as resolved
Outdated
thubrecht
commented
Pareil, pas besoin de quotes pour Pareil, pas besoin de quotes pour `eaton`
|
||||
users.eatonmon = {
|
||||
passwordFile = config.age.secrets."eatonmon-password_file".path;
|
||||
upsmon = "primary";
|
||||
};
|
||||
upsmon.monitor.eaton = {
|
||||
user = "eatonmon";
|
||||
};
|
||||
schedulerRules =
|
||||
let
|
||||
cmdScript = pkgs.writeShellApplication {
|
||||
name = "upssched-cmd.sh";
|
||||
runtimeInputs = with pkgs; [
|
||||
systemd
|
||||
msmtp
|
||||
];
|
||||
text = ''
|
||||
case $1 in
|
||||
mdebray marked this conversation as resolved
Outdated
mdebray
commented
`pkgs.writeShellApplication` est approprié ici (pour avoir de l'analyse statique du script bash)
|
||||
shutdown-low) MEANING="Battery is low, shutting down.";;
|
||||
shutdown-batt) MEANING="On battery for 15min, shutting down.";;
|
||||
mdebray marked this conversation as resolved
Outdated
mdebray
commented
Il me semble que mettre ça dans le state directory de upsmon ( Il me semble que mettre ça dans le state directory de upsmon (`/var/lib/upsmon`) évite d'avoir besoin des tmpfiles.
lbailly
commented
Le dossier existe pas non plus, et pour des raison de sécurité on veut qu'il soit en 0700 (pas sur que la raison s'applique à nixos mais au cas où https://networkupstools.org/docs/man/upssched.conf.html), donc tmpfiles fait bien le taff Le dossier existe pas non plus, et pour des raison de sécurité on veut qu'il soit en 0700 (pas sur que la raison s'applique à nixos mais au cas où https://networkupstools.org/docs/man/upssched.conf.html), donc tmpfiles fait bien le taff
Pour l'endroit, j'ai juste pris le dossier qu'il proposait par défaut
mdebray
commented
ok ok
|
||||
warn-batt) MEANING="Power line faillure, going on battery.";;
|
||||
warn-comm) MEANING="Communication with the UPS was broken.";;
|
||||
lbailly marked this conversation as resolved
Outdated
mdebray
commented
`fai+monitoring@dgnum.eu` plutôt
|
||||
warn-bypass) MEANING="The UPS is not protecting the server, power line failure would kill $HOSTNAME instantly.";;
|
||||
*) MEANING="Signal unknown, check configuration.";;
|
||||
esac
|
||||
sendmail -i -t <<ERRMAIL
|
||||
To: fai+monitoring@dgnum.eu
|
||||
Subject: [$HOSTNAME] Battery signal: $1
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
|
||||
$MEANING
|
||||
ERRMAIL
|
||||
|
||||
case $1 in
|
||||
shutdown-*) shutdown 20s # let 20s to send the email
|
||||
lbailly marked this conversation as resolved
Outdated
thubrecht
commented
```
CMDSCRIPT ${lib.getExe cmdScript}
```
|
||||
esac
|
||||
'';
|
||||
};
|
||||
in
|
||||
(pkgs.writeTextFile {
|
||||
name = "upssched.conf";
|
||||
text = ''
|
||||
CMDSCRIPT ${lib.getExe cmdScript}
|
||||
PIPEFN /var/state/ups/upssched/upssched.pipe
|
||||
LOCKFN /var/state/ups/upssched/upssched.lock
|
||||
AT LOWBATT * EXECUTE shutdown-low
|
||||
AT ONBATT * EXECUTE warn-batt
|
||||
AT ONBATT * START-TIMER shutdown-batt 900
|
||||
AT ONLINE * CANCEL-TIMER shutdown-batt
|
||||
thubrecht marked this conversation as resolved
Outdated
thubrecht
commented
Tu peux inline les rules je pense, et le Tu peux inline les rules je pense, et le `outPath` n'est pas nécessaire
lbailly
commented
il est nécessaire car sinon ça évalue pas à cause de > le `outPath` n'est pas nécessaire
il est nécessaire car sinon ça évalue pas à cause de [`power.ups.schedulerRules`](https://search.nixos.org/options?channel=unstable&show=power.ups.schedulerRules&from=0&size=50&sort=relevance&type=packages&query=power.ups) qui demande un string et pas un path, donc la dérivation se transforme pas auto dans le bon type
|
||||
AT COMMBAD * EXECUTE warn-comm
|
||||
AT NOCOMM * EXECUTE warn-comm
|
||||
AT BYPASS * EXECUTE warn-bypass
|
||||
'';
|
||||
}).outPath;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-upsmon" =
|
||||
let
|
||||
root = {
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0600";
|
||||
};
|
||||
in
|
||||
{
|
||||
"/var/state/ups/upssched".d = root // {
|
||||
mode = "0700";
|
||||
};
|
||||
"/var/state/ups/upssched/upssched.pipe".p = root;
|
||||
};
|
||||
|
||||
services.prometheus.exporters.nut = {
|
||||
enable = true;
|
||||
listenAddress = "100.80.255.180";
|
||||
port = 9199;
|
||||
};
|
||||
}
|
Le
lib
c'est pour legetExe
d'ensuite