2024-04-21 23:20:24 +02:00 · 2024-04-20 15:27:06 +02:00 · 2024-04-20 15:27:39 +02:00 · 2024-04-20 15:22:45 +02:00 · 2024-04-21 15:42:33 +02:00 · 2024-04-20 15:23:04 +02:00
5 changed files with 127 additions and 0 deletions
--- a/machines/storage01/prometheus.nix
+++ b/machines/storage01/prometheus.nix
@ -64,6 +64,10 @@ in
          password_file = config.age.secrets."prometheus-uptime-kuma-apikey".path;
        };
      }
+      {
+        job_name = "hyp01_ups";
+        static_configs = [ { targets = [ "100.80.255.180:9199" ]; } ];
+      }
    ];
  };

--- a/machines/vault01/_configuration.nix
+++ b/machines/vault01/_configuration.nix
@ -10,6 +10,7 @@ lib.extra.mkConfig {
    # List of services to enable
    "k-radius"
    "networking"
+    "ups"
  ];

  extraConfig = {
--- a/machines/vault01/secrets/eatonmon-password_file
+++ b/machines/vault01/secrets/eatonmon-password_file
@ -0,0 +1,30 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA Ja6ye8ABH4ueCSyJhFGU+TeN8RPVGSeV2IYFljvM7UI
+FcvDIOBcKel4Y6DoMmmTuSCzp+3IrWEqhBO87l26dC8
+-> ssh-ed25519 QlRB9Q g8LVlo+1lgQU8zlCnMj5TjhGIlxiSvB0cDRkjVzY3i8
+gB5qfOtFKhZoOuAtsm3X5E5hHUCI6B3Byet7WnQMQRk
+-> ssh-ed25519 r+nK/Q HKHlHM+cPfRkwWp3bc8A7fov+RT9C+9dvCpd4daHFmI
+EJbSVhuPCwqfijFw4HumpFAg+q+2B4gh4pDHjCf+p94
+-> ssh-rsa krWCLQ
+i6ZVdAWq5siE57dP4vz8JYXGO7QiAqQ3+MPSms5pkPktlgQKZGKk+A5S42lAh1K7
+vILNCuvzrQUO4jUNk9RhRnaDoMLBus0xqQtE5vwTbtqGI4P/M5IttyRQ5PuAHNgc
+QSNDRetp0QvAcx9I9v0LxArxkGtBPUyICLKYYQcyttie4lfQbfu4jyjZ2Bqix8a4
+/jFQ2GZgfIdjxfV+45DU3TCwFx0mDnNzHXZsI7u4qul+Z9tm2fYcIeyXCFK+GLa3
+TUY46IeVElqDpBMIOQbnLXcivpbEQS8LAOvYSIAXUTNKs6WukXktLfo1Juc1YPcV
+vSTcyV9EBV3DfcozPVdy9A
+-> ssh-ed25519 /vwQcQ Obd9qr3rphOc9qK+nhSiR1j0Em1uv6OlKt/e76elEHs
+PjjWoGeDiGVNyvPsQx7KvoO7hRL6wbgNN543tQp0+lQ
+-> ssh-ed25519 0R97PA FPENiklw5FmKS0G0aqF4K8EEfzOSn+xiaDhb1jCm1l8
+fswVo+JUSjAK/6P9XTDCRox14AJ25C2H6dqFTqY+UWk
+-> ssh-ed25519 JGx7Ng CdsdUVx536gu6qYWBJY1jC/zfvuR2vgtDtfI0MJ+mRc
+zgDkkN+N0Ig8D02t7/jS7KxYXToDa45pX8GIb9/8ax0
+-> ssh-ed25519 5SY7Kg chOHq4oZGnaq9xRr2lzDBLI3ID90MC6aunlEWEBpgVw
+ne/EgtRHYbCaiM8RyDJZMPheXhh2Z97zff/zs3oW+mE
+-> ssh-ed25519 p/Mg4Q S3knEgzoT+1sgvAWAdx7sWwoaxlZY2DObgzAoQE/RDc
+IXXxmzYKPvaNqFoJjs2278y4ZOfT3ErmZU3C0Fh7EC4
+-> ssh-ed25519 5rrg4g n1Yz6UWkAx9lJfnx7e2kZWIlZNRvvdl8llZpf4yo8AU
+kcmQ7mklyqGHulC35JY4ZaF6HE+uAWUClA6SapffXeY
+-> ssh-ed25519 +mFdtQ 8UW9TtBphutHIMr5Cq1rfMBo2h/VgIAL5YsH4FrCU0U
+F+ouCDOo9SyuIomV2Qmgv0gBBKukgHNmqLCJWH3+hfA
+--- fwMG1ZjFgN0FFKM0KgSoJR+Zttxkwz+GBKasO0EXBn4
+<2B>šG[þ¿ÐŠeê*Ž*B·`–jVÈ¥ËäÿˆïÜÖ@MI×žé4y<02>tÐ|½¤ã)¬¥^¸V)q<1F>àÿI7>ÚI%R®x/â¯êÏü <20>	ò_](]Œ5øŠ··Ô<C2B7>ñòªÛò‘OBÄËáøŽ˜“Œr xIM‰—«]ïÂÖÇ|.nçzÄ
oñNº„Ø‚;h%Ù
¤."¦ö
--- a/machines/vault01/secrets/secrets.nix
+++ b/machines/vault01/secrets/secrets.nix
@ -9,4 +9,5 @@ lib.setDefault { inherit publicKeys; } [
  "radius-dh_pem_file"
  "radius-key_pem_file"
  "radius-private_key_password_file"
+  "eatonmon-password_file"
 ]
--- a/machines/vault01/ups.nix
+++ b/machines/vault01/ups.nix
@ -0,0 +1,91 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  power.ups = {
+    enable = true;
+    ups.eaton = {
+      driver = "usbhid-ups";
+      port = "auto";
+    };
+    upsmon.enable = false;
+    users.eatonmon = {
+      passwordFile = config.age.secrets."eatonmon-password_file".path;
+      upsmon = "primary";
+    };
+    upsmon.monitor.eaton = {
+      user = "eatonmon";
+    };
+    schedulerRules =
+      let
+        cmdScript = pkgs.writeShellApplication {
+          name = "upssched-cmd.sh";
+          runtimeInputs = with pkgs; [
+            systemd
+            msmtp
+          ];
+          text = ''
+            case $1 in
+              shutdown-low) MEANING="Battery is low, shutting down.";;
+              shutdown-batt) MEANING="On battery for 15min, shutting down.";;
+              warn-batt) MEANING="Power line faillure, going on battery.";;
+              warn-comm) MEANING="Communication with the UPS was broken.";;
+              warn-bypass) MEANING="The UPS is not protecting the server, power line failure would kill $HOSTNAME instantly.";;
+              *) MEANING="Signal unknown, check configuration.";;
+            esac
+            sendmail -i -t <<ERRMAIL
+            To: fai+monitoring@dgnum.eu
+            Subject: [$HOSTNAME] Battery signal: $1
+            Content-Transfer-Encoding: 8bit
+            Content-Type: text/plain; charset=UTF-8
+
+            $MEANING
+            ERRMAIL
+
+            case $1 in
+              shutdown-*) shutdown 20s # let 20s to send the email
+            esac
+          '';
+        };
+      in
+      (pkgs.writeTextFile {
+        name = "upssched.conf";
+        text = ''
+          CMDSCRIPT ${lib.getExe cmdScript}
+          PIPEFN /var/state/ups/upssched/upssched.pipe
+          LOCKFN /var/state/ups/upssched/upssched.lock
+          AT LOWBATT * EXECUTE shutdown-low
+          AT ONBATT * EXECUTE warn-batt
+          AT ONBATT * START-TIMER shutdown-batt 900
+          AT ONLINE * CANCEL-TIMER shutdown-batt
+          AT COMMBAD * EXECUTE warn-comm
+          AT NOCOMM * EXECUTE warn-comm
+          AT BYPASS * EXECUTE warn-bypass
+        '';
+      }).outPath;
+  };
+
+  systemd.tmpfiles.settings."10-upsmon" =
+    let
+      root = {
+        user = "root";
+        group = "root";
+        mode = "0600";
+      };
+    in
+    {
+      "/var/state/ups/upssched".d = root // {
+        mode = "0700";
+      };
+      "/var/state/ups/upssched/upssched.pipe".p = root;
+    };
+
+  services.prometheus.exporters.nut = {
+    enable = true;
+    listenAddress = "100.80.255.180";
+    port = 9199;
+  };
+}