Nagios
Nagios is a monitoring daemon. It comprises the daemon itself, and a web interface.
Daemon configuration
The simplest way of having the Nagios daemon run is to write its configuration in a main.cfg
alongside configuration.nix
in /etc/nixos
.
Then
/etc/nixos/configuration.nix
{config, pkg, lib, ...}
{
# [...]
services.nagios = {
enable = true;
objectDefs = [ ./main.cfg ];
};
}
Nagios configuration files contain a lot of boilerplate, it is possible to reuse some of the default configuration files. For example to reuse templates.cfg
, timeperiods.cfg
and commands.cfg
:
{
services.nagios.objectDefs =
(map (x: "${pkgs.nagios}/etc/objects/${x}.cfg") [ "templates" "timeperiods" "commands" ]) ++
[ ./main.cfg ];
}
To enable verbose logging into /var/log/nagios/debug.log
:
{
services.nagios.extraConfig = {
debug_level = "-1";
debug_file = "/var/log/nagios/debug.log";
};
}
Web interface
The NixOS module for Nagios does not automatically configure the web interface for your favorite web server. The section below describes a possible configuration for Nginx.
The web interface does not handle authentication; instead it is delegated to the web server. We will use HTTP basic authentication. This is only safe over HTTPS, of course. You need to create a htpasswd file readable by the nginx user only:
htpasswd -c /var/lib/nagios/htpasswd admin_account chmod 0440 /var/lib/nagios/htpasswd chown nginx:nginx /var/lib/nagios/htpasswd
Now a possible configuration looks like this:
/etc/nixos/configuration.nix
{config, pkgs, lib, ...}:
{
# [...]
services.phpfpm.pools.nagios = {
user = "nagios";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "ondemand";
"pm.max_children" = 2;
"pm.process_idle_timeout" = "60s";
"pm.max_requests" = 200;
};
};
services.fcgiwrap = {
enable = true;
user = "nagios";
};
services.nginx.virtualHosts."nagios.example.com" = {
forceSSL = true;
enableACME = true;
root = "${pkgs.nagios}/share/";
extraConfig = ''
index index.php;
auth_basic "Nagios";
auth_basic_user_file /var/lib/nagios/htpasswd;
'';
locations = {
"/".tryFiles = "$uri /index.php";
"/nagios/".alias = "${pkgs.nagios}/share/";
"~ \\.cgi$" = {
root = "${pkgs.nagios}/sbin/";
extraConfig = ''
rewrite ^/nagios/cgi-bin/(.*)$ /$1;
include ${pkgs.nginx}/conf/fastcgi.conf;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SCRIPT_FILENAME ${pkgs.nagios}/share/sbin$fastcgi_script_name;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
'';
};
"~* \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.nagios.socket};
fastcgi_index index.php;
'';
};
};
};
}