aboutsummaryrefslogtreecommitdiff
path: root/pkgs
diff options
context:
space:
mode:
authorIgor Pashev <pashev.igor@gmail.com>2016-09-23 12:41:01 +0300
committerIgor Pashev <pashev.igor@gmail.com>2016-09-23 12:41:49 +0300
commitaf337a12e6f084556400fa93c71304ad63f1efa6 (patch)
treead5125cbfb2e812f4a507b182b875526b2a2d0e9 /pkgs
downloadnixsap-af337a12e6f084556400fa93c71304ad63f1efa6.tar.gz
Initial commit
Diffstat (limited to 'pkgs')
-rwxr-xr-xpkgs/check_aws_ec2_elb/check_aws_ec2_elb60
-rw-r--r--pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf14
-rw-r--r--pkgs/check_aws_ec2_elb/default.nix22
-rw-r--r--pkgs/check_aws_rds/check_aws_rds32
-rw-r--r--pkgs/check_aws_rds/check_aws_rds.conf41
-rw-r--r--pkgs/check_aws_rds/default.nix46
-rwxr-xr-xpkgs/check_mdstat/check_mdstat50
-rw-r--r--pkgs/check_mdstat/default.nix26
-rw-r--r--pkgs/check_solr/cabal2nix.nix23
-rw-r--r--pkgs/check_solr/default.nix13
-rwxr-xr-xpkgs/check_systemd/check_systemd20
-rw-r--r--pkgs/check_systemd/default.nix25
-rw-r--r--pkgs/default.nix18
-rw-r--r--pkgs/gpg.nix4
-rw-r--r--pkgs/icinga2/check_mysql_slave.patch41
-rw-r--r--pkgs/icinga2/default.nix45
-rw-r--r--pkgs/icingaweb2/default.nix33
-rw-r--r--pkgs/icingaweb2/sproxy.patch78
-rw-r--r--pkgs/juandelacosa/cabal2nix.nix25
-rw-r--r--pkgs/juandelacosa/default.nix3
-rw-r--r--pkgs/mariadb/MDEV-10463.patch36
-rw-r--r--pkgs/mariadb/default.nix139
-rw-r--r--pkgs/mathJax.nix18
-rw-r--r--pkgs/mediawiki/T122487.patch16
-rw-r--r--pkgs/mediawiki/default.nix59
-rw-r--r--pkgs/mediawiki/file-backend-default-mode.patch52
-rw-r--r--pkgs/mediawikiExtensions/Sproxy/Sproxy.php218
-rw-r--r--pkgs/mediawikiExtensions/default.nix52
-rw-r--r--pkgs/monitoringPlugins/default.nix37
-rw-r--r--pkgs/monitoringPlugins/mysql_check_slave.patch591
-rw-r--r--pkgs/mydumper.nix17
-rw-r--r--pkgs/mywatch/cabal2nix.nix25
-rw-r--r--pkgs/mywatch/default.nix4
-rw-r--r--pkgs/nagios-plugins-rabbitmq/default.nix36
-rw-r--r--pkgs/probes.nix28
-rw-r--r--pkgs/rdsdump/default.nix14
-rw-r--r--pkgs/rdsdump/rdsdump.bash70
-rw-r--r--pkgs/sproxy-web/cabal2nix.nix26
-rw-r--r--pkgs/sproxy-web/default.nix4
-rw-r--r--pkgs/sproxy/cabal2nix.nix25
-rw-r--r--pkgs/sproxy/default.nix4
-rw-r--r--pkgs/writeBashScript.nix13
-rw-r--r--pkgs/writeBashScriptBin.nix7
-rw-r--r--pkgs/writePHPFile.nix10
-rw-r--r--pkgs/writeXML.nix11
45 files changed, 2131 insertions, 0 deletions
diff --git a/pkgs/check_aws_ec2_elb/check_aws_ec2_elb b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb
new file mode 100755
index 0000000..7b53cc9
--- /dev/null
+++ b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+outOfServicePercentWarn=20
+outOfServicePercentCrit=33
+endpoint=''
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -f) export BOTO_CONFIG="$2"; shift 2;;
+ -h) endpoint="$2"; shift 2;;
+ -w) outOfServicePercentWarn="$2"; shift 2;;
+ -c) outOfServicePercentCrit="$2"; shift 2;;
+ *) echo "$0: unsupported argument: $1" >&2; exit 1;;
+ esac
+done
+
+cmd=( aws elb describe-instance-health )
+
+c=0
+while [[ "$endpoint" != *.*.elb.amazonaws.com* ]]; do
+ endpoint=$(dig "$endpoint" CNAME +short)
+ (( ++c ))
+ if (( c > 10 )); then
+ echo "failed to resolve '$1'" >&2
+ exit 255
+ fi
+done
+
+cmd+=( --region $(echo "$endpoint" | cut -d. -f2) )
+elbName=$(echo "$endpoint" | cut -d. -f1 | sed -r 's/^(internal-)?(.*)-[0-9]+$/\2/')
+cmd+=( --load-balancer-name "$elbName" )
+
+json=$("${cmd[@]}")
+
+totalCount=$(echo "$json" | jq -c '.InstanceStates | length')
+outOfServiceInfo=$(echo "$json" | jq -c '.InstanceStates | map(select(.State == "OutOfService") | .InstanceId)')
+outOfServiceCount=$(echo "$outOfServiceInfo" | jq -r 'length')
+
+outOfServiceCountWarn=${outOfServiceCountWarn:-$(( totalCount * outOfServicePercentWarn / 100 ))}
+outOfServiceCountCrit=${outOfServiceCountCrit:-$(( totalCount * outOfServicePercentCrit / 100 ))}
+
+stat="total=$totalCount out_of_service=$outOfServiceCount;$outOfServiceCountWarn;$outOfServiceCountCrit"
+outOfServiceInstances=$(echo "$outOfServiceInfo" | jq -r 'join(", ")')
+
+if [ "$outOfServiceCount" -eq 0 ]; then
+ echo "OK: $elbName - $totalCount instances|$stat"
+ exit 0
+elif [ "$outOfServiceCount" -ge "$outOfServiceCountCrit" ]; then
+ echo "CRITICAL: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat"
+ exit 2
+elif [ "$outOfServiceCount" -ge "$outOfServiceCountWarn" ]; then
+ echo "WARNING: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat"
+ exit 1
+else
+ echo "OK: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat"
+ exit 0
+fi
+
diff --git a/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf
new file mode 100644
index 0000000..9718e3c
--- /dev/null
+++ b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf
@@ -0,0 +1,14 @@
+object CheckCommand "aws-ec2-elb" {
+ import "plugin-check-command"
+
+ command = [ "check_aws_ec2_elb" ]
+
+ arguments = {
+ "-h" = "$aws_ec2_elb_address$"
+ "-f" = "$aws_ec2_elb_boto_config$"
+ "-w" = "$aws_ec2_elb_warn$"
+ "-c" = "$aws_ec2_elb_crit$"
+ }
+ vars.aws_ec2_elb_address = "$address$"
+}
+
diff --git a/pkgs/check_aws_ec2_elb/default.nix b/pkgs/check_aws_ec2_elb/default.nix
new file mode 100644
index 0000000..5162c9d
--- /dev/null
+++ b/pkgs/check_aws_ec2_elb/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, pkgs, makeWrapper }:
+
+stdenv.mkDerivation {
+ name = "check_aws_ec2_elb";
+ outputs = [ "out" "conf" ];
+ unpackPhase = ":";
+ nativeBuildInputs = [ makeWrapper ];
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp ${./check_aws_ec2_elb} $out/bin/check_aws_ec2_elb
+ cp ${./check_aws_ec2_elb.conf} $conf
+
+ chmod +x "$out/bin/"*
+
+ substituteInPlace "$conf" \
+ --replace check_aws_ec2_elb "$out/bin/check_aws_ec2_elb"
+
+ wrapProgram "$out/bin/check_aws_ec2_elb" \
+ --prefix PATH : "${pkgs.awscli}/bin:${pkgs.gnused}/bin:${pkgs.jq}/bin:${pkgs.bind}/bin"
+ '';
+}
diff --git a/pkgs/check_aws_rds/check_aws_rds b/pkgs/check_aws_rds/check_aws_rds
new file mode 100644
index 0000000..d4fd965
--- /dev/null
+++ b/pkgs/check_aws_rds/check_aws_rds
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+cmd=( pmp-check-aws-rds )
+
+getId () {
+ local endpoint="$1"
+ local c=0
+ while [[ "$endpoint" != *.*.*.rds.amazonaws.com* ]]; do
+ endpoint=$(dig "$endpoint" CNAME +short)
+ (( ++c ))
+ if (( c > 10 )); then
+ echo "failed to resolve '$1'" >&2
+ exit 255
+ fi
+ done
+
+ cmd+=( -r $(echo "$endpoint" | cut -d. -f3) )
+ cmd+=( -i $(echo "$endpoint" | cut -d. -f1) )
+}
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -m|-w|-c) cmd+=( $1 $2 ); shift 2;;
+ -f) export BOTO_CONFIG="$2"; shift 2;;
+ -h) getId "$2"; shift 2;;
+ *) echo "$0: unsupported argument: $1" >&2; exit 1;;
+ esac
+done
+exec "${cmd[@]}"
+
diff --git a/pkgs/check_aws_rds/check_aws_rds.conf b/pkgs/check_aws_rds/check_aws_rds.conf
new file mode 100644
index 0000000..2f6a84e
--- /dev/null
+++ b/pkgs/check_aws_rds/check_aws_rds.conf
@@ -0,0 +1,41 @@
+template CheckCommand "aws-rds-common" {
+ import "plugin-check-command"
+
+ command = [ "check_aws_rds" ]
+
+ arguments = {
+ "-h" = "$aws_rds_address$"
+ "-f" = "$aws_rds_boto_config$"
+ "-m" = "$aws_rds_metric$"
+ "-w" = "$aws_rds_warning$"
+ "-c" = "$aws_rds_critical$"
+ }
+ vars.aws_rds_address = "$address$"
+}
+
+object CheckCommand "aws-rds-status" {
+ import "aws-rds-common"
+ vars.aws_rds_metric = "status"
+}
+
+object CheckCommand "aws-rds-load" {
+ import "aws-rds-common"
+ vars.aws_rds_metric = "load"
+ vars.aws_rds_critical = "99,97,95"
+ vars.aws_rds_warning = "95,93,90"
+}
+
+object CheckCommand "aws-rds-memory" {
+ import "aws-rds-common"
+ vars.aws_rds_metric = "memory"
+ vars.aws_rds_critical = "5"
+ vars.aws_rds_warning = "9"
+}
+
+object CheckCommand "aws-rds-storage" {
+ import "aws-rds-common"
+ vars.aws_rds_metric = "storage"
+ vars.aws_rds_critical = "5"
+ vars.aws_rds_warning = "15"
+}
+
diff --git a/pkgs/check_aws_rds/default.nix b/pkgs/check_aws_rds/default.nix
new file mode 100644
index 0000000..5e91b33
--- /dev/null
+++ b/pkgs/check_aws_rds/default.nix
@@ -0,0 +1,46 @@
+{ stdenv, pkgs, fetchurl, python27Packages }:
+let
+
+ rev = "556191f6d775f0505fb142c02f13a60ba7829ed9";
+
+ pmp-check-aws-rds = stdenv.mkDerivation rec {
+ name = "pmp-check-aws-rds";
+ src = fetchurl {
+ url = "https://raw.githubusercontent.com/percona/percona-monitoring-plugins/${rev}/nagios/bin/pmp-check-aws-rds.py";
+ sha256 = "0ghq6nl2529llxz1icf5hyg75k2hjzdkzfwgrs0d69r3f62w4q5y";
+ };
+
+ buildInputs = with python27Packages; [ python wrapPython ];
+ pythonPath = with python27Packages; [ boto ];
+ phases = [ "installPhase" "fixupPhase" ];
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp $src $out/bin/${name}
+ chmod +x $out/bin/${name}
+ wrapPythonPrograms
+ '';
+
+ };
+
+in stdenv.mkDerivation {
+ name = "check_aws_rds";
+ outputs = [ "out" "conf" ];
+ unpackPhase = ":";
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp ${./check_aws_rds} $out/bin/check_aws_rds
+ cp ${./check_aws_rds.conf} $conf
+
+ substituteInPlace "$out/bin/"* \
+ --replace pmp-check-aws-rds '${pmp-check-aws-rds}/bin/pmp-check-aws-rds' \
+ --replace dig '${pkgs.bind}/bin/dig'
+
+ substituteInPlace "$conf" \
+ --replace check_aws_rds "$out/bin/check_aws_rds"
+
+ chmod +x "$out/bin/"*
+
+ '';
+}
diff --git a/pkgs/check_mdstat/check_mdstat b/pkgs/check_mdstat/check_mdstat
new file mode 100755
index 0000000..32fc168
--- /dev/null
+++ b/pkgs/check_mdstat/check_mdstat
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+stat=/proc/mdstat
+
+if [ ! -e "$stat" ]; then
+ echo "WARNING: $stat does not exist"
+ exit 1
+fi
+
+if [ ! -r "$stat" ]; then
+ echo "WARNING: cannot read $stat"
+ exit 1
+fi
+
+count=$(grep ^md -c "$stat")
+
+if [ "$count" -eq 0 ]; then
+ echo 'WARNING: no arrays found.'
+ exit 1
+elif [ "$count" -eq 1 ]; then
+ out="Linux Software RAID: $count array"
+else
+ out="Linux Software RAID: $count arrays"
+fi
+
+degrated=$(grep -c '\[.*_.*\]' "$stat")
+recovering=$(awk '/recovery/ {print $4}' "$stat")
+resyncing=$(awk '/resync/ {print $4}' "$stat")
+
+if [ -n "$recovering" ]; then
+ out="$out, recovering: $recovering"
+elif [ -n "$resyncing" ]; then
+ out="$out, resyncing: $resyncing"
+elif [ "$degrated" -gt 0 ]; then
+ out="$out, degrated: $degrated"
+fi
+
+if [ "$degrated" -gt 0 ]; then
+ echo "CRITICAL: $out."
+ exit 2
+fi
+
+if [ -n "$recovering$resyncing" ]; then
+ echo "WARNING: $out."
+ exit 1
+fi
+
+echo "OK: $out."
+exit 0
+
diff --git a/pkgs/check_mdstat/default.nix b/pkgs/check_mdstat/default.nix
new file mode 100644
index 0000000..5e645fd
--- /dev/null
+++ b/pkgs/check_mdstat/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, gawk, gnugrep }:
+
+stdenv.mkDerivation {
+ name = "check_mdstat";
+ src = ./check_mdstat;
+ outputs = [ "out" "conf" ];
+ unpackPhase = ":";
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp "$src" $out/bin/check_mdstat
+
+ substituteInPlace "$out/bin/"* \
+ --replace awk '${gawk}/bin/awk' \
+ --replace grep '${gnugrep}/bin/grep'
+
+ chmod +x "$out/bin/"*
+
+ cat <<CONF > $conf
+ object CheckCommand "mdstat" {
+ import "plugin-check-command"
+ command = [ "$out/bin/check_mdstat" ]
+ }
+ CONF
+ '';
+}
diff --git a/pkgs/check_solr/cabal2nix.nix b/pkgs/check_solr/cabal2nix.nix
new file mode 100644
index 0000000..ee3c6b5
--- /dev/null
+++ b/pkgs/check_solr/cabal2nix.nix
@@ -0,0 +1,23 @@
+{ mkDerivation, aeson, base, base64-bytestring, bytestring, docopt
+, fetchgit, HTTP, http-conduit, nagios-check, raw-strings-qq
+, regex-tdfa, scientific, stdenv, text, unordered-containers
+}:
+mkDerivation {
+ pname = "check-solr";
+ version = "0.1.0";
+ src = fetchgit {
+ url = "https://github.com/ip1981/check-solr.git";
+ sha256 = "839199942e5cf110428dd589f1d9610ac504d7199b2b7053d5ee136206890309";
+ rev = "869c945fb56f0ff187125ee352a6876002eba596";
+ };
+ isLibrary = true;
+ isExecutable = true;
+ libraryHaskellDepends = [
+ aeson base base64-bytestring bytestring docopt HTTP http-conduit
+ nagios-check raw-strings-qq regex-tdfa scientific text
+ unordered-containers
+ ];
+ executableHaskellDepends = [ base docopt raw-strings-qq ];
+ description = "Icinga / Nagios plugin for Solr";
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/pkgs/check_solr/default.nix b/pkgs/check_solr/default.nix
new file mode 100644
index 0000000..27aecce
--- /dev/null
+++ b/pkgs/check_solr/default.nix
@@ -0,0 +1,13 @@
+{ stdenv, haskellPackages }:
+let
+
+ haskellPackage = haskellPackages.callPackage ./cabal2nix.nix {};
+
+in stdenv.mkDerivation {
+ name = "check-solr-${haskellPackage.version}";
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ cp -a ${haskellPackage}/bin/* $out/bin/
+ '';
+}
diff --git a/pkgs/check_systemd/check_systemd b/pkgs/check_systemd/check_systemd
new file mode 100755
index 0000000..e668331
--- /dev/null
+++ b/pkgs/check_systemd/check_systemd
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+readarray -t failed < <( systemctl show '*.service' \
+ --state=failed --property=Names \
+ | sed -r -n 's,Names=(.+)\.service,\1,p' \
+ | sort
+ )
+
+if [ ${#failed[@]} -ne 0 ]; then
+ printf -v list ', %s' "${failed[@]}"
+ printf 'WARNING: %s failed\n' "${list:2}"
+ exit 1
+else
+ echo "OK: no failed services"
+ exit 0
+fi
+
+
diff --git a/pkgs/check_systemd/default.nix b/pkgs/check_systemd/default.nix
new file mode 100644
index 0000000..da92a64
--- /dev/null
+++ b/pkgs/check_systemd/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, gnused }:
+
+stdenv.mkDerivation {
+ name = "check_systemd";
+ src = ./check_systemd;
+ outputs = [ "out" "conf" ];
+ unpackPhase = ":";
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp "$src" $out/bin/check_systemd
+
+ substituteInPlace "$out/bin/"* \
+ --replace sed '${gnused}/bin/sed'
+
+ chmod +x "$out/bin/"*
+
+ cat <<CONF > $conf
+ object CheckCommand "systemd" {
+ import "plugin-check-command"
+ command = [ "$out/bin/check_systemd" ]
+ }
+ CONF
+ '';
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
new file mode 100644
index 0000000..d66f7ba
--- /dev/null
+++ b/pkgs/default.nix
@@ -0,0 +1,18 @@
+{ lib, ... }:
+
+let
+ all = lib.attrNames (
+ lib.filterAttrs
+ ( n: _: n != "default.nix" && ! lib.hasPrefix "." n )
+ (builtins.readDir ./.)
+ );
+
+ localPackages = super: lib.listToAttrs (map (f:
+ { name = lib.removeSuffix ".nix" f;
+ value = super.callPackage (./. + "/${f}") {}; }
+ ) all);
+
+in {
+ nixpkgs.config.packageOverrides = localPackages;
+}
+
diff --git a/pkgs/gpg.nix b/pkgs/gpg.nix
new file mode 100644
index 0000000..a0acd20
--- /dev/null
+++ b/pkgs/gpg.nix
@@ -0,0 +1,4 @@
+{ gnupg }:
+gnupg.override {
+ x11Support = false;
+}
diff --git a/pkgs/icinga2/check_mysql_slave.patch b/pkgs/icinga2/check_mysql_slave.patch
new file mode 100644
index 0000000..0658a8a
--- /dev/null
+++ b/pkgs/icinga2/check_mysql_slave.patch
@@ -0,0 +1,41 @@
+Index: icinga2-2.4.1/itl/command-plugins.conf
+===================================================================
+--- icinga2-2.4.1.orig/itl/command-plugins.conf
++++ icinga2-2.4.1/itl/command-plugins.conf
+@@ -1775,6 +1775,36 @@ object CheckCommand "mysql" {
+ vars.mysql_hostname = "$check_address$"
+ }
+
++object CheckCommand "mysql_slave" {
++ import "plugin-check-command"
++ import "ipv4-or-ipv6"
++
++ command = [ PluginDir + "/check_mysql_slave" ]
++
++ arguments = {
++ "-H" = "$mysql_hostname$"
++ "-P" = "$mysql_port$"
++ "-s" = "$mysql_socket$"
++ "-f" = "$mysql_file$"
++ "-g" = "$mysql_group$"
++ "-u" = "$mysql_username$"
++ "-p" = "$mysql_password$"
++ "-N" = "$mysql_connection_name$"
++ "-w" = "$mysql_warning$"
++ "-c" = "$mysql_critical$"
++ "-l" = {
++ set_if = "$mysql_ssl$"
++ }
++ "-C" = "$mysql_cacert$"
++ "-a" = "$mysql_cert$"
++ "-k" = "$mysql_key$"
++ "-D" = "$mysql_cadir$"
++ "-L" = "$mysql_ciphers$"
++ }
++
++ vars.mysql_hostname = "$check_address$"
++}
++
+ object CheckCommand "negate" {
+ import "plugin-check-command"
+
diff --git a/pkgs/icinga2/default.nix b/pkgs/icinga2/default.nix
new file mode 100644
index 0000000..5429a51
--- /dev/null
+++ b/pkgs/icinga2/default.nix
@@ -0,0 +1,45 @@
+{ stdenv, fetchurl
+, bison, boost, cmake, flex
+, libedit, mysql, openssl, yajl
+}:
+
+stdenv.mkDerivation rec {
+ version = "2.4.10";
+ name = "icinga2-${version}";
+
+ src = fetchurl {
+ url = "https://github.com/Icinga/icinga2/archive/v${version}.tar.gz";
+ sha256 = "0pj2y24kgf17106903lnz9gmp5hb3irhafq8sp22qf1wa0q395n2";
+ };
+
+ buildInputs = [ bison boost cmake flex libedit openssl yajl ];
+
+ patches = [
+ ./check_mysql_slave.patch
+ ];
+
+ cmakeFlags = [
+ "-DCMAKE_INSTALL_LOCALSTATEDIR=/icinga2"
+ "-DCMAKE_INSTALL_SYSCONFDIR=/icinga2/etc" # this will need runtime support
+ "-DICINGA2_COMMAND_GROUP=icingacmd"
+ "-DICINGA2_GROUP=icinga"
+ "-DICINGA2_RUNDIR=/run"
+ "-DICINGA2_USER=icinga"
+ "-DICINGA2_WITH_PGSQL=OFF"
+ "-DMYSQL_INCLUDE_DIR=${mysql.lib}/include/mysql"
+ "-DMYSQL_LIB_DIR=${mysql.lib}/lib"
+ ];
+
+ # XXX Without DESTDIR it tries to write to /icinga2 and /run:
+ installPhase = ''
+ rm -rf tmp
+ mkdir -p tmp
+ make install DESTDIR=$(pwd)/tmp
+ mv tmp/$out $out
+ mv tmp/icinga2 $out/icinga2
+ rm -rf $out/run
+ for s in $out/icinga2/etc/icinga2/scripts/* ; do
+ substituteInPlace $s --replace /usr/bin/printf printf
+ done
+ '';
+}
diff --git a/pkgs/icingaweb2/default.nix b/pkgs/icingaweb2/default.nix
new file mode 100644
index 0000000..263ae47
--- /dev/null
+++ b/pkgs/icingaweb2/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, fetchurl
+, php
+}:
+
+stdenv.mkDerivation rec {
+ version = "2.3.4";
+ name = "icingaweb2-${version}";
+
+ src = fetchurl {
+ url = "https://github.com/Icinga/icingaweb2/archive/v${version}.tar.gz";
+ sha256 = "0kmxvwbr7g6daj2mqabzvmw3910igd85wrzwilkz83fizgmrszh5";
+ };
+
+ buildInputs = [ php ];
+
+ patches = [ ./sproxy.patch ];
+
+ buildPhase = "true";
+
+ installPhase = ''
+ mkdir -p $out
+ cp -a * $out
+ rm -rf $out/.puppet
+ rm -rf $out/Vagrantfile
+ rm -rf $out/icingaweb2.spec
+ rm -rf $out/modules/doc
+ rm -rf $out/modules/iframe
+ rm -rf $out/modules/setup
+ rm -rf $out/modules/test
+ rm -rf $out/packages
+ rm -rf $out/test
+ '';
+}
diff --git a/pkgs/icingaweb2/sproxy.patch b/pkgs/icingaweb2/sproxy.patch
new file mode 100644
index 0000000..d1b074d
--- /dev/null
+++ b/pkgs/icingaweb2/sproxy.patch
@@ -0,0 +1,78 @@
+commit 04eb7cffa84387070f48f5649a1d5a5a7843fc9c
+Author: Igor Pashev <pashev.igor@gmail.com>
+Date: Fri Jan 1 11:05:48 2016 +0300
+
+ Added Sproxy backend
+
+ See https://github.com/zalora/sproxy
+
+diff --git a/library/Icinga/Authentication/User/SproxyBackend.php b/library/Icinga/Authentication/User/SproxyBackend.php
+new file mode 100644
+index 0000000..4b15b0e
+--- /dev/null
++++ b/library/Icinga/Authentication/User/SproxyBackend.php
+@@ -0,0 +1,40 @@
++<?php
++/* 2016 Zalora South East Asia Pte. Ltd | GPLv2+ */
++
++namespace Icinga\Authentication\User;
++
++use Icinga\Data\ConfigObject;
++use Icinga\User;
++
++/**
++ * Login with Sproxy authentication mechanism:
++ * https://github.com/zalora/sproxy
++ */
++class SproxyBackend extends ExternalBackend
++{
++ /**
++ * {@inheritdoc}
++ */
++ public function authenticate(User $user, $password = null)
++ {
++ if (! empty($_SERVER['HTTP_FROM'])) {
++ $email = $_SERVER['HTTP_FROM'];
++ $user->setUsername($email);
++ $user->setEmail($email);
++ $user->setExternalUserInformation($email, 'HTTP_FROM');
++
++ if (! empty($_SERVER['HTTP_X_GIVEN_NAME'])) {
++ $user->setFirstname($_SERVER['HTTP_X_GIVEN_NAME']);
++ }
++ if (! empty($_SERVER['HTTP_X_GROUPS'])) {
++ $user->setGroups(explode(',', $_SERVER['HTTP_X_GROUPS']));
++ }
++ if (! empty($_SERVER['HTTP_X_FAMILY_NAME'])) {
++ $user->setLastname($_SERVER['HTTP_X_FAMILY_NAME']);
++ }
++
++ return true;
++ }
++ return false;
++ }
++}
+diff --git a/library/Icinga/Authentication/User/UserBackend.php b/library/Icinga/Authentication/User/UserBackend.php
+index 3b8e210..d264365 100644
+--- a/library/Icinga/Authentication/User/UserBackend.php
++++ b/library/Icinga/Authentication/User/UserBackend.php
+@@ -22,6 +22,7 @@ class UserBackend implements ConfigAwareFactory
+ * @var array
+ */
+ protected static $defaultBackends = array(
++ 'sproxy',
+ 'external',
+ 'db',
+ 'ldap',
+@@ -176,6 +177,11 @@ class UserBackend implements ConfigAwareFactory
+ $backend->setName($name);
+ return $backend;
+ }
++ if ($backendType === 'sproxy') {
++ $backend = new SproxyBackend($backendConfig);
++ $backend->setName($name);
++ return $backend;
++ }
+ if (in_array($backendType, static::$defaultBackends)) {
+ // The default backend check is the first one because of performance reasons:
+ // Do not attempt to load a custom user backend unless it's actually required
diff --git a/pkgs/juandelacosa/cabal2nix.nix b/pkgs/juandelacosa/cabal2nix.nix
new file mode 100644
index 0000000..ddb6af7
--- /dev/null
+++ b/pkgs/juandelacosa/cabal2nix.nix
@@ -0,0 +1,25 @@
+{ mkDerivation, base, base64-bytestring, bytestring
+, data-default-class, docopt, entropy, fast-logger, fetchgit
+, http-types, interpolatedstring-perl6, mtl, mysql, mysql-simple
+, network, resource-pool, scotty, stdenv, text, unix, wai
+, wai-extra, wai-middleware-static, warp
+}:
+mkDerivation {
+ pname = "juandelacosa";
+ version = "0.1.1";
+ src = fetchgit {
+ url = "https://github.com/zalora/juandelacosa.git";
+ sha256 = "c260feae989f518484881e7dc7ebcd51d5b25fcda92412445942a5e34c1f9459";
+ rev = "0940da0cdfb1201768d35c58433891feacbaedd5";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ base base64-bytestring bytestring data-default-class docopt entropy
+ fast-logger http-types interpolatedstring-perl6 mtl mysql
+ mysql-simple network resource-pool scotty text unix wai wai-extra
+ wai-middleware-static warp
+ ];
+ description = "Manage users in MariaDB >= 10.1.1";
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/pkgs/juandelacosa/default.nix b/pkgs/juandelacosa/default.nix
new file mode 100644
index 0000000..b37e598
--- /dev/null
+++ b/pkgs/juandelacosa/default.nix
@@ -0,0 +1,3 @@
+{ haskellPackages }:
+haskellPackages.callPackage ./cabal2nix.nix {}
+
diff --git a/pkgs/mariadb/MDEV-10463.patch b/pkgs/mariadb/MDEV-10463.patch
new file mode 100644
index 0000000..c094257
--- /dev/null
+++ b/pkgs/mariadb/MDEV-10463.patch
@@ -0,0 +1,36 @@
+diff --git a/sql/sql_show.cc b/sql/sql_show.cc
+index ae38745..73edb18 100644
+--- a/sql/sql_show.cc
++++ b/sql/sql_show.cc
+@@ -4850,6 +4850,7 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond)
+ TABLE *table= tables->table;
+ #ifndef NO_EMBEDDED_ACCESS_CHECKS
+ Security_context *sctx= thd->security_ctx;
++ ulong db_access= sctx->db_access;
+ #endif
+ DBUG_ENTER("fill_schema_shemata");
+
+@@ -4891,9 +4892,20 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond)
+ continue;
+ }
+ #ifndef NO_EMBEDDED_ACCESS_CHECKS
+- if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
+- acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) ||
+- !check_grant_db(thd, db_name->str))
++ if (test_all_bits(sctx->master_access, DB_ACLS))
++ db_access= DB_ACLS;
++ else
++ {
++ db_access= acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, FALSE);
++ if (sctx->priv_role[0])
++ {
++ /* include a possible currently set role for access */
++ db_access|= acl_get("", "", sctx->priv_role, db_name->str, FALSE);
++ }
++ }
++ if ((sctx->master_access & SHOW_DB_ACL) ||
++ (db_access & DB_ACLS) ||
++ !check_grant_db(thd, db_name->str))
+ #endif
+ {
+ load_db_opt_by_name(thd, db_name->str, &create);
diff --git a/pkgs/mariadb/default.nix b/pkgs/mariadb/default.nix
new file mode 100644
index 0000000..e26646d
--- /dev/null
+++ b/pkgs/mariadb/default.nix
@@ -0,0 +1,139 @@
+{ stdenv, fetchurl, cmake, ncurses, zlib, xz, lzo, lz4, bzip2, snappy
+, openssl, pcre, boost, judy, bison, libxml2
+, libaio, libevent, groff, jemalloc, cracklib, systemd, numactl, perl
+}:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+ name = "mariadb-${version}";
+ version = "10.1.17";
+
+ src = fetchurl {
+ url = "https://downloads.mariadb.org/interstitial/mariadb-${version}/source/mariadb-${version}.tar.gz";
+ sha256 = "1ddalhxxcn95qp5b50z213niylcd0s6bqphid0c7c624wg2mm92c";
+ };
+
+ buildInputs = [
+ cmake ncurses openssl zlib xz lzo lz4 bzip2 snappy
+ pcre libxml2 boost judy bison libevent cracklib
+ ] ++ stdenv.lib.optionals stdenv.isLinux [ jemalloc libaio systemd numactl ];
+
+ patches = [
+ ./MDEV-10463.patch
+ ];
+
+ cmakeFlags = [
+ "-DBUILD_CONFIG=mysql_release"
+ "-DDEFAULT_CHARSET=utf8"
+ "-DDEFAULT_COLLATION=utf8_general_ci"
+ "-DENABLED_LOCAL_INFILE=ON"
+ "-DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock"
+ "-DMYSQL_DATADIR=/var/lib/mysql"
+ "-DINSTALL_SYSCONFDIR=etc/mysql"
+ "-DINSTALL_INFODIR=share/mysql/docs"
+ "-DINSTALL_MANDIR=share/man"
+ "-DINSTALL_PLUGINDIR=lib/mysql/plugin"
+ "-DINSTALL_SCRIPTDIR=bin"
+ "-DINSTALL_INCLUDEDIR=include/mysql"
+ "-DINSTALL_DOCREADMEDIR=share/mysql"
+ "-DINSTALL_SUPPORTFILESDIR=share/mysql"
+ "-DINSTALL_MYSQLSHAREDIR=share/mysql"
+ "-DINSTALL_DOCDIR=share/mysql/docs"
+ "-DINSTALL_SHAREDIR=share/mysql"
+ "-DWITH_READLINE=ON"
+ "-DWITH_ZLIB=system"
+ "-DWITH_SSL=system"
+ "-DWITH_PCRE=system"
+ "-DWITH_EMBEDDED_SERVER=yes"
+ "-DWITH_EXTRA_CHARSETS=complex"
+ "-DWITH_EMBEDDED_SERVER=ON"
+ "-DWITH_ARCHIVE_STORAGE_ENGINE=1"
+ "-DWITH_BLACKHOLE_STORAGE_ENGINE=1"
+ "-DWITH_INNOBASE_STORAGE_ENGINE=1"
+ "-DWITH_PARTITION_STORAGE_ENGINE=1"
+ "-DWITHOUT_EXAMPLE_STORAGE_ENGINE=1"
+ "-DWITHOUT_FEDERATED_STORAGE_ENGINE=1"
+ "-DSECURITY_HARDENED=ON"
+ "-DWITH_WSREP=ON"
+ ] ++ stdenv.lib.optionals stdenv.isDarwin [
+ "-DWITHOUT_OQGRAPH_STORAGE_ENGINE=1"
+ "-DWITHOUT_TOKUDB=1"
+ "-DCURSES_LIBRARY=${ncurses}/lib/libncurses.dylib"
+ ];
+
+ # fails to find lex_token.h sometimes
+ enableParallelBuilding = true;
+
+ outputs = [ "out" "lib" ];
+
+ prePatch = ''
+ substituteInPlace cmake/libutils.cmake \
+ --replace /usr/bin/libtool libtool
+ sed -i "s,SET(DEFAULT_MYSQL_HOME.*$,SET(DEFAULT_MYSQL_HOME /not/a/real/dir),g" CMakeLists.txt
+ sed -i "s,SET(PLUGINDIR.*$,SET(PLUGINDIR $lib/lib/mysql/plugin),g" CMakeLists.txt
+ sed -i 's,SET(SHAREDIR .*$,SET(SHAREDIR share/mysql),g' CMakeLists.txt
+
+ sed -i "s,SET(pkgincludedir.*$,SET(pkgincludedir $lib/include),g" scripts/CMakeLists.txt
+ sed -i "s,SET(pkglibdir.*$,SET(pkglibdir $lib/lib),g" scripts/CMakeLists.txt
+ sed -i "s,SET(pkgplugindir.*$,SET(pkgplugindir $lib/lib/mysql/plugin),g" scripts/CMakeLists.txt
+
+ sed -i "s,set(libdir.*$,SET(libdir $lib/lib),g" storage/mroonga/vendor/groonga/CMakeLists.txt
+ sed -i "s,set(includedir.*$,SET(includedir $lib/include),g" storage/mroonga/vendor/groonga/CMakeLists.txt
+ sed -i "/\"\$[{]CMAKE_INSTALL_PREFIX}\/\$[{]GRN_RELATIVE_PLUGINS_DIR}\"/d" storage/mroonga/vendor/groonga/CMakeLists.txt
+ sed -i "s,set(GRN_PLUGINS_DIR.*$,SET(GRN_PLUGINS_DIR $lib/\$\{GRN_RELATIVE_PLUGINS_DIR}),g" storage/mroonga/vendor/groonga/CMakeLists.txt
+ sed -i 's,[^"]*/var/log,/var/log,g' storage/mroonga/vendor/groonga/CMakeLists.txt
+ '';
+
+ postInstall = ''
+ substituteInPlace $out/bin/mysql_install_db \
+ --replace basedir=\"\" basedir=\"$out\"
+
+ # Remove superfluous files
+ rm -r $out/mysql-test $out/sql-bench $out/data # Don't need testing data
+ rm $out/share/man/man1/mysql-test-run.pl.1
+ rm $out/bin/rcmysql # Not needed with nixos units
+ rm $out/bin/mysqlbug # Encodes a path to gcc and not really useful
+ find $out/bin -name \*test\* -exec rm {} \;
+
+ # Separate libs and includes into their own derivation
+ mkdir -p $lib
+ mv $out/lib $lib
+ mv $out/include $lib
+
+ ''
+ + stdenv.lib.optionalString stdenv.isDarwin ''
+ # Fix library rpaths
+ # TODO: put this in the stdenv to prepare for wide usage of multi-output derivations
+ for file in $(grep -rl $out/lib $lib); do
+ install_name_tool -delete_rpath $out/lib -add_rpath $lib $file
+ done
+
+ '' + ''
+ # Fix the mysql_config
+ sed -i $out/bin/mysql_config \
+ -e 's,-lz,-L${zlib}/lib -lz,g' \
+ -e 's,-lssl,-L${openssl}/lib -lssl,g'
+
+ # Add mysql_config to libs since configure scripts use it
+ mkdir -p $lib/bin
+ cp $out/bin/mysql_config $lib/bin
+ sed -i "/\(execdir\|bindir\)/ s,'[^\"']*',$lib/bin,g" $lib/bin/mysql_config
+
+ # Make sure to propagate lib for compatability
+ mkdir -p $out/nix-support
+ echo "$lib" > $out/nix-support/propagated-native-build-inputs
+
+ # Don't install static libraries.
+ rm $lib/lib/libmysqlclient.a $lib/lib/libmysqld.a
+ '';
+
+ passthru.mysqlVersion = "5.6";
+
+ meta = with stdenv.lib; {
+ description = "An enhanced, drop-in replacement for MySQL";
+ homepage = https://mariadb.org/;
+ license = stdenv.lib.licenses.gpl2;
+ maintainers = with stdenv.lib.maintainers; [ thoughtpolice wkennington ];
+ platforms = stdenv.lib.platforms.all;
+ };
+}
diff --git a/pkgs/mathJax.nix b/pkgs/mathJax.nix
new file mode 100644
index 0000000..04b596f
--- /dev/null
+++ b/pkgs/mathJax.nix
@@ -0,0 +1,18 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+ version = "2.6.1";
+ name = "mathjax-${version}";
+
+ src = fetchurl {
+ url = "https://github.com/mathjax/MathJax/archive/${version}.tar.gz";
+ sha256 = "1f7v48s7km9fi9i0bignn8f91z3bk04n4jx407l3xsd4hxfr8in7";
+ };
+
+ installPhase = ''
+ mkdir -p $out
+ cp -a * $out/
+ rm -rf $out/unpacked
+ rm -rf "$out/"*.json
+ '';
+}
diff --git a/pkgs/mediawiki/T122487.patch b/pkgs/mediawiki/T122487.patch
new file mode 100644
index 0000000..7b868a8
--- /dev/null
+++ b/pkgs/mediawiki/T122487.patch
@@ -0,0 +1,16 @@
+Description: fix warning on upload page
+Bug: https://phabricator.wikimedia.org/T122487
+Index: mediawiki-1.23.13/includes/User.php
+===================================================================
+--- mediawiki-1.23.13.orig/includes/User.php
++++ mediawiki-1.23.13/includes/User.php
+@@ -3806,6 +3806,9 @@ class User {
+ * @return boolean: Whether the token matches
+ */
+ public function matchEditToken( $val, $salt = '', $request = null ) {
++ if ($val === null) {
++ return false;
++ }
+ $sessionToken = $this->getEditToken( $salt, $request );
+ $equals = hash_equals( $sessionToken, $val );
+ if ( !$equals ) {
diff --git a/pkgs/mediawiki/default.nix b/pkgs/mediawiki/default.nix
new file mode 100644
index 0000000..ef606f0
--- /dev/null
+++ b/pkgs/mediawiki/default.nix
@@ -0,0 +1,59 @@
+{ lib, pkgs }:
+
+let
+ inherit (builtins) elemAt;
+ inherit (lib) splitString concatMapStrings;
+
+ bundled = [
+ "Cite" "ConfirmEdit" "Gadgets" "ImageMap" "InputBox" "Interwiki"
+ "LocalisationUpdate" "Nuke" "ParserFunctions" "PdfHandler" "Poem"
+ "Renameuser" "SpamBlacklist" "SyntaxHighlight_GeSHi" "TitleBlacklist"
+ "WikiEditor"
+ ];
+
+in pkgs.stdenv.mkDerivation rec {
+ version = "1.23.13";
+ name = "mediawiki-${version}";
+
+ src = let
+ v = splitString "." version;
+ minor = "${elemAt v 0}.${elemAt v 1}";
+ in pkgs.fetchurl {
+ url = "https://releases.wikimedia.org/mediawiki/${minor}/${name}.tar.gz";
+ sha256 = "168wpf53n4ksj2g5q5r0hxapx6238dvsfng5ff9ixk6axsn0j5d0";
+ };
+
+ patches = [
+ ./T122487.patch
+ ./file-backend-default-mode.patch
+ ];
+
+ outputs = [ "out" ] ++ bundled;
+
+ installPhase = ''
+ cp -a . $out
+
+ rm -rf $out/tests
+ rm -rf $out/mw-config
+ rm -rf $out/maintenance/dev
+ rm -rf $out/maintenance/hiphop
+
+ sed -i \
+ -e 's|/bin/bash|${pkgs.bash}/bin/bash|g' \
+ -e 's|/usr/bin/timeout|${pkgs.coreutils}/bin/timeout|g' \
+ $out/includes/limit.sh \
+ $out/includes/GlobalFunctions.php
+
+ cat <<'EOF' > $out/LocalSettings.php
+ <?php
+ if (isset($_ENV['MEDIAWIKI_LOCAL_SETTINGS'])) {
+ require_once ($_ENV['MEDIAWIKI_LOCAL_SETTINGS']);
+ };
+ ?>
+ EOF
+
+ ${concatMapStrings (e: ''
+ mv $out/extensions/${e} ''${${e}}
+ '') bundled}
+ '';
+}
diff --git a/pkgs/mediawiki/file-backend-default-mode.patch b/pkgs/mediawiki/file-backend-default-mode.patch
new file mode 100644
index 0000000..2bd303c
--- /dev/null
+++ b/pkgs/mediawiki/file-backend-default-mode.patch
@@ -0,0 +1,52 @@
+Index: mediawiki-1.23.13/includes/DefaultSettings.php
+===================================================================
+--- mediawiki-1.23.13.orig/includes/DefaultSettings.php
++++ mediawiki-1.23.13/includes/DefaultSettings.php
+@@ -429,7 +429,7 @@ $wgImgAuthUrlPathMap = array();
+ * leave the paths in unchanged, or 'simple' to replace paths with
+ * placeholders. Default for LocalRepo is 'simple'.
+ * - fileMode This allows wikis to set the file mode when uploading/moving files. Default
+- * is 0644.
++ * is 0640.
+ * - directory The local filesystem directory where public files are stored. Not used for
+ * some remote repos.
+ * - thumbDir The base thumbnail directory. Defaults to "<directory>/thumb".
+Index: mediawiki-1.23.13/includes/filerepo/FSRepo.php
+===================================================================
+--- mediawiki-1.23.13.orig/includes/filerepo/FSRepo.php
++++ mediawiki-1.23.13/includes/filerepo/FSRepo.php
+@@ -50,7 +50,7 @@ class FSRepo extends FileRepo {
+ : "{$directory}/transcoded";
+ $fileMode = isset( $info['fileMode'] )
+ ? $info['fileMode']
+- : 0644;
++ : 0640;
+
+ $repoName = $info['name'];
+ // Get the FS backend configuration
+Index: mediawiki-1.23.13/includes/filebackend/FSFileBackend.php
+===================================================================
+--- mediawiki-1.23.13.orig/includes/filebackend/FSFileBackend.php
++++ mediawiki-1.23.13/includes/filebackend/FSFileBackend.php
+@@ -82,7 +82,7 @@ class FSFileBackend extends FileBackendS
+ }
+ }
+
+- $this->fileMode = isset( $config['fileMode'] ) ? $config['fileMode'] : 0644;
++ $this->fileMode = isset( $config['fileMode'] ) ? $config['fileMode'] : 0640;
+ if ( isset( $config['fileOwner'] ) && function_exists( 'posix_getuid' ) ) {
+ $this->fileOwner = $config['fileOwner'];
+ $info = posix_getpwuid( posix_getuid() );
+Index: mediawiki-1.23.13/includes/filebackend/FileBackendGroup.php
+===================================================================
+--- mediawiki-1.23.13.orig/includes/filebackend/FileBackendGroup.php
++++ mediawiki-1.23.13/includes/filebackend/FileBackendGroup.php
+@@ -88,7 +88,7 @@ class FileBackendGroup {
+ : "{$directory}/transcoded";
+ $fileMode = isset( $info['fileMode'] )
+ ? $info['fileMode']
+- : 0644;
++ : 0640;
+ // Get the FS backend configuration
+ $autoBackends[] = array(
+ 'name' => $backendName,
diff --git a/pkgs/mediawikiExtensions/Sproxy/Sproxy.php b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php
new file mode 100644
index 0000000..697c596
--- /dev/null
+++ b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php
@@ -0,0 +1,218 @@
+<?php
+
+// This program is free software: you can redistribute it and/or modify it
+// under the terms of the GNU General Public License as published by the Free
+// Software Foundation, either version 2 of the License, or (at your option)
+// any later version.
+//
+// This program is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+// more details.
+//
+// You should have received a copy of the GNU General Public License along with
+// this program. If not, see <http://www.gnu.org/licenses/>.
+//
+// Copyright 2006 Otheus Shelling
+// Copyright 2007 Rusty Burchfield
+// Copyright 2009 James Kinsman
+// Copyright 2010 Daniel Thomas
+// Copyright 2010 Ian Ward Comfort
+// Copyright 2013-2016 Zalora South East Asia Pte Ltd
+//
+// In 2009, the copyright holders determined that the original publishing of this code
+// under GPLv3 was legally and logistically in error, and re-licensed it under GPLv2.
+//
+// See http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
+//
+// Adapted by Rusty to be compatible with version 1.9 of MediaWiki
+// Optional settings from Emmanuel Dreyfus
+// Adapted by VibroAxe (James Kinsman) to be compatible with version 1.16 of MediaWiki
+// Adapted by VibroAxe (James Kinsman) to allow domain substitution for Integrated Windows Authentication
+// Adapted by drt24 (Daniel Thomas) to add the optional $wgAuthRemoteuserMailDomain and remove hardcoding
+// of permissions for anonymous users.
+// Adapted by Ian Ward Comfort to detect mismatches between the session user and REMOTE_USER
+// Adapted to sproxy by Chris Forno
+// Extension credits that show up on Special:Version
+
+$wgExtensionCredits['other'][] = array(
+ 'name' => 'Sproxy',
+ 'version' => '0.2.0',
+ 'author' => array(
+ 'Otheus Shelling',
+ 'Rusty Burchfield',
+ 'James Kinsman',
+ 'Daniel Thomas',
+ 'Ian Ward Comfort',
+ 'Chris Forno'
+ ) ,
+ 'url' => '',
+ 'description' => 'Automatically authenticates users using sproxy HTTP headers.',
+);
+
+// We must allow zero length passwords. This extension does not work in MW 1.16 without this.
+$wgMinimalPasswordLength = 0;
+
+function sproxy_hook()
+{
+ global $wgUser, $wgRequest, $wgAuth;
+
+ // For a few special pages, don't do anything.
+ $skipPages = array(
+ Title::makeName(NS_SPECIAL, 'UserLogin') ,
+ Title::makeName(NS_SPECIAL, 'UserLogout') ,
+ );
+
+ if (in_array($wgRequest->getVal('title') , $skipPages)) {
+ return;
+ }
+
+ // Don't do anything if there's already a valid session.
+ $user = User::newFromSession();
+ if (!$user->isAnon()) {
+ return;
+ }
+
+ // If the login form returns NEED_TOKEN try once more with the right token
+ $trycount = 0;
+ $token = '';
+ $errormessage = '';
+ do {
+ $tryagain = false;
+ // Submit a fake login form to authenticate the user.
+ $params = new FauxRequest(array(
+ 'wpName' => sproxy_username() ,
+ 'wpPassword' => '',
+ 'wpDomain' => '',
+ 'wpLoginToken' => $token,
+ 'wpRemember' => '',
+ ));
+ // Authenticate user data will automatically create new users.
+ $loginForm = new LoginForm($params);
+ $result = $loginForm->authenticateUserData();
+ switch ($result) {
+ case LoginForm::SUCCESS:
+ $wgUser->setOption('rememberpassword', 1);
+ $wgUser->setCookies();
+ break;
+
+ case LoginForm::NEED_TOKEN:
+ $token = $loginForm->getLoginToken();
+ $tryagain = ($trycount == 0);
+ break;
+
+ default:
+ error_log("Unexpected sproxy authentication failure (code: $result)");
+ break;
+ }
+ $trycount++;
+ }
+ while ($tryagain);
+}
+
+$wgExtensionFunctions[] = 'sproxy_hook';
+function sproxy_email()
+{
+ return $_SERVER['HTTP_FROM'];
+}
+
+function sproxy_username()
+{
+ // We can't rely on X-Given-Name/X-Family name because they can be
+ // set by the user. I've personally seen someone set their name to
+ // "ZALORA".
+ //
+ // Instead, we'll try to extract the real name from the first part
+ // of the email address.
+ list($username, $_) = explode('@', sproxy_email());
+ // So we have something like firstname.lastname or firstname.l or
+ // firstname.
+ return $username;
+}
+
+function sproxy_real_name()
+{
+ return $_SERVER['HTTP_X_GIVEN_NAME'] . ' ' . $_SERVER['HTTP_X_FAMILY_NAME'];
+}
+
+class AuthSproxy extends AuthPlugin
+{
+ public function userExists($username)
+ {
+ // This does not mean does the user already exist in the Mediawiki database.
+ return true;
+ }
+
+ public function authenticate($username, $password)
+ {
+ // All users are already authenticated.
+ return true;
+ }
+
+ public function autoCreate()
+ {
+ // Automatically create Mediawiki users for sproxy users.
+ return true;
+ }
+
+ function allowPasswordChange()
+ {
+ // This doesn't make any sense so don't allow it.
+ return false;
+ }
+
+ public function strict()
+ {
+ // Don't check passwords against the Mediawiki database;
+ return true;
+ }
+
+ public function initUser(&$user, $autocreate = false)
+ {
+ $user->setEmail(sproxy_email());
+ $user->mEmailAuthenticated = wfTimestampNow();
+ $user->setToken();
+ $user->setRealName(sproxy_real_name());
+
+ // turn on e-mail notifications
+ if (isset($wgAuthRemoteuserNotify) && $wgAuthRemoteuserNotify) {
+ $user->setOption('enotifwatchlistpages', 1);
+ $user->setOption('enotifusertalkpages', 1);
+ $user->setOption('enotifminoredits', 1);
+ $user->setOption('enotifrevealaddr', 1);
+ }
+ $user->saveSettings();
+ }
+}
+
+$wgAuth = new AuthSproxy();
+
+// Don't let anonymous people do things...
+$wgGroupPermissions['*']['createaccount'] = false;
+$wgGroupPermissions['*']['read'] = false;
+$wgGroupPermissions['*']['edit'] = false;
+
+// see http://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList
+// and http://www.mediawiki.org/w/Manual:Special_pages
+// and http://lists.wikimedia.org/pipermail/mediawiki-l/2009-June/031231.html
+// disable login and logout functions for all users
+function LessSpecialPages(&$list)
+{
+ unset($list['ChangeEmail']);
+ unset($list['Userlogin']);
+ unset($list['Userlogout']);
+ return true;
+}
+$wgHooks['SpecialPage_initList'][] = 'LessSpecialPages';
+
+// http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth
+// remove login and logout buttons for all users
+function StripLogin(&$personal_urls, &$wgTitle)
+{
+ unset($personal_urls["login"]);
+ unset($personal_urls["logout"]);
+ unset($personal_urls['anonlogin']);
+ return true;
+}
+$wgHooks['PersonalUrls'][] = 'StripLogin';
+
diff --git a/pkgs/mediawikiExtensions/default.nix b/pkgs/mediawikiExtensions/default.nix
new file mode 100644
index 0000000..f2ae6f1
--- /dev/null
+++ b/pkgs/mediawikiExtensions/default.nix
@@ -0,0 +1,52 @@
+{ lib, fetchgit, mediawiki }:
+
+let
+ inherit (lib) filter genAttrs;
+
+ bundled = filter (n: n != "out") mediawiki.outputs;
+
+in genAttrs bundled (e: mediawiki.${e}) //
+{
+
+ EmbedVideo= fetchgit {
+ url = https://github.com/HydraWiki/mediawiki-embedvideo.git;
+ rev = "1c1904bfc040bc948726719cbef41708c62546b3";
+ sha256 = "07sxpaks1hik710izilpslnqlcjz2nphqkx9b9qh6qv9xb0a9n6v";
+ };
+
+ GraphViz = fetchgit {
+ url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/GraphViz.git;
+ rev = "c968ec19090ab6febcd12ccd5816c5875fddc9df";
+ sha256 = "a0f9b7a67c1b166bba7ce3100b9b2666938af50666a526b1e9e4a83359e4a10d";
+ };
+
+/* TODO Use with Mediawiki 1.26+
+ MathJax = fetchgit {
+ url = https://github.com/hbshim/mediawiki-mathjax.git;
+ rev = "56061635eaeffbd13d50d243077e44fcbf3f5da1";
+ sha256 = "1xx9cpcl5c8n1jn3qckcva5dnl8z7i1bd2ff4ycpd2cdp930gsy6";
+ };
+*/
+
+ MathJax = fetchgit {
+ url = https://github.com/zalora/Mediawiki-MathJax.git;
+ rev = "880adf7f9da55dbe257043fe431f825211ee96e1";
+ sha256 = "17s3pbxj6jhywsbdss1hqmss8slb89jkwirlsbd0h16m130q72n8";
+ };
+
+ MsUpload = fetchgit {
+ url = https://phabricator.wikimedia.org/diffusion/EMSU/extension-msupload.git;
+ rev = "d2983b9cd44203173b39e64bf25cdcd73612fcc0";
+ sha256 = "18n4iyvp85ipgggjgwrk6pn75gciwrkjb7mr1zvqsh9kv3rpd5n9";
+ };
+
+ Sproxy = ./Sproxy; # TODO: review, update & publish
+
+ UserPageEditProtection = fetchgit {
+ url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UserPageEditProtection.git;
+ rev = "13ff835e8278654ab8cfae03c8b8196bdfe6e410";
+ sha256 = "0hjsgq8hhqw6wxqfc14jq1wb09q8zf9xv7jz0hkhl5ma6338j7q9";
+ };
+
+}
+
diff --git a/pkgs/monitoringPlugins/default.nix b/pkgs/monitoringPlugins/default.nix
new file mode 100644
index 0000000..d0f554e
--- /dev/null
+++ b/pkgs/monitoringPlugins/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, fetchurl
+, autoreconfHook
+, procps, perl
+, fping, openssh, bind
+, mariadb
+, openssl
+}:
+
+stdenv.mkDerivation rec {
+ version = "2.1.2";
+ name = "monitoring-plugins-${version}";
+ src = fetchurl {
+ url = "https://github.com/monitoring-plugins/monitoring-plugins/archive/v${version}.tar.gz";
+ sha256 = "0mgs59326yzvx92pdqmn671d40czixd7k60dvsbz89ah2r96vps7";
+ };
+
+ buildInputs = [
+ autoreconfHook
+ procps perl
+ fping openssh bind
+ mariadb.lib
+ openssl
+ ];
+
+ patches = [
+ ./mysql_check_slave.patch
+ ];
+
+ configurePhase = ''
+ ./configure \
+ --prefix=$out \
+ --disable-nls \
+ --with-ping-command="/var/setuid-wrappers/ping -n -U -w %d -c %d %s" \
+ --with-ping6-command="/var/setuid-wrappers/ping6 -n -U -w %d -c %d %s" \
+ --with-trusted-path=/var/setuid-wrappers:/run/current-system/sw/bin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin
+ '';
+}
diff --git a/pkgs/monitoringPlugins/mysql_check_slave.patch b/pkgs/monitoringPlugins/mysql_check_slave.patch
new file mode 100644
index 0000000..09098f6
--- /dev/null
+++ b/pkgs/monitoringPlugins/mysql_check_slave.patch
@@ -0,0 +1,591 @@
+commit f1623c0309b35b35a3ff8cab447e9ab06b3497f8
+Author: Igor Pashev <pashev.igor@gmail.com>
+Date: Sun Jan 3 10:59:51 2016 +0300
+
+ Added check_mysql_slave
+
+ Supports MariaDB multi-source replication
+
+diff --git a/configure.ac b/configure.ac
+index 0a554af..f1a7aac 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -357,7 +357,7 @@ if test $with_mysql = "no" ; then
+ AC_MSG_WARN([Skipping mysql plugin])
+ AC_MSG_WARN([install mysql client libs to compile this plugin (see REQUIREMENTS).])
+ else
+- EXTRAS="$EXTRAS check_mysql\$(EXEEXT) check_mysql_query\$(EXEEXT)"
++ EXTRAS="$EXTRAS check_mysql\$(EXEEXT) check_mysql_query\$(EXEEXT) check_mysql_slave\$(EXEEXT)"
+ MYSQLINCLUDE="$np_mysql_include"
+ MYSQLLIBS="$np_mysql_libs"
+ MYSQLCFLAGS="$np_mysql_cflags"
+diff --git a/plugins/Makefile.am b/plugins/Makefile.am
+index 0ddf9bd..fdcb154 100644
+--- a/plugins/Makefile.am
++++ b/plugins/Makefile.am
+@@ -38,7 +38,7 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \
+ EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \
+ check_swap check_fping check_ldap check_game check_dig \
+ check_nagios check_by_ssh check_dns check_nt check_ide_smart \
+- check_procs check_mysql_query check_apt check_dbi
++ check_procs check_mysql_query check_apt check_dbi check_mysql_slave
+
+ EXTRA_DIST = t tests
+
+@@ -85,6 +85,9 @@ check_mrtgtraf_LDADD = $(BASEOBJS)
+ check_mysql_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
+ check_mysql_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
+ check_mysql_LDADD = $(NETLIBS) $(MYSQLLIBS)
++check_mysql_slave_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
++check_mysql_slave_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
++check_mysql_slave_LDADD = $(NETLIBS) $(MYSQLLIBS)
+ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
+ check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
+ check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS)
+diff --git a/plugins/check_mysql_slave.c b/plugins/check_mysql_slave.c
+new file mode 100644
+index 0000000..bc402e0
+--- /dev/null
++++ b/plugins/check_mysql_slave.c
+@@ -0,0 +1,541 @@
++/*****************************************************************************
++*
++* Monitoring check_mysql plugin
++*
++* License: GPL
++* Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)
++* Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net)
++* Copyright (c) 1999-2011 Monitoring Plugins Development Team
++* Copyright (c) 2016 Zalora South East Asia Pte. Ltd
++*
++* Description:
++*
++* This file contains the check_mysql_slave plugin
++*
++* This program tests MySQL/MariaDB slaves
++*
++*
++* This program is free software: you can redistribute it and/or modify
++* it under the terms of the GNU General Public License as published by
++* the Free Software Foundation, either version 3 of the License, or
++* (at your option) any later version.
++*
++* This program is distributed in the hope that it will be useful,
++* but WITHOUT ANY WARRANTY; without even the implied warranty of
++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++* GNU General Public License for more details.
++*
++* You should have received a copy of the GNU General Public License
++* along with this program. If not, see <http://www.gnu.org/licenses/>.
++*
++*
++*****************************************************************************/
++
++const char *progname = "check_mysql_slave";
++const char *copyright = "1999-2016";
++const char *email = "devel@monitoring-plugins.org";
++
++#define SLAVERESULTSIZE 256
++
++#include "common.h"
++#include "utils.h"
++#include "utils_base.h"
++#include "netutils.h"
++
++#include <mysql.h>
++#include <mysqld_error.h>
++#include <errmsg.h>
++
++char *db_user = NULL;
++char *db_host = NULL;
++char *db_socket = NULL;
++char *db_pass = NULL;
++char *ca_cert = NULL;
++char *ca_dir = NULL;
++char *cert = NULL;
++char *key = NULL;
++char *ciphers = NULL;
++bool ssl = false;
++char *opt_file = NULL;
++char *opt_group = NULL;
++unsigned int db_port = MYSQL_PORT;
++int warn_sec = 0, crit_sec = 0;
++char *connection_name = NULL;
++char *query;
++
++static double warning_time = 0;
++static double critical_time = 0;
++
++thresholds *my_threshold = NULL;
++
++int process_arguments (int, char **);
++int validate_arguments (void);
++void print_help (void);
++void print_usage (void);
++
++int
++main (int argc, char **argv)
++{
++
++ MYSQL mysql;
++ MYSQL_RES *res;
++ MYSQL_ROW row;
++ char *perf;
++ perf = strdup ("");
++
++ char *error = NULL;
++ char slaveresult[SLAVERESULTSIZE];
++
++ setlocale (LC_ALL, "");
++ bindtextdomain (PACKAGE, LOCALEDIR);
++ textdomain (PACKAGE);
++
++ /* Parse extra opts if any */
++ argv = np_extra_opts (&argc, argv, progname);
++
++ if (process_arguments (argc, argv) == ERROR)
++ usage4 (_("Could not parse arguments"));
++
++ /* initialize mysql */
++ mysql_init (&mysql);
++
++ if (opt_file != NULL)
++ mysql_options (&mysql, MYSQL_READ_DEFAULT_FILE, opt_file);
++
++ if (opt_group != NULL)
++ mysql_options (&mysql, MYSQL_READ_DEFAULT_GROUP, opt_group);
++ else
++ mysql_options (&mysql, MYSQL_READ_DEFAULT_GROUP, "client");
++
++ if (ssl)
++ mysql_ssl_set (&mysql, key, cert, ca_cert, ca_dir, ciphers);
++
++ if (!mysql_real_connect
++ (&mysql, db_host, db_user, db_pass, "", db_port, db_socket, 0))
++ {
++ if (mysql_errno (&mysql) == CR_UNKNOWN_HOST)
++ die (STATE_WARNING, "%s\n", mysql_error (&mysql));
++ else if (mysql_errno (&mysql) == CR_VERSION_ERROR)
++ die (STATE_WARNING, "%s\n", mysql_error (&mysql));
++ else if (mysql_errno (&mysql) == CR_OUT_OF_MEMORY)
++ die (STATE_WARNING, "%s\n", mysql_error (&mysql));
++ else if (mysql_errno (&mysql) == CR_IPSOCK_ERROR)
++ die (STATE_WARNING, "%s\n", mysql_error (&mysql));
++ else if (mysql_errno (&mysql) == CR_SOCKET_CREATE_ERROR)
++ die (STATE_WARNING, "%s\n", mysql_error (&mysql));
++ else
++ die (STATE_CRITICAL, "%s\n", mysql_error (&mysql));
++ }
++
++ if (connection_name != NULL && strcmp (connection_name, "") != 0)
++ {
++ xasprintf (&query, "show slave '%s' status", connection_name);
++ }
++ else
++ {
++ xasprintf (&query, "show slave status");
++ }
++
++ if (mysql_query (&mysql, query) != 0)
++ {
++ error = strdup (mysql_error (&mysql));
++ mysql_close (&mysql);
++ die (STATE_CRITICAL, _("slave query error: %s\n"), error);
++ }
++
++ if ((res = mysql_store_result (&mysql)) == NULL)
++ {
++ error = strdup (mysql_error (&mysql));
++ mysql_close (&mysql);
++ die (STATE_CRITICAL, _("slave store_result error: %s\n"), error);
++ }
++
++ /* Check there is some data */
++ if (mysql_num_rows (res) == 0)
++ {
++ mysql_close (&mysql);
++ die (STATE_WARNING, "%s\n", _("No slaves defined"));
++ }
++
++ /* fetch the first row */
++ if ((row = mysql_fetch_row (res)) == NULL)
++ {
++ error = strdup (mysql_error (&mysql));
++ mysql_free_result (res);
++ mysql_close (&mysql);
++ die (STATE_CRITICAL, _("slave fetch row error: %s\n"), error);
++ }
++
++ const char *last_io_error = NULL;
++ const char *last_sql_error = NULL;
++ const char *seconds_behind_master = NULL;
++ const char *slave_io = NULL;
++ const char *slave_sql = NULL;
++ MYSQL_FIELD *fields;
++
++ int i, num_fields;
++ num_fields = mysql_num_fields (res);
++ fields = mysql_fetch_fields (res);
++ for (i = 0; i < num_fields; i++)
++ {
++ if (strcmp (fields[i].name, "Last_IO_Error") == 0 && row[i]
++ && row[i][0])
++ {
++ last_io_error = row[i];
++ continue;
++ }
++ if (strcmp (fields[i].name, "Last_SQL_Error") == 0 && row[i]
++ && row[i][0])
++ {
++ last_sql_error = row[i];
++ continue;
++ }
++ if (strcmp (fields[i].name, "Slave_IO_Running") == 0)
++ {
++ slave_io = row[i];
++ continue;
++ }
++ if (strcmp (fields[i].name, "Slave_SQL_Running") == 0)
++ {
++ slave_sql = row[i];
++ continue;
++ }
++ if (strcmp (fields[i].name, "Seconds_Behind_Master") == 0)
++ {
++ seconds_behind_master = row[i];
++ continue;
++ }
++ }
++
++ /* Check if slave status is available */
++ if ((slave_io == NULL) || (slave_sql == NULL))
++ {
++ mysql_free_result (res);
++ mysql_close (&mysql);
++ die (STATE_CRITICAL, "Slave status unavailable\n");
++ }
++
++ const char *last_error;
++ if (last_sql_error)
++ last_error = last_sql_error;
++ else if (last_io_error)
++ last_error = last_io_error;
++ else
++ last_error = NULL;
++
++ if ((seconds_behind_master == NULL)
++ || (strcmp (seconds_behind_master, "NULL") == 0))
++ seconds_behind_master = "N/A";
++
++ /* Save slave status in slaveresult */
++ snprintf (slaveresult, SLAVERESULTSIZE,
++ "Slave IO: %s, Slave SQL: %s, %s: %s",
++ slave_io, slave_sql,
++ (last_error ? "Last Error" : "Seconds Behind Master"),
++ (last_error ? last_error : seconds_behind_master));
++
++ if (strcmp (slave_io, "Yes") != 0 || strcmp (slave_sql, "Yes") != 0)
++ {
++ mysql_free_result (res);
++ mysql_close (&mysql);
++ if (last_io_error || last_sql_error)
++ {
++ die (STATE_CRITICAL, "%s\n", slaveresult);
++ }
++ else
++ {
++ die (STATE_WARNING, "%s\n", slaveresult);
++ };
++ }
++
++ /* Check Seconds Behind against threshold */
++ if (strcmp (seconds_behind_master, "N/A") != 0)
++ {
++ double value = atof (seconds_behind_master);
++ int status;
++
++ status = get_status (value, my_threshold);
++
++ xasprintf (&perf, "%s %s", perf,
++ fperfdata ("lag", value, "s", TRUE,
++ (double) warning_time, TRUE,
++ (double) critical_time, FALSE, 0, FALSE, 0));
++
++ if (status == STATE_WARNING)
++ {
++ printf ("LAG %s: %s|%s\n", _("WARNING"), slaveresult, perf);
++ exit (STATE_WARNING);
++ }
++ else if (status == STATE_CRITICAL)
++ {
++ printf ("LAG %s: %s|%s\n", _("CRITICAL"), slaveresult, perf);
++ exit (STATE_CRITICAL);
++ }
++ }
++
++ mysql_free_result (res);
++ mysql_close (&mysql);
++
++ printf ("%s|%s\n", slaveresult, perf);
++ return STATE_OK;
++}
++
++
++int
++process_arguments (int argc, char **argv)
++{
++ int c;
++ char *warning = NULL;
++ char *critical = NULL;
++
++ int option = 0;
++ static struct option longopts[] = {
++ {"ca-cert", optional_argument, 0, 'C'},
++ {"ca-dir", required_argument, 0, 'D'},
++ {"cert", required_argument, 0, 'a'},
++ {"ciphers", required_argument, 0, 'L'},
++ {"connection-name", required_argument, 0, 'N'},
++ {"critical", required_argument, 0, 'c'},
++ {"file", required_argument, 0, 'f'},
++ {"group", required_argument, 0, 'g'},
++ {"help", no_argument, 0, 'h'},
++ {"hostname", required_argument, 0, 'H'},
++ {"key", required_argument, 0, 'k'},
++ {"password", required_argument, 0, 'p'},
++ {"port", required_argument, 0, 'P'},
++ {"socket", required_argument, 0, 's'},
++ {"ssl", no_argument, 0, 'l'},
++ {"username", required_argument, 0, 'u'},
++ {"version", no_argument, 0, 'V'},
++ {"warning", required_argument, 0, 'w'},
++ {0, 0, 0, 0}
++ };
++
++ if (argc < 1)
++ return ERROR;
++
++ while (1)
++ {
++ c =
++ getopt_long (argc, argv, "hlVnSP:p:u:H:s:c:w:a:k:C:D:L:f:g:N:",
++ longopts, &option);
++
++ if (c == -1 || c == EOF)
++ break;
++
++ switch (c)
++ {
++ case 'H': /* hostname */
++ if (is_host (optarg))
++ {
++ db_host = optarg;
++ }
++ else
++ {
++ usage2 (_("Invalid hostname/address"), optarg);
++ }
++ break;
++ case 's': /* socket */
++ db_socket = optarg;
++ break;
++ case 'N':
++ connection_name = optarg;
++ break;
++ case 'l':
++ ssl = true;
++ break;
++ case 'C':
++ ca_cert = optarg;
++ break;
++ case 'a':
++ cert = optarg;
++ break;
++ case 'k':
++ key = optarg;
++ break;
++ case 'D':
++ ca_dir = optarg;
++ break;
++ case 'L':
++ ciphers = optarg;
++ break;
++ case 'u': /* username */
++ db_user = optarg;
++ break;
++ case 'p': /* authentication information: password */
++ db_pass = strdup (optarg);
++
++ /* Delete the password from process list */
++ while (*optarg != '\0')
++ {
++ *optarg = 'X';
++ optarg++;
++ }
++ break;
++ case 'f': /* client options file */
++ opt_file = optarg;
++ break;
++ case 'g': /* client options group */
++ opt_group = optarg;
++ break;
++ case 'P': /* critical time threshold */
++ db_port = atoi (optarg);
++ break;
++ case 'w':
++ warning = optarg;
++ warning_time = strtod (warning, NULL);
++ break;
++ case 'c':
++ critical = optarg;
++ critical_time = strtod (critical, NULL);
++ break;
++ case 'V': /* version */
++ print_revision (progname, NP_VERSION);
++ exit (STATE_OK);
++ case 'h': /* help */
++ print_help ();
++ exit (STATE_OK);
++ case '?': /* help */
++ usage5 ();
++ }
++ }
++
++ c = optind;
++
++ set_thresholds (&my_threshold, warning, critical);
++
++ while (argc > c)
++ {
++
++ if (db_host == NULL)
++ if (is_host (argv[c]))
++ {
++ db_host = argv[c++];
++ }
++ else
++ {
++ usage2 (_("Invalid hostname/address"), argv[c]);
++ }
++ else if (db_user == NULL)
++ db_user = argv[c++];
++ else if (db_pass == NULL)
++ db_pass = argv[c++];
++ else if (is_intnonneg (argv[c]))
++ db_port = atoi (argv[c++]);
++ else
++ break;
++ }
++
++ return validate_arguments ();
++}
++
++
++int
++validate_arguments (void)
++{
++ if (db_user == NULL)
++ db_user = strdup ("");
++
++ if (db_host == NULL)
++ db_host = strdup ("");
++
++ return OK;
++}
++
++
++void
++print_help (void)
++{
++ char *myport;
++ xasprintf (&myport, "%d", MYSQL_PORT);
++
++ print_revision (progname, NP_VERSION);
++
++ printf (_(COPYRIGHT), copyright, email);
++
++ printf ("%s\n", _("This program tests MySQL/MariaDB slaves"));
++
++ printf ("\n\n");
++
++ print_usage ();
++
++ printf (UT_HELP_VRSN);
++ printf (UT_EXTRA_OPTS);
++
++ printf (UT_HOST_PORT, 'P', myport);
++
++ printf (" %s\n", "-s, --socket=STRING");
++ printf (" %s\n",
++ _("Use the specified socket (has no effect if -H is used)"));
++
++ printf (" %s\n", "-f, --file=STRING");
++ printf (" %s\n", _("Read from the specified client options file"));
++ printf (" %s\n", "-g, --group=STRING");
++ printf (" %s\n", _("Use a client options group"));
++ printf (" %s\n", "-u, --username=STRING");
++ printf (" %s\n", _("Connect using the indicated username"));
++ printf (" %s\n", "-p, --password=STRING");
++ printf (" %s\n",
++ _("Use the indicated password to authenticate the connection"));
++ printf (" ==> %s <==\n",
++ _("IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!"));
++ printf (" %s\n",
++ _
++ ("Your clear-text password could be visible as a process table entry"));
++ printf (" %s\n", "-N, --connection-name");
++ printf (" %s\n", _("Connection name if using multi-source replication"));
++
++ printf (" %s\n", "-w, --warning");
++ printf (" %s\n",
++ _
++ ("Exit with WARNING status if slave server is more than INTEGER seconds"));
++ printf (" %s\n", _("behind master"));
++ printf (" %s\n", "-c, --critical");
++ printf (" %s\n",
++ _
++ ("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
++ printf (" %s\n", _("behind master"));
++ printf (" %s\n", "-l, --ssl");
++ printf (" %s\n", _("Use ssl encryptation"));
++ printf (" %s\n", "-C, --ca-cert=STRING");
++ printf (" %s\n", _("Path to CA signing the cert"));
++ printf (" %s\n", "-a, --cert=STRING");
++ printf (" %s\n", _("Path to SSL certificate"));
++ printf (" %s\n", "-k, --key=STRING");
++ printf (" %s\n", _("Path to private SSL key"));
++ printf (" %s\n", "-D, --ca-dir=STRING");
++ printf (" %s\n", _("Path to CA directory"));
++ printf (" %s\n", "-L, --ciphers=STRING");
++ printf (" %s\n", _("List of valid SSL ciphers"));
++
++
++ printf ("\n");
++ printf (" %s\n",
++ _
++ ("There are no required arguments. By default, the local database is checked"));
++ printf (" %s\n",
++ _
++ ("using the default unix socket. You can force TCP on localhost by using an"));
++ printf (" %s\n",
++ _("IP address or FQDN ('localhost' will use the socket as well)."));
++
++ printf ("\n");
++ printf ("%s\n", _("Notes:"));
++ printf (" %s\n",
++ _
++ ("You must specify -p with an empty string to force an empty password,"));
++ printf (" %s\n", _("overriding any my.cnf settings."));
++
++ printf (UT_SUPPORT);
++}
++
++
++void
++print_usage (void)
++{
++ printf ("%s\n", _("Usage:"));
++ printf (" %s [-H host] [-P port] [-s socket]\n", progname);
++ printf (" [-u user] [-p password] [-S] [-l] [-a cert] [-k key]\n");
++ printf
++ (" [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]\n");
++}
diff --git a/pkgs/mydumper.nix b/pkgs/mydumper.nix
new file mode 100644
index 0000000..463cb22
--- /dev/null
+++ b/pkgs/mydumper.nix
@@ -0,0 +1,17 @@
+{ stdenv, fetchbzr
+, cmake, glib, mysql, openssl
+, pcre, pkgconfig, zlib
+}:
+
+stdenv.mkDerivation rec {
+ version = "0.9.2";
+ name = "mydumper-${version}";
+
+ src = fetchbzr {
+ url = "lp:mydumper";
+ rev = 188;
+ sha256 = "0kbhgbh6mqkxwbs5yd20s1k3h3f3jqp2i041dhmlrnzl6irgqbg5";
+ };
+
+ buildInputs = [ cmake glib mysql.lib openssl pcre pkgconfig zlib ];
+}
diff --git a/pkgs/mywatch/cabal2nix.nix b/pkgs/mywatch/cabal2nix.nix
new file mode 100644
index 0000000..3dfbbcc
--- /dev/null
+++ b/pkgs/mywatch/cabal2nix.nix
@@ -0,0 +1,25 @@
+{ mkDerivation, aeson, base, bytestring, ConfigFile
+, data-default-class, docopt, fast-logger, fetchgit, http-types
+, interpolatedstring-perl6, MissingH, mtl, mysql, mysql-simple
+, network, resource-pool, scotty, stdenv, text, unix
+, unordered-containers, wai, wai-extra, wai-middleware-static, warp
+}:
+mkDerivation {
+ pname = "mywatch";
+ version = "0.2.0";
+ src = fetchgit {
+ url = "https://github.com/zalora/mywatch.git";
+ sha256 = "f1ae1b776cdbc11da24819381d5d1fe057be3c5ef69314024c9e0fc043085cd2";
+ rev = "afd12c0190f64527a320a99cc6df97f6cfca57d7";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson base bytestring ConfigFile data-default-class docopt
+ fast-logger http-types interpolatedstring-perl6 MissingH mtl mysql
+ mysql-simple network resource-pool scotty text unix
+ unordered-containers wai wai-extra wai-middleware-static warp
+ ];
+ description = "Web application to view and kill MySQL queries";
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/pkgs/mywatch/default.nix b/pkgs/mywatch/default.nix
new file mode 100644
index 0000000..4afc645
--- /dev/null
+++ b/pkgs/mywatch/default.nix
@@ -0,0 +1,4 @@
+{ stdenv, haskellPackages }:
+
+haskellPackages.callPackage ./cabal2nix.nix {}
+
diff --git a/pkgs/nagios-plugins-rabbitmq/default.nix b/pkgs/nagios-plugins-rabbitmq/default.nix
new file mode 100644
index 0000000..6ecb2e4
--- /dev/null
+++ b/pkgs/nagios-plugins-rabbitmq/default.nix
@@ -0,0 +1,36 @@
+{ fetchurl
+, makeWrapper
+, perl
+, perlPackages
+, stdenv
+}:
+
+stdenv.mkDerivation rec {
+ version = "2.0.3";
+ name = "nagios-plugins-rabbitmq-${version}";
+
+ src = fetchurl {
+ url = "https://github.com/nagios-plugins-rabbitmq/nagios-plugins-rabbitmq/archive/${version}.tar.gz";
+ sha256 = "1fw40hzvb8sk5ss0hvrgv338lr019d2q9cc9ayy4hvk1c5bh3ljb";
+ };
+
+ buildInputs = [
+ makeWrapper
+ perl
+ perlPackages.JSON
+ perlPackages.LWPUserAgent
+ perlPackages.ModuleBuild
+ perlPackages.MonitoringPlugin
+ perlPackages.URI
+ ];
+
+ buildPhase = "perl Build.PL --prefix=$out; ./Build build";
+ installPhase = ''
+ ./Build install
+
+ for n in "$out/bin/"*; do
+ wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB"
+ done
+ '';
+}
+
diff --git a/pkgs/probes.nix b/pkgs/probes.nix
new file mode 100644
index 0000000..650c996
--- /dev/null
+++ b/pkgs/probes.nix
@@ -0,0 +1,28 @@
+{ stdenv, pkgs, lib }:
+
+let
+ plugins = [
+ "check_disk"
+ "check_file_age"
+ "check_http"
+ "check_load"
+ "check_log"
+ "check_mysql"
+ "check_mysql_query"
+ "check_procs"
+ "check_swap"
+ "check_users"
+ ];
+
+in stdenv.mkDerivation {
+ name = "local-monitoring-plugins";
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ ${lib.concatMapStringsSep "\n" (p: ''
+ cp -a ${pkgs.monitoringPlugins}/libexec/${p} $out/bin/${p}
+ '') plugins}
+ cp -a '${pkgs.check_mdstat}/bin/'* $out/bin/
+ cp -a '${pkgs.check_systemd}/bin/'* $out/bin/
+ '';
+}
diff --git a/pkgs/rdsdump/default.nix b/pkgs/rdsdump/default.nix
new file mode 100644
index 0000000..0efe033
--- /dev/null
+++ b/pkgs/rdsdump/default.nix
@@ -0,0 +1,14 @@
+{ stdenv, bash, ... }:
+
+stdenv.mkDerivation {
+ name = "rdsdump";
+ buildInputs = [ bash ];
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ cp -a ${./rdsdump.bash} $out/bin/rdsdump
+ chmod +x $out/bin/rdsdump
+ patchShebangs $out/bin/rdsdump
+ '';
+}
+
diff --git a/pkgs/rdsdump/rdsdump.bash b/pkgs/rdsdump/rdsdump.bash
new file mode 100644
index 0000000..6b8cbf1
--- /dev/null
+++ b/pkgs/rdsdump/rdsdump.bash
@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+mysql_args=
+mysqldump_args=
+master_data=0
+while [ $# -gt 0 ]; do
+ case $1 in
+ --host=*|--password=*|--user=*|\
+ --defaults-file=*|--defaults-extra-file=*|\
+ --ssl=*|--ssl-ca=*|--ssl-key=*|--ssl-cert=*|\
+ -h?*|-u?*|-p?*)
+ mysql_args="$mysql_args $1"
+ mysqldump_args="$mysqldump_args $1"
+ shift 1;;
+ --host|--user|\
+ --defaults-file|--defaults-extra-file|\
+ --ssl-ca|--ssl-key|--ssl-cert|\
+ -h|-u)
+ mysql_args="$mysql_args $1 $2"
+ mysqldump_args="$mysqldump_args $1 $2"
+ shift 2;;
+ --master-data=*)
+ master_data=$(echo "$1" | cut -d= -f2)
+ shift;;
+ --master-data)
+ master_data=$2
+ shift 2;;
+ *)
+ mysqldump_args="$mysqldump_args $1"
+ shift;;
+ esac
+done
+
+replica () {
+ mysql $mysql_args "$@"
+}
+
+start_replication () {
+ replica -N -e "CALL mysql.rds_start_replication;" >&2
+}
+
+stop_replication () {
+ replica -N -e "CALL mysql.rds_stop_replication;" >&2
+}
+
+trap 'start_replication' EXIT
+stop_replication
+
+if [ "$master_data" -gt 0 ]; then
+if [ "$master_data" -eq 2 ]; then
+ printf '-- '
+fi
+replica -e 'SHOW SLAVE STATUS\G' | awk -f <(cat - <<- 'AWK'
+ /\<Exec_Master_Log_Pos\>/ { log_pos = $2 };
+ /\<Relay_Master_Log_File\>/ { log_file = $2 };
+ END {
+ printf "CHANGE MASTER TO MASTER_LOG_FILE='%s', MASTER_LOG_POS=%d;\n", log_file, log_pos
+ }
+AWK
+)
+fi
+
+mysqldump $mysqldump_args &
+sleep 30
+
+start_replication
+trap - EXIT
+
+wait
diff --git a/pkgs/sproxy-web/cabal2nix.nix b/pkgs/sproxy-web/cabal2nix.nix
new file mode 100644
index 0000000..0f475f2
--- /dev/null
+++ b/pkgs/sproxy-web/cabal2nix.nix
@@ -0,0 +1,26 @@
+{ mkDerivation, aeson, base, blaze-html, blaze-markup, bytestring
+, data-default-class, directory, docopt, fast-logger, fetchgit
+, filepath, http-types, interpolatedstring-perl6, mtl, network
+, postgresql-simple, resource-pool, scotty, stdenv, text, unix, wai
+, wai-extra, wai-middleware-static, warp
+}:
+mkDerivation {
+ pname = "sproxy-web";
+ version = "0.4.1";
+ src = fetchgit {
+ url = "https://github.com/zalora/sproxy-web.git";
+ sha256 = "529597548a3fbd0999acdbd3a382ed4f152043db01f275b08d4c4883b8fe5f5f";
+ rev = "5d7ee61deb55359ae8ce6013dd7fe81bcdc0f9a9";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson base blaze-html blaze-markup bytestring data-default-class
+ directory docopt fast-logger filepath http-types
+ interpolatedstring-perl6 mtl network postgresql-simple
+ resource-pool scotty text unix wai wai-extra wai-middleware-static
+ warp
+ ];
+ description = "Web interface to sproxy database";
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/pkgs/sproxy-web/default.nix b/pkgs/sproxy-web/default.nix
new file mode 100644
index 0000000..4afc645
--- /dev/null
+++ b/pkgs/sproxy-web/default.nix
@@ -0,0 +1,4 @@
+{ stdenv, haskellPackages }:
+
+haskellPackages.callPackage ./cabal2nix.nix {}
+
diff --git a/pkgs/sproxy/cabal2nix.nix b/pkgs/sproxy/cabal2nix.nix
new file mode 100644
index 0000000..1a7b3f6
--- /dev/null
+++ b/pkgs/sproxy/cabal2nix.nix
@@ -0,0 +1,25 @@
+{ mkDerivation, aeson, attoparsec, base, base64-bytestring
+, bytestring, containers, data-default, docopt, entropy, fetchgit
+, http-conduit, http-kit, http-types, interpolatedstring-perl6
+, network, postgresql-simple, resource-pool, SHA, split, stdenv
+, text, time, tls, unix, utf8-string, x509, yaml
+}:
+mkDerivation {
+ pname = "sproxy";
+ version = "0.9.8";
+ src = fetchgit {
+ url = "https://github.com/zalora/sproxy.git";
+ sha256 = "40d86e00cfbdc96033ca53e773a7467cd3e2206856d27e4a24076d9449c46ca7";
+ rev = "507a0984d4ce01ef0d83e7cda37cba5c80a33b75";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson attoparsec base base64-bytestring bytestring containers
+ data-default docopt entropy http-conduit http-kit http-types
+ interpolatedstring-perl6 network postgresql-simple resource-pool
+ SHA split text time tls unix utf8-string x509 yaml
+ ];
+ description = "HTTP proxy for authenticating users via OAuth2";
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/pkgs/sproxy/default.nix b/pkgs/sproxy/default.nix
new file mode 100644
index 0000000..4afc645
--- /dev/null
+++ b/pkgs/sproxy/default.nix
@@ -0,0 +1,4 @@
+{ stdenv, haskellPackages }:
+
+haskellPackages.callPackage ./cabal2nix.nix {}
+
diff --git a/pkgs/writeBashScript.nix b/pkgs/writeBashScript.nix
new file mode 100644
index 0000000..15e81c5
--- /dev/null
+++ b/pkgs/writeBashScript.nix
@@ -0,0 +1,13 @@
+{ bash, writeScript, haskellPackages, runCommand }:
+
+name: text:
+let
+ f = writeScript name ''
+ #!${bash}/bin/bash
+ ${text}
+ '';
+in
+runCommand name { } ''
+ ${haskellPackages.ShellCheck}/bin/shellcheck ${f}
+ cp -a ${f} $out
+''
diff --git a/pkgs/writeBashScriptBin.nix b/pkgs/writeBashScriptBin.nix
new file mode 100644
index 0000000..33b9bf6
--- /dev/null
+++ b/pkgs/writeBashScriptBin.nix
@@ -0,0 +1,7 @@
+{ writeBashScript, runCommand }:
+
+name: text:
+runCommand name { } ''
+ mkdir -p $out/bin
+ cp -a ${writeBashScript name text} $out/bin/${name}
+''
diff --git a/pkgs/writePHPFile.nix b/pkgs/writePHPFile.nix
new file mode 100644
index 0000000..e031efe
--- /dev/null
+++ b/pkgs/writePHPFile.nix
@@ -0,0 +1,10 @@
+{ php, writeText, runCommand }:
+
+name: text:
+let
+ f = writeText name text;
+in
+runCommand name { } ''
+ ${php}/bin/php -l '${f}'
+ cp -a '${f}' $out
+''
diff --git a/pkgs/writeXML.nix b/pkgs/writeXML.nix
new file mode 100644
index 0000000..1cfc075
--- /dev/null
+++ b/pkgs/writeXML.nix
@@ -0,0 +1,11 @@
+{ writeText, runCommand, libxml2 }:
+
+name: text:
+ let
+ f = writeText "${name}.raw" text;
+ in
+ runCommand name { } ''
+ ${libxml2}/bin/xmllint \
+ --format --noblanks --nocdata ${f} \
+ > $out
+ ''