diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2016-09-23 12:41:01 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2016-09-23 12:41:49 +0300 |
commit | af337a12e6f084556400fa93c71304ad63f1efa6 (patch) | |
tree | ad5125cbfb2e812f4a507b182b875526b2a2d0e9 /pkgs | |
download | nixsap-af337a12e6f084556400fa93c71304ad63f1efa6.tar.gz |
Initial commit
Diffstat (limited to 'pkgs')
45 files changed, 2131 insertions, 0 deletions
diff --git a/pkgs/check_aws_ec2_elb/check_aws_ec2_elb b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb new file mode 100755 index 0000000..7b53cc9 --- /dev/null +++ b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +set -euo pipefail + +outOfServicePercentWarn=20 +outOfServicePercentCrit=33 +endpoint='' + +while [ $# -gt 0 ]; do + case "$1" in + -f) export BOTO_CONFIG="$2"; shift 2;; + -h) endpoint="$2"; shift 2;; + -w) outOfServicePercentWarn="$2"; shift 2;; + -c) outOfServicePercentCrit="$2"; shift 2;; + *) echo "$0: unsupported argument: $1" >&2; exit 1;; + esac +done + +cmd=( aws elb describe-instance-health ) + +c=0 +while [[ "$endpoint" != *.*.elb.amazonaws.com* ]]; do + endpoint=$(dig "$endpoint" CNAME +short) + (( ++c )) + if (( c > 10 )); then + echo "failed to resolve '$1'" >&2 + exit 255 + fi +done + +cmd+=( --region $(echo "$endpoint" | cut -d. -f2) ) +elbName=$(echo "$endpoint" | cut -d. -f1 | sed -r 's/^(internal-)?(.*)-[0-9]+$/\2/') +cmd+=( --load-balancer-name "$elbName" ) + +json=$("${cmd[@]}") + +totalCount=$(echo "$json" | jq -c '.InstanceStates | length') +outOfServiceInfo=$(echo "$json" | jq -c '.InstanceStates | map(select(.State == "OutOfService") | .InstanceId)') +outOfServiceCount=$(echo "$outOfServiceInfo" | jq -r 'length') + +outOfServiceCountWarn=${outOfServiceCountWarn:-$(( totalCount * outOfServicePercentWarn / 100 ))} +outOfServiceCountCrit=${outOfServiceCountCrit:-$(( totalCount * outOfServicePercentCrit / 100 ))} + +stat="total=$totalCount out_of_service=$outOfServiceCount;$outOfServiceCountWarn;$outOfServiceCountCrit" +outOfServiceInstances=$(echo "$outOfServiceInfo" | jq -r 'join(", ")') + +if [ "$outOfServiceCount" -eq 0 ]; then + echo "OK: $elbName - $totalCount instances|$stat" + exit 0 +elif [ "$outOfServiceCount" -ge "$outOfServiceCountCrit" ]; then + echo "CRITICAL: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat" + exit 2 +elif [ "$outOfServiceCount" -ge "$outOfServiceCountWarn" ]; then + echo "WARNING: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat" + exit 1 +else + echo "OK: $elbName - $outOfServiceCount/$totalCount out of service: $outOfServiceInstances|$stat" + exit 0 +fi + diff --git a/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf new file mode 100644 index 0000000..9718e3c --- /dev/null +++ b/pkgs/check_aws_ec2_elb/check_aws_ec2_elb.conf @@ -0,0 +1,14 @@ +object CheckCommand "aws-ec2-elb" { + import "plugin-check-command" + + command = [ "check_aws_ec2_elb" ] + + arguments = { + "-h" = "$aws_ec2_elb_address$" + "-f" = "$aws_ec2_elb_boto_config$" + "-w" = "$aws_ec2_elb_warn$" + "-c" = "$aws_ec2_elb_crit$" + } + vars.aws_ec2_elb_address = "$address$" +} + diff --git a/pkgs/check_aws_ec2_elb/default.nix b/pkgs/check_aws_ec2_elb/default.nix new file mode 100644 index 0000000..5162c9d --- /dev/null +++ b/pkgs/check_aws_ec2_elb/default.nix @@ -0,0 +1,22 @@ +{ stdenv, pkgs, makeWrapper }: + +stdenv.mkDerivation { + name = "check_aws_ec2_elb"; + outputs = [ "out" "conf" ]; + unpackPhase = ":"; + nativeBuildInputs = [ makeWrapper ]; + installPhase = '' + mkdir -p $out/bin + + cp ${./check_aws_ec2_elb} $out/bin/check_aws_ec2_elb + cp ${./check_aws_ec2_elb.conf} $conf + + chmod +x "$out/bin/"* + + substituteInPlace "$conf" \ + --replace check_aws_ec2_elb "$out/bin/check_aws_ec2_elb" + + wrapProgram "$out/bin/check_aws_ec2_elb" \ + --prefix PATH : "${pkgs.awscli}/bin:${pkgs.gnused}/bin:${pkgs.jq}/bin:${pkgs.bind}/bin" + ''; +} diff --git a/pkgs/check_aws_rds/check_aws_rds b/pkgs/check_aws_rds/check_aws_rds new file mode 100644 index 0000000..d4fd965 --- /dev/null +++ b/pkgs/check_aws_rds/check_aws_rds @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +set -euo pipefail + +cmd=( pmp-check-aws-rds ) + +getId () { + local endpoint="$1" + local c=0 + while [[ "$endpoint" != *.*.*.rds.amazonaws.com* ]]; do + endpoint=$(dig "$endpoint" CNAME +short) + (( ++c )) + if (( c > 10 )); then + echo "failed to resolve '$1'" >&2 + exit 255 + fi + done + + cmd+=( -r $(echo "$endpoint" | cut -d. -f3) ) + cmd+=( -i $(echo "$endpoint" | cut -d. -f1) ) +} + +while [ $# -gt 0 ]; do + case "$1" in + -m|-w|-c) cmd+=( $1 $2 ); shift 2;; + -f) export BOTO_CONFIG="$2"; shift 2;; + -h) getId "$2"; shift 2;; + *) echo "$0: unsupported argument: $1" >&2; exit 1;; + esac +done +exec "${cmd[@]}" + diff --git a/pkgs/check_aws_rds/check_aws_rds.conf b/pkgs/check_aws_rds/check_aws_rds.conf new file mode 100644 index 0000000..2f6a84e --- /dev/null +++ b/pkgs/check_aws_rds/check_aws_rds.conf @@ -0,0 +1,41 @@ +template CheckCommand "aws-rds-common" { + import "plugin-check-command" + + command = [ "check_aws_rds" ] + + arguments = { + "-h" = "$aws_rds_address$" + "-f" = "$aws_rds_boto_config$" + "-m" = "$aws_rds_metric$" + "-w" = "$aws_rds_warning$" + "-c" = "$aws_rds_critical$" + } + vars.aws_rds_address = "$address$" +} + +object CheckCommand "aws-rds-status" { + import "aws-rds-common" + vars.aws_rds_metric = "status" +} + +object CheckCommand "aws-rds-load" { + import "aws-rds-common" + vars.aws_rds_metric = "load" + vars.aws_rds_critical = "99,97,95" + vars.aws_rds_warning = "95,93,90" +} + +object CheckCommand "aws-rds-memory" { + import "aws-rds-common" + vars.aws_rds_metric = "memory" + vars.aws_rds_critical = "5" + vars.aws_rds_warning = "9" +} + +object CheckCommand "aws-rds-storage" { + import "aws-rds-common" + vars.aws_rds_metric = "storage" + vars.aws_rds_critical = "5" + vars.aws_rds_warning = "15" +} + diff --git a/pkgs/check_aws_rds/default.nix b/pkgs/check_aws_rds/default.nix new file mode 100644 index 0000000..5e91b33 --- /dev/null +++ b/pkgs/check_aws_rds/default.nix @@ -0,0 +1,46 @@ +{ stdenv, pkgs, fetchurl, python27Packages }: +let + + rev = "556191f6d775f0505fb142c02f13a60ba7829ed9"; + + pmp-check-aws-rds = stdenv.mkDerivation rec { + name = "pmp-check-aws-rds"; + src = fetchurl { + url = "https://raw.githubusercontent.com/percona/percona-monitoring-plugins/${rev}/nagios/bin/pmp-check-aws-rds.py"; + sha256 = "0ghq6nl2529llxz1icf5hyg75k2hjzdkzfwgrs0d69r3f62w4q5y"; + }; + + buildInputs = with python27Packages; [ python wrapPython ]; + pythonPath = with python27Packages; [ boto ]; + phases = [ "installPhase" "fixupPhase" ]; + + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/${name} + chmod +x $out/bin/${name} + wrapPythonPrograms + ''; + + }; + +in stdenv.mkDerivation { + name = "check_aws_rds"; + outputs = [ "out" "conf" ]; + unpackPhase = ":"; + installPhase = '' + mkdir -p $out/bin + + cp ${./check_aws_rds} $out/bin/check_aws_rds + cp ${./check_aws_rds.conf} $conf + + substituteInPlace "$out/bin/"* \ + --replace pmp-check-aws-rds '${pmp-check-aws-rds}/bin/pmp-check-aws-rds' \ + --replace dig '${pkgs.bind}/bin/dig' + + substituteInPlace "$conf" \ + --replace check_aws_rds "$out/bin/check_aws_rds" + + chmod +x "$out/bin/"* + + ''; +} diff --git a/pkgs/check_mdstat/check_mdstat b/pkgs/check_mdstat/check_mdstat new file mode 100755 index 0000000..32fc168 --- /dev/null +++ b/pkgs/check_mdstat/check_mdstat @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +stat=/proc/mdstat + +if [ ! -e "$stat" ]; then + echo "WARNING: $stat does not exist" + exit 1 +fi + +if [ ! -r "$stat" ]; then + echo "WARNING: cannot read $stat" + exit 1 +fi + +count=$(grep ^md -c "$stat") + +if [ "$count" -eq 0 ]; then + echo 'WARNING: no arrays found.' + exit 1 +elif [ "$count" -eq 1 ]; then + out="Linux Software RAID: $count array" +else + out="Linux Software RAID: $count arrays" +fi + +degrated=$(grep -c '\[.*_.*\]' "$stat") +recovering=$(awk '/recovery/ {print $4}' "$stat") +resyncing=$(awk '/resync/ {print $4}' "$stat") + +if [ -n "$recovering" ]; then + out="$out, recovering: $recovering" +elif [ -n "$resyncing" ]; then + out="$out, resyncing: $resyncing" +elif [ "$degrated" -gt 0 ]; then + out="$out, degrated: $degrated" +fi + +if [ "$degrated" -gt 0 ]; then + echo "CRITICAL: $out." + exit 2 +fi + +if [ -n "$recovering$resyncing" ]; then + echo "WARNING: $out." + exit 1 +fi + +echo "OK: $out." +exit 0 + diff --git a/pkgs/check_mdstat/default.nix b/pkgs/check_mdstat/default.nix new file mode 100644 index 0000000..5e645fd --- /dev/null +++ b/pkgs/check_mdstat/default.nix @@ -0,0 +1,26 @@ +{ stdenv, gawk, gnugrep }: + +stdenv.mkDerivation { + name = "check_mdstat"; + src = ./check_mdstat; + outputs = [ "out" "conf" ]; + unpackPhase = ":"; + installPhase = '' + mkdir -p $out/bin + + cp "$src" $out/bin/check_mdstat + + substituteInPlace "$out/bin/"* \ + --replace awk '${gawk}/bin/awk' \ + --replace grep '${gnugrep}/bin/grep' + + chmod +x "$out/bin/"* + + cat <<CONF > $conf + object CheckCommand "mdstat" { + import "plugin-check-command" + command = [ "$out/bin/check_mdstat" ] + } + CONF + ''; +} diff --git a/pkgs/check_solr/cabal2nix.nix b/pkgs/check_solr/cabal2nix.nix new file mode 100644 index 0000000..ee3c6b5 --- /dev/null +++ b/pkgs/check_solr/cabal2nix.nix @@ -0,0 +1,23 @@ +{ mkDerivation, aeson, base, base64-bytestring, bytestring, docopt +, fetchgit, HTTP, http-conduit, nagios-check, raw-strings-qq +, regex-tdfa, scientific, stdenv, text, unordered-containers +}: +mkDerivation { + pname = "check-solr"; + version = "0.1.0"; + src = fetchgit { + url = "https://github.com/ip1981/check-solr.git"; + sha256 = "839199942e5cf110428dd589f1d9610ac504d7199b2b7053d5ee136206890309"; + rev = "869c945fb56f0ff187125ee352a6876002eba596"; + }; + isLibrary = true; + isExecutable = true; + libraryHaskellDepends = [ + aeson base base64-bytestring bytestring docopt HTTP http-conduit + nagios-check raw-strings-qq regex-tdfa scientific text + unordered-containers + ]; + executableHaskellDepends = [ base docopt raw-strings-qq ]; + description = "Icinga / Nagios plugin for Solr"; + license = stdenv.lib.licenses.mit; +} diff --git a/pkgs/check_solr/default.nix b/pkgs/check_solr/default.nix new file mode 100644 index 0000000..27aecce --- /dev/null +++ b/pkgs/check_solr/default.nix @@ -0,0 +1,13 @@ +{ stdenv, haskellPackages }: +let + + haskellPackage = haskellPackages.callPackage ./cabal2nix.nix {}; + +in stdenv.mkDerivation { + name = "check-solr-${haskellPackage.version}"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + cp -a ${haskellPackage}/bin/* $out/bin/ + ''; +} diff --git a/pkgs/check_systemd/check_systemd b/pkgs/check_systemd/check_systemd new file mode 100755 index 0000000..e668331 --- /dev/null +++ b/pkgs/check_systemd/check_systemd @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -euo pipefail + +readarray -t failed < <( systemctl show '*.service' \ + --state=failed --property=Names \ + | sed -r -n 's,Names=(.+)\.service,\1,p' \ + | sort + ) + +if [ ${#failed[@]} -ne 0 ]; then + printf -v list ', %s' "${failed[@]}" + printf 'WARNING: %s failed\n' "${list:2}" + exit 1 +else + echo "OK: no failed services" + exit 0 +fi + + diff --git a/pkgs/check_systemd/default.nix b/pkgs/check_systemd/default.nix new file mode 100644 index 0000000..da92a64 --- /dev/null +++ b/pkgs/check_systemd/default.nix @@ -0,0 +1,25 @@ +{ stdenv, gnused }: + +stdenv.mkDerivation { + name = "check_systemd"; + src = ./check_systemd; + outputs = [ "out" "conf" ]; + unpackPhase = ":"; + installPhase = '' + mkdir -p $out/bin + + cp "$src" $out/bin/check_systemd + + substituteInPlace "$out/bin/"* \ + --replace sed '${gnused}/bin/sed' + + chmod +x "$out/bin/"* + + cat <<CONF > $conf + object CheckCommand "systemd" { + import "plugin-check-command" + command = [ "$out/bin/check_systemd" ] + } + CONF + ''; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..d66f7ba --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,18 @@ +{ lib, ... }: + +let + all = lib.attrNames ( + lib.filterAttrs + ( n: _: n != "default.nix" && ! lib.hasPrefix "." n ) + (builtins.readDir ./.) + ); + + localPackages = super: lib.listToAttrs (map (f: + { name = lib.removeSuffix ".nix" f; + value = super.callPackage (./. + "/${f}") {}; } + ) all); + +in { + nixpkgs.config.packageOverrides = localPackages; +} + diff --git a/pkgs/gpg.nix b/pkgs/gpg.nix new file mode 100644 index 0000000..a0acd20 --- /dev/null +++ b/pkgs/gpg.nix @@ -0,0 +1,4 @@ +{ gnupg }: +gnupg.override { + x11Support = false; +} diff --git a/pkgs/icinga2/check_mysql_slave.patch b/pkgs/icinga2/check_mysql_slave.patch new file mode 100644 index 0000000..0658a8a --- /dev/null +++ b/pkgs/icinga2/check_mysql_slave.patch @@ -0,0 +1,41 @@ +Index: icinga2-2.4.1/itl/command-plugins.conf +=================================================================== +--- icinga2-2.4.1.orig/itl/command-plugins.conf ++++ icinga2-2.4.1/itl/command-plugins.conf +@@ -1775,6 +1775,36 @@ object CheckCommand "mysql" { + vars.mysql_hostname = "$check_address$" + } + ++object CheckCommand "mysql_slave" { ++ import "plugin-check-command" ++ import "ipv4-or-ipv6" ++ ++ command = [ PluginDir + "/check_mysql_slave" ] ++ ++ arguments = { ++ "-H" = "$mysql_hostname$" ++ "-P" = "$mysql_port$" ++ "-s" = "$mysql_socket$" ++ "-f" = "$mysql_file$" ++ "-g" = "$mysql_group$" ++ "-u" = "$mysql_username$" ++ "-p" = "$mysql_password$" ++ "-N" = "$mysql_connection_name$" ++ "-w" = "$mysql_warning$" ++ "-c" = "$mysql_critical$" ++ "-l" = { ++ set_if = "$mysql_ssl$" ++ } ++ "-C" = "$mysql_cacert$" ++ "-a" = "$mysql_cert$" ++ "-k" = "$mysql_key$" ++ "-D" = "$mysql_cadir$" ++ "-L" = "$mysql_ciphers$" ++ } ++ ++ vars.mysql_hostname = "$check_address$" ++} ++ + object CheckCommand "negate" { + import "plugin-check-command" + diff --git a/pkgs/icinga2/default.nix b/pkgs/icinga2/default.nix new file mode 100644 index 0000000..5429a51 --- /dev/null +++ b/pkgs/icinga2/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchurl +, bison, boost, cmake, flex +, libedit, mysql, openssl, yajl +}: + +stdenv.mkDerivation rec { + version = "2.4.10"; + name = "icinga2-${version}"; + + src = fetchurl { + url = "https://github.com/Icinga/icinga2/archive/v${version}.tar.gz"; + sha256 = "0pj2y24kgf17106903lnz9gmp5hb3irhafq8sp22qf1wa0q395n2"; + }; + + buildInputs = [ bison boost cmake flex libedit openssl yajl ]; + + patches = [ + ./check_mysql_slave.patch + ]; + + cmakeFlags = [ + "-DCMAKE_INSTALL_LOCALSTATEDIR=/icinga2" + "-DCMAKE_INSTALL_SYSCONFDIR=/icinga2/etc" # this will need runtime support + "-DICINGA2_COMMAND_GROUP=icingacmd" + "-DICINGA2_GROUP=icinga" + "-DICINGA2_RUNDIR=/run" + "-DICINGA2_USER=icinga" + "-DICINGA2_WITH_PGSQL=OFF" + "-DMYSQL_INCLUDE_DIR=${mysql.lib}/include/mysql" + "-DMYSQL_LIB_DIR=${mysql.lib}/lib" + ]; + + # XXX Without DESTDIR it tries to write to /icinga2 and /run: + installPhase = '' + rm -rf tmp + mkdir -p tmp + make install DESTDIR=$(pwd)/tmp + mv tmp/$out $out + mv tmp/icinga2 $out/icinga2 + rm -rf $out/run + for s in $out/icinga2/etc/icinga2/scripts/* ; do + substituteInPlace $s --replace /usr/bin/printf printf + done + ''; +} diff --git a/pkgs/icingaweb2/default.nix b/pkgs/icingaweb2/default.nix new file mode 100644 index 0000000..263ae47 --- /dev/null +++ b/pkgs/icingaweb2/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl +, php +}: + +stdenv.mkDerivation rec { + version = "2.3.4"; + name = "icingaweb2-${version}"; + + src = fetchurl { + url = "https://github.com/Icinga/icingaweb2/archive/v${version}.tar.gz"; + sha256 = "0kmxvwbr7g6daj2mqabzvmw3910igd85wrzwilkz83fizgmrszh5"; + }; + + buildInputs = [ php ]; + + patches = [ ./sproxy.patch ]; + + buildPhase = "true"; + + installPhase = '' + mkdir -p $out + cp -a * $out + rm -rf $out/.puppet + rm -rf $out/Vagrantfile + rm -rf $out/icingaweb2.spec + rm -rf $out/modules/doc + rm -rf $out/modules/iframe + rm -rf $out/modules/setup + rm -rf $out/modules/test + rm -rf $out/packages + rm -rf $out/test + ''; +} diff --git a/pkgs/icingaweb2/sproxy.patch b/pkgs/icingaweb2/sproxy.patch new file mode 100644 index 0000000..d1b074d --- /dev/null +++ b/pkgs/icingaweb2/sproxy.patch @@ -0,0 +1,78 @@ +commit 04eb7cffa84387070f48f5649a1d5a5a7843fc9c +Author: Igor Pashev <pashev.igor@gmail.com> +Date: Fri Jan 1 11:05:48 2016 +0300 + + Added Sproxy backend + + See https://github.com/zalora/sproxy + +diff --git a/library/Icinga/Authentication/User/SproxyBackend.php b/library/Icinga/Authentication/User/SproxyBackend.php +new file mode 100644 +index 0000000..4b15b0e +--- /dev/null ++++ b/library/Icinga/Authentication/User/SproxyBackend.php +@@ -0,0 +1,40 @@ ++<?php ++/* 2016 Zalora South East Asia Pte. Ltd | GPLv2+ */ ++ ++namespace Icinga\Authentication\User; ++ ++use Icinga\Data\ConfigObject; ++use Icinga\User; ++ ++/** ++ * Login with Sproxy authentication mechanism: ++ * https://github.com/zalora/sproxy ++ */ ++class SproxyBackend extends ExternalBackend ++{ ++ /** ++ * {@inheritdoc} ++ */ ++ public function authenticate(User $user, $password = null) ++ { ++ if (! empty($_SERVER['HTTP_FROM'])) { ++ $email = $_SERVER['HTTP_FROM']; ++ $user->setUsername($email); ++ $user->setEmail($email); ++ $user->setExternalUserInformation($email, 'HTTP_FROM'); ++ ++ if (! empty($_SERVER['HTTP_X_GIVEN_NAME'])) { ++ $user->setFirstname($_SERVER['HTTP_X_GIVEN_NAME']); ++ } ++ if (! empty($_SERVER['HTTP_X_GROUPS'])) { ++ $user->setGroups(explode(',', $_SERVER['HTTP_X_GROUPS'])); ++ } ++ if (! empty($_SERVER['HTTP_X_FAMILY_NAME'])) { ++ $user->setLastname($_SERVER['HTTP_X_FAMILY_NAME']); ++ } ++ ++ return true; ++ } ++ return false; ++ } ++} +diff --git a/library/Icinga/Authentication/User/UserBackend.php b/library/Icinga/Authentication/User/UserBackend.php +index 3b8e210..d264365 100644 +--- a/library/Icinga/Authentication/User/UserBackend.php ++++ b/library/Icinga/Authentication/User/UserBackend.php +@@ -22,6 +22,7 @@ class UserBackend implements ConfigAwareFactory + * @var array + */ + protected static $defaultBackends = array( ++ 'sproxy', + 'external', + 'db', + 'ldap', +@@ -176,6 +177,11 @@ class UserBackend implements ConfigAwareFactory + $backend->setName($name); + return $backend; + } ++ if ($backendType === 'sproxy') { ++ $backend = new SproxyBackend($backendConfig); ++ $backend->setName($name); ++ return $backend; ++ } + if (in_array($backendType, static::$defaultBackends)) { + // The default backend check is the first one because of performance reasons: + // Do not attempt to load a custom user backend unless it's actually required diff --git a/pkgs/juandelacosa/cabal2nix.nix b/pkgs/juandelacosa/cabal2nix.nix new file mode 100644 index 0000000..ddb6af7 --- /dev/null +++ b/pkgs/juandelacosa/cabal2nix.nix @@ -0,0 +1,25 @@ +{ mkDerivation, base, base64-bytestring, bytestring +, data-default-class, docopt, entropy, fast-logger, fetchgit +, http-types, interpolatedstring-perl6, mtl, mysql, mysql-simple +, network, resource-pool, scotty, stdenv, text, unix, wai +, wai-extra, wai-middleware-static, warp +}: +mkDerivation { + pname = "juandelacosa"; + version = "0.1.1"; + src = fetchgit { + url = "https://github.com/zalora/juandelacosa.git"; + sha256 = "c260feae989f518484881e7dc7ebcd51d5b25fcda92412445942a5e34c1f9459"; + rev = "0940da0cdfb1201768d35c58433891feacbaedd5"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base base64-bytestring bytestring data-default-class docopt entropy + fast-logger http-types interpolatedstring-perl6 mtl mysql + mysql-simple network resource-pool scotty text unix wai wai-extra + wai-middleware-static warp + ]; + description = "Manage users in MariaDB >= 10.1.1"; + license = stdenv.lib.licenses.mit; +} diff --git a/pkgs/juandelacosa/default.nix b/pkgs/juandelacosa/default.nix new file mode 100644 index 0000000..b37e598 --- /dev/null +++ b/pkgs/juandelacosa/default.nix @@ -0,0 +1,3 @@ +{ haskellPackages }: +haskellPackages.callPackage ./cabal2nix.nix {} + diff --git a/pkgs/mariadb/MDEV-10463.patch b/pkgs/mariadb/MDEV-10463.patch new file mode 100644 index 0000000..c094257 --- /dev/null +++ b/pkgs/mariadb/MDEV-10463.patch @@ -0,0 +1,36 @@ +diff --git a/sql/sql_show.cc b/sql/sql_show.cc +index ae38745..73edb18 100644 +--- a/sql/sql_show.cc ++++ b/sql/sql_show.cc +@@ -4850,6 +4850,7 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond) + TABLE *table= tables->table; + #ifndef NO_EMBEDDED_ACCESS_CHECKS + Security_context *sctx= thd->security_ctx; ++ ulong db_access= sctx->db_access; + #endif + DBUG_ENTER("fill_schema_shemata"); + +@@ -4891,9 +4892,20 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond) + continue; + } + #ifndef NO_EMBEDDED_ACCESS_CHECKS +- if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || +- acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) || +- !check_grant_db(thd, db_name->str)) ++ if (test_all_bits(sctx->master_access, DB_ACLS)) ++ db_access= DB_ACLS; ++ else ++ { ++ db_access= acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, FALSE); ++ if (sctx->priv_role[0]) ++ { ++ /* include a possible currently set role for access */ ++ db_access|= acl_get("", "", sctx->priv_role, db_name->str, FALSE); ++ } ++ } ++ if ((sctx->master_access & SHOW_DB_ACL) || ++ (db_access & DB_ACLS) || ++ !check_grant_db(thd, db_name->str)) + #endif + { + load_db_opt_by_name(thd, db_name->str, &create); diff --git a/pkgs/mariadb/default.nix b/pkgs/mariadb/default.nix new file mode 100644 index 0000000..e26646d --- /dev/null +++ b/pkgs/mariadb/default.nix @@ -0,0 +1,139 @@ +{ stdenv, fetchurl, cmake, ncurses, zlib, xz, lzo, lz4, bzip2, snappy +, openssl, pcre, boost, judy, bison, libxml2 +, libaio, libevent, groff, jemalloc, cracklib, systemd, numactl, perl +}: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "mariadb-${version}"; + version = "10.1.17"; + + src = fetchurl { + url = "https://downloads.mariadb.org/interstitial/mariadb-${version}/source/mariadb-${version}.tar.gz"; + sha256 = "1ddalhxxcn95qp5b50z213niylcd0s6bqphid0c7c624wg2mm92c"; + }; + + buildInputs = [ + cmake ncurses openssl zlib xz lzo lz4 bzip2 snappy + pcre libxml2 boost judy bison libevent cracklib + ] ++ stdenv.lib.optionals stdenv.isLinux [ jemalloc libaio systemd numactl ]; + + patches = [ + ./MDEV-10463.patch + ]; + + cmakeFlags = [ + "-DBUILD_CONFIG=mysql_release" + "-DDEFAULT_CHARSET=utf8" + "-DDEFAULT_COLLATION=utf8_general_ci" + "-DENABLED_LOCAL_INFILE=ON" + "-DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock" + "-DMYSQL_DATADIR=/var/lib/mysql" + "-DINSTALL_SYSCONFDIR=etc/mysql" + "-DINSTALL_INFODIR=share/mysql/docs" + "-DINSTALL_MANDIR=share/man" + "-DINSTALL_PLUGINDIR=lib/mysql/plugin" + "-DINSTALL_SCRIPTDIR=bin" + "-DINSTALL_INCLUDEDIR=include/mysql" + "-DINSTALL_DOCREADMEDIR=share/mysql" + "-DINSTALL_SUPPORTFILESDIR=share/mysql" + "-DINSTALL_MYSQLSHAREDIR=share/mysql" + "-DINSTALL_DOCDIR=share/mysql/docs" + "-DINSTALL_SHAREDIR=share/mysql" + "-DWITH_READLINE=ON" + "-DWITH_ZLIB=system" + "-DWITH_SSL=system" + "-DWITH_PCRE=system" + "-DWITH_EMBEDDED_SERVER=yes" + "-DWITH_EXTRA_CHARSETS=complex" + "-DWITH_EMBEDDED_SERVER=ON" + "-DWITH_ARCHIVE_STORAGE_ENGINE=1" + "-DWITH_BLACKHOLE_STORAGE_ENGINE=1" + "-DWITH_INNOBASE_STORAGE_ENGINE=1" + "-DWITH_PARTITION_STORAGE_ENGINE=1" + "-DWITHOUT_EXAMPLE_STORAGE_ENGINE=1" + "-DWITHOUT_FEDERATED_STORAGE_ENGINE=1" + "-DSECURITY_HARDENED=ON" + "-DWITH_WSREP=ON" + ] ++ stdenv.lib.optionals stdenv.isDarwin [ + "-DWITHOUT_OQGRAPH_STORAGE_ENGINE=1" + "-DWITHOUT_TOKUDB=1" + "-DCURSES_LIBRARY=${ncurses}/lib/libncurses.dylib" + ]; + + # fails to find lex_token.h sometimes + enableParallelBuilding = true; + + outputs = [ "out" "lib" ]; + + prePatch = '' + substituteInPlace cmake/libutils.cmake \ + --replace /usr/bin/libtool libtool + sed -i "s,SET(DEFAULT_MYSQL_HOME.*$,SET(DEFAULT_MYSQL_HOME /not/a/real/dir),g" CMakeLists.txt + sed -i "s,SET(PLUGINDIR.*$,SET(PLUGINDIR $lib/lib/mysql/plugin),g" CMakeLists.txt + sed -i 's,SET(SHAREDIR .*$,SET(SHAREDIR share/mysql),g' CMakeLists.txt + + sed -i "s,SET(pkgincludedir.*$,SET(pkgincludedir $lib/include),g" scripts/CMakeLists.txt + sed -i "s,SET(pkglibdir.*$,SET(pkglibdir $lib/lib),g" scripts/CMakeLists.txt + sed -i "s,SET(pkgplugindir.*$,SET(pkgplugindir $lib/lib/mysql/plugin),g" scripts/CMakeLists.txt + + sed -i "s,set(libdir.*$,SET(libdir $lib/lib),g" storage/mroonga/vendor/groonga/CMakeLists.txt + sed -i "s,set(includedir.*$,SET(includedir $lib/include),g" storage/mroonga/vendor/groonga/CMakeLists.txt + sed -i "/\"\$[{]CMAKE_INSTALL_PREFIX}\/\$[{]GRN_RELATIVE_PLUGINS_DIR}\"/d" storage/mroonga/vendor/groonga/CMakeLists.txt + sed -i "s,set(GRN_PLUGINS_DIR.*$,SET(GRN_PLUGINS_DIR $lib/\$\{GRN_RELATIVE_PLUGINS_DIR}),g" storage/mroonga/vendor/groonga/CMakeLists.txt + sed -i 's,[^"]*/var/log,/var/log,g' storage/mroonga/vendor/groonga/CMakeLists.txt + ''; + + postInstall = '' + substituteInPlace $out/bin/mysql_install_db \ + --replace basedir=\"\" basedir=\"$out\" + + # Remove superfluous files + rm -r $out/mysql-test $out/sql-bench $out/data # Don't need testing data + rm $out/share/man/man1/mysql-test-run.pl.1 + rm $out/bin/rcmysql # Not needed with nixos units + rm $out/bin/mysqlbug # Encodes a path to gcc and not really useful + find $out/bin -name \*test\* -exec rm {} \; + + # Separate libs and includes into their own derivation + mkdir -p $lib + mv $out/lib $lib + mv $out/include $lib + + '' + + stdenv.lib.optionalString stdenv.isDarwin '' + # Fix library rpaths + # TODO: put this in the stdenv to prepare for wide usage of multi-output derivations + for file in $(grep -rl $out/lib $lib); do + install_name_tool -delete_rpath $out/lib -add_rpath $lib $file + done + + '' + '' + # Fix the mysql_config + sed -i $out/bin/mysql_config \ + -e 's,-lz,-L${zlib}/lib -lz,g' \ + -e 's,-lssl,-L${openssl}/lib -lssl,g' + + # Add mysql_config to libs since configure scripts use it + mkdir -p $lib/bin + cp $out/bin/mysql_config $lib/bin + sed -i "/\(execdir\|bindir\)/ s,'[^\"']*',$lib/bin,g" $lib/bin/mysql_config + + # Make sure to propagate lib for compatability + mkdir -p $out/nix-support + echo "$lib" > $out/nix-support/propagated-native-build-inputs + + # Don't install static libraries. + rm $lib/lib/libmysqlclient.a $lib/lib/libmysqld.a + ''; + + passthru.mysqlVersion = "5.6"; + + meta = with stdenv.lib; { + description = "An enhanced, drop-in replacement for MySQL"; + homepage = https://mariadb.org/; + license = stdenv.lib.licenses.gpl2; + maintainers = with stdenv.lib.maintainers; [ thoughtpolice wkennington ]; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/pkgs/mathJax.nix b/pkgs/mathJax.nix new file mode 100644 index 0000000..04b596f --- /dev/null +++ b/pkgs/mathJax.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + version = "2.6.1"; + name = "mathjax-${version}"; + + src = fetchurl { + url = "https://github.com/mathjax/MathJax/archive/${version}.tar.gz"; + sha256 = "1f7v48s7km9fi9i0bignn8f91z3bk04n4jx407l3xsd4hxfr8in7"; + }; + + installPhase = '' + mkdir -p $out + cp -a * $out/ + rm -rf $out/unpacked + rm -rf "$out/"*.json + ''; +} diff --git a/pkgs/mediawiki/T122487.patch b/pkgs/mediawiki/T122487.patch new file mode 100644 index 0000000..7b868a8 --- /dev/null +++ b/pkgs/mediawiki/T122487.patch @@ -0,0 +1,16 @@ +Description: fix warning on upload page +Bug: https://phabricator.wikimedia.org/T122487 +Index: mediawiki-1.23.13/includes/User.php +=================================================================== +--- mediawiki-1.23.13.orig/includes/User.php ++++ mediawiki-1.23.13/includes/User.php +@@ -3806,6 +3806,9 @@ class User { + * @return boolean: Whether the token matches + */ + public function matchEditToken( $val, $salt = '', $request = null ) { ++ if ($val === null) { ++ return false; ++ } + $sessionToken = $this->getEditToken( $salt, $request ); + $equals = hash_equals( $sessionToken, $val ); + if ( !$equals ) { diff --git a/pkgs/mediawiki/default.nix b/pkgs/mediawiki/default.nix new file mode 100644 index 0000000..ef606f0 --- /dev/null +++ b/pkgs/mediawiki/default.nix @@ -0,0 +1,59 @@ +{ lib, pkgs }: + +let + inherit (builtins) elemAt; + inherit (lib) splitString concatMapStrings; + + bundled = [ + "Cite" "ConfirmEdit" "Gadgets" "ImageMap" "InputBox" "Interwiki" + "LocalisationUpdate" "Nuke" "ParserFunctions" "PdfHandler" "Poem" + "Renameuser" "SpamBlacklist" "SyntaxHighlight_GeSHi" "TitleBlacklist" + "WikiEditor" + ]; + +in pkgs.stdenv.mkDerivation rec { + version = "1.23.13"; + name = "mediawiki-${version}"; + + src = let + v = splitString "." version; + minor = "${elemAt v 0}.${elemAt v 1}"; + in pkgs.fetchurl { + url = "https://releases.wikimedia.org/mediawiki/${minor}/${name}.tar.gz"; + sha256 = "168wpf53n4ksj2g5q5r0hxapx6238dvsfng5ff9ixk6axsn0j5d0"; + }; + + patches = [ + ./T122487.patch + ./file-backend-default-mode.patch + ]; + + outputs = [ "out" ] ++ bundled; + + installPhase = '' + cp -a . $out + + rm -rf $out/tests + rm -rf $out/mw-config + rm -rf $out/maintenance/dev + rm -rf $out/maintenance/hiphop + + sed -i \ + -e 's|/bin/bash|${pkgs.bash}/bin/bash|g' \ + -e 's|/usr/bin/timeout|${pkgs.coreutils}/bin/timeout|g' \ + $out/includes/limit.sh \ + $out/includes/GlobalFunctions.php + + cat <<'EOF' > $out/LocalSettings.php + <?php + if (isset($_ENV['MEDIAWIKI_LOCAL_SETTINGS'])) { + require_once ($_ENV['MEDIAWIKI_LOCAL_SETTINGS']); + }; + ?> + EOF + + ${concatMapStrings (e: '' + mv $out/extensions/${e} ''${${e}} + '') bundled} + ''; +} diff --git a/pkgs/mediawiki/file-backend-default-mode.patch b/pkgs/mediawiki/file-backend-default-mode.patch new file mode 100644 index 0000000..2bd303c --- /dev/null +++ b/pkgs/mediawiki/file-backend-default-mode.patch @@ -0,0 +1,52 @@ +Index: mediawiki-1.23.13/includes/DefaultSettings.php +=================================================================== +--- mediawiki-1.23.13.orig/includes/DefaultSettings.php ++++ mediawiki-1.23.13/includes/DefaultSettings.php +@@ -429,7 +429,7 @@ $wgImgAuthUrlPathMap = array(); + * leave the paths in unchanged, or 'simple' to replace paths with + * placeholders. Default for LocalRepo is 'simple'. + * - fileMode This allows wikis to set the file mode when uploading/moving files. Default +- * is 0644. ++ * is 0640. + * - directory The local filesystem directory where public files are stored. Not used for + * some remote repos. + * - thumbDir The base thumbnail directory. Defaults to "<directory>/thumb". +Index: mediawiki-1.23.13/includes/filerepo/FSRepo.php +=================================================================== +--- mediawiki-1.23.13.orig/includes/filerepo/FSRepo.php ++++ mediawiki-1.23.13/includes/filerepo/FSRepo.php +@@ -50,7 +50,7 @@ class FSRepo extends FileRepo { + : "{$directory}/transcoded"; + $fileMode = isset( $info['fileMode'] ) + ? $info['fileMode'] +- : 0644; ++ : 0640; + + $repoName = $info['name']; + // Get the FS backend configuration +Index: mediawiki-1.23.13/includes/filebackend/FSFileBackend.php +=================================================================== +--- mediawiki-1.23.13.orig/includes/filebackend/FSFileBackend.php ++++ mediawiki-1.23.13/includes/filebackend/FSFileBackend.php +@@ -82,7 +82,7 @@ class FSFileBackend extends FileBackendS + } + } + +- $this->fileMode = isset( $config['fileMode'] ) ? $config['fileMode'] : 0644; ++ $this->fileMode = isset( $config['fileMode'] ) ? $config['fileMode'] : 0640; + if ( isset( $config['fileOwner'] ) && function_exists( 'posix_getuid' ) ) { + $this->fileOwner = $config['fileOwner']; + $info = posix_getpwuid( posix_getuid() ); +Index: mediawiki-1.23.13/includes/filebackend/FileBackendGroup.php +=================================================================== +--- mediawiki-1.23.13.orig/includes/filebackend/FileBackendGroup.php ++++ mediawiki-1.23.13/includes/filebackend/FileBackendGroup.php +@@ -88,7 +88,7 @@ class FileBackendGroup { + : "{$directory}/transcoded"; + $fileMode = isset( $info['fileMode'] ) + ? $info['fileMode'] +- : 0644; ++ : 0640; + // Get the FS backend configuration + $autoBackends[] = array( + 'name' => $backendName, diff --git a/pkgs/mediawikiExtensions/Sproxy/Sproxy.php b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php new file mode 100644 index 0000000..697c596 --- /dev/null +++ b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php @@ -0,0 +1,218 @@ +<?php + +// This program is free software: you can redistribute it and/or modify it +// under the terms of the GNU General Public License as published by the Free +// Software Foundation, either version 2 of the License, or (at your option) +// any later version. +// +// This program is distributed in the hope that it will be useful, but WITHOUT +// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +// more details. +// +// You should have received a copy of the GNU General Public License along with +// this program. If not, see <http://www.gnu.org/licenses/>. +// +// Copyright 2006 Otheus Shelling +// Copyright 2007 Rusty Burchfield +// Copyright 2009 James Kinsman +// Copyright 2010 Daniel Thomas +// Copyright 2010 Ian Ward Comfort +// Copyright 2013-2016 Zalora South East Asia Pte Ltd +// +// In 2009, the copyright holders determined that the original publishing of this code +// under GPLv3 was legally and logistically in error, and re-licensed it under GPLv2. +// +// See http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER +// +// Adapted by Rusty to be compatible with version 1.9 of MediaWiki +// Optional settings from Emmanuel Dreyfus +// Adapted by VibroAxe (James Kinsman) to be compatible with version 1.16 of MediaWiki +// Adapted by VibroAxe (James Kinsman) to allow domain substitution for Integrated Windows Authentication +// Adapted by drt24 (Daniel Thomas) to add the optional $wgAuthRemoteuserMailDomain and remove hardcoding +// of permissions for anonymous users. +// Adapted by Ian Ward Comfort to detect mismatches between the session user and REMOTE_USER +// Adapted to sproxy by Chris Forno +// Extension credits that show up on Special:Version + +$wgExtensionCredits['other'][] = array( + 'name' => 'Sproxy', + 'version' => '0.2.0', + 'author' => array( + 'Otheus Shelling', + 'Rusty Burchfield', + 'James Kinsman', + 'Daniel Thomas', + 'Ian Ward Comfort', + 'Chris Forno' + ) , + 'url' => '', + 'description' => 'Automatically authenticates users using sproxy HTTP headers.', +); + +// We must allow zero length passwords. This extension does not work in MW 1.16 without this. +$wgMinimalPasswordLength = 0; + +function sproxy_hook() +{ + global $wgUser, $wgRequest, $wgAuth; + + // For a few special pages, don't do anything. + $skipPages = array( + Title::makeName(NS_SPECIAL, 'UserLogin') , + Title::makeName(NS_SPECIAL, 'UserLogout') , + ); + + if (in_array($wgRequest->getVal('title') , $skipPages)) { + return; + } + + // Don't do anything if there's already a valid session. + $user = User::newFromSession(); + if (!$user->isAnon()) { + return; + } + + // If the login form returns NEED_TOKEN try once more with the right token + $trycount = 0; + $token = ''; + $errormessage = ''; + do { + $tryagain = false; + // Submit a fake login form to authenticate the user. + $params = new FauxRequest(array( + 'wpName' => sproxy_username() , + 'wpPassword' => '', + 'wpDomain' => '', + 'wpLoginToken' => $token, + 'wpRemember' => '', + )); + // Authenticate user data will automatically create new users. + $loginForm = new LoginForm($params); + $result = $loginForm->authenticateUserData(); + switch ($result) { + case LoginForm::SUCCESS: + $wgUser->setOption('rememberpassword', 1); + $wgUser->setCookies(); + break; + + case LoginForm::NEED_TOKEN: + $token = $loginForm->getLoginToken(); + $tryagain = ($trycount == 0); + break; + + default: + error_log("Unexpected sproxy authentication failure (code: $result)"); + break; + } + $trycount++; + } + while ($tryagain); +} + +$wgExtensionFunctions[] = 'sproxy_hook'; +function sproxy_email() +{ + return $_SERVER['HTTP_FROM']; +} + +function sproxy_username() +{ + // We can't rely on X-Given-Name/X-Family name because they can be + // set by the user. I've personally seen someone set their name to + // "ZALORA". + // + // Instead, we'll try to extract the real name from the first part + // of the email address. + list($username, $_) = explode('@', sproxy_email()); + // So we have something like firstname.lastname or firstname.l or + // firstname. + return $username; +} + +function sproxy_real_name() +{ + return $_SERVER['HTTP_X_GIVEN_NAME'] . ' ' . $_SERVER['HTTP_X_FAMILY_NAME']; +} + +class AuthSproxy extends AuthPlugin +{ + public function userExists($username) + { + // This does not mean does the user already exist in the Mediawiki database. + return true; + } + + public function authenticate($username, $password) + { + // All users are already authenticated. + return true; + } + + public function autoCreate() + { + // Automatically create Mediawiki users for sproxy users. + return true; + } + + function allowPasswordChange() + { + // This doesn't make any sense so don't allow it. + return false; + } + + public function strict() + { + // Don't check passwords against the Mediawiki database; + return true; + } + + public function initUser(&$user, $autocreate = false) + { + $user->setEmail(sproxy_email()); + $user->mEmailAuthenticated = wfTimestampNow(); + $user->setToken(); + $user->setRealName(sproxy_real_name()); + + // turn on e-mail notifications + if (isset($wgAuthRemoteuserNotify) && $wgAuthRemoteuserNotify) { + $user->setOption('enotifwatchlistpages', 1); + $user->setOption('enotifusertalkpages', 1); + $user->setOption('enotifminoredits', 1); + $user->setOption('enotifrevealaddr', 1); + } + $user->saveSettings(); + } +} + +$wgAuth = new AuthSproxy(); + +// Don't let anonymous people do things... +$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['*']['read'] = false; +$wgGroupPermissions['*']['edit'] = false; + +// see http://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList +// and http://www.mediawiki.org/w/Manual:Special_pages +// and http://lists.wikimedia.org/pipermail/mediawiki-l/2009-June/031231.html +// disable login and logout functions for all users +function LessSpecialPages(&$list) +{ + unset($list['ChangeEmail']); + unset($list['Userlogin']); + unset($list['Userlogout']); + return true; +} +$wgHooks['SpecialPage_initList'][] = 'LessSpecialPages'; + +// http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth +// remove login and logout buttons for all users +function StripLogin(&$personal_urls, &$wgTitle) +{ + unset($personal_urls["login"]); + unset($personal_urls["logout"]); + unset($personal_urls['anonlogin']); + return true; +} +$wgHooks['PersonalUrls'][] = 'StripLogin'; + diff --git a/pkgs/mediawikiExtensions/default.nix b/pkgs/mediawikiExtensions/default.nix new file mode 100644 index 0000000..f2ae6f1 --- /dev/null +++ b/pkgs/mediawikiExtensions/default.nix @@ -0,0 +1,52 @@ +{ lib, fetchgit, mediawiki }: + +let + inherit (lib) filter genAttrs; + + bundled = filter (n: n != "out") mediawiki.outputs; + +in genAttrs bundled (e: mediawiki.${e}) // +{ + + EmbedVideo= fetchgit { + url = https://github.com/HydraWiki/mediawiki-embedvideo.git; + rev = "1c1904bfc040bc948726719cbef41708c62546b3"; + sha256 = "07sxpaks1hik710izilpslnqlcjz2nphqkx9b9qh6qv9xb0a9n6v"; + }; + + GraphViz = fetchgit { + url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/GraphViz.git; + rev = "c968ec19090ab6febcd12ccd5816c5875fddc9df"; + sha256 = "a0f9b7a67c1b166bba7ce3100b9b2666938af50666a526b1e9e4a83359e4a10d"; + }; + +/* TODO Use with Mediawiki 1.26+ + MathJax = fetchgit { + url = https://github.com/hbshim/mediawiki-mathjax.git; + rev = "56061635eaeffbd13d50d243077e44fcbf3f5da1"; + sha256 = "1xx9cpcl5c8n1jn3qckcva5dnl8z7i1bd2ff4ycpd2cdp930gsy6"; + }; +*/ + + MathJax = fetchgit { + url = https://github.com/zalora/Mediawiki-MathJax.git; + rev = "880adf7f9da55dbe257043fe431f825211ee96e1"; + sha256 = "17s3pbxj6jhywsbdss1hqmss8slb89jkwirlsbd0h16m130q72n8"; + }; + + MsUpload = fetchgit { + url = https://phabricator.wikimedia.org/diffusion/EMSU/extension-msupload.git; + rev = "d2983b9cd44203173b39e64bf25cdcd73612fcc0"; + sha256 = "18n4iyvp85ipgggjgwrk6pn75gciwrkjb7mr1zvqsh9kv3rpd5n9"; + }; + + Sproxy = ./Sproxy; # TODO: review, update & publish + + UserPageEditProtection = fetchgit { + url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UserPageEditProtection.git; + rev = "13ff835e8278654ab8cfae03c8b8196bdfe6e410"; + sha256 = "0hjsgq8hhqw6wxqfc14jq1wb09q8zf9xv7jz0hkhl5ma6338j7q9"; + }; + +} + diff --git a/pkgs/monitoringPlugins/default.nix b/pkgs/monitoringPlugins/default.nix new file mode 100644 index 0000000..d0f554e --- /dev/null +++ b/pkgs/monitoringPlugins/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchurl +, autoreconfHook +, procps, perl +, fping, openssh, bind +, mariadb +, openssl +}: + +stdenv.mkDerivation rec { + version = "2.1.2"; + name = "monitoring-plugins-${version}"; + src = fetchurl { + url = "https://github.com/monitoring-plugins/monitoring-plugins/archive/v${version}.tar.gz"; + sha256 = "0mgs59326yzvx92pdqmn671d40czixd7k60dvsbz89ah2r96vps7"; + }; + + buildInputs = [ + autoreconfHook + procps perl + fping openssh bind + mariadb.lib + openssl + ]; + + patches = [ + ./mysql_check_slave.patch + ]; + + configurePhase = '' + ./configure \ + --prefix=$out \ + --disable-nls \ + --with-ping-command="/var/setuid-wrappers/ping -n -U -w %d -c %d %s" \ + --with-ping6-command="/var/setuid-wrappers/ping6 -n -U -w %d -c %d %s" \ + --with-trusted-path=/var/setuid-wrappers:/run/current-system/sw/bin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin + ''; +} diff --git a/pkgs/monitoringPlugins/mysql_check_slave.patch b/pkgs/monitoringPlugins/mysql_check_slave.patch new file mode 100644 index 0000000..09098f6 --- /dev/null +++ b/pkgs/monitoringPlugins/mysql_check_slave.patch @@ -0,0 +1,591 @@ +commit f1623c0309b35b35a3ff8cab447e9ab06b3497f8 +Author: Igor Pashev <pashev.igor@gmail.com> +Date: Sun Jan 3 10:59:51 2016 +0300 + + Added check_mysql_slave + + Supports MariaDB multi-source replication + +diff --git a/configure.ac b/configure.ac +index 0a554af..f1a7aac 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -357,7 +357,7 @@ if test $with_mysql = "no" ; then + AC_MSG_WARN([Skipping mysql plugin]) + AC_MSG_WARN([install mysql client libs to compile this plugin (see REQUIREMENTS).]) + else +- EXTRAS="$EXTRAS check_mysql\$(EXEEXT) check_mysql_query\$(EXEEXT)" ++ EXTRAS="$EXTRAS check_mysql\$(EXEEXT) check_mysql_query\$(EXEEXT) check_mysql_slave\$(EXEEXT)" + MYSQLINCLUDE="$np_mysql_include" + MYSQLLIBS="$np_mysql_libs" + MYSQLCFLAGS="$np_mysql_cflags" +diff --git a/plugins/Makefile.am b/plugins/Makefile.am +index 0ddf9bd..fdcb154 100644 +--- a/plugins/Makefile.am ++++ b/plugins/Makefile.am +@@ -38,7 +38,7 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \ + EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \ + check_swap check_fping check_ldap check_game check_dig \ + check_nagios check_by_ssh check_dns check_nt check_ide_smart \ +- check_procs check_mysql_query check_apt check_dbi ++ check_procs check_mysql_query check_apt check_dbi check_mysql_slave + + EXTRA_DIST = t tests + +@@ -85,6 +85,9 @@ check_mrtgtraf_LDADD = $(BASEOBJS) + check_mysql_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS) + check_mysql_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) + check_mysql_LDADD = $(NETLIBS) $(MYSQLLIBS) ++check_mysql_slave_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS) ++check_mysql_slave_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) ++check_mysql_slave_LDADD = $(NETLIBS) $(MYSQLLIBS) + check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS) + check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) + check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS) +diff --git a/plugins/check_mysql_slave.c b/plugins/check_mysql_slave.c +new file mode 100644 +index 0000000..bc402e0 +--- /dev/null ++++ b/plugins/check_mysql_slave.c +@@ -0,0 +1,541 @@ ++/***************************************************************************** ++* ++* Monitoring check_mysql plugin ++* ++* License: GPL ++* Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at) ++* Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net) ++* Copyright (c) 1999-2011 Monitoring Plugins Development Team ++* Copyright (c) 2016 Zalora South East Asia Pte. Ltd ++* ++* Description: ++* ++* This file contains the check_mysql_slave plugin ++* ++* This program tests MySQL/MariaDB slaves ++* ++* ++* This program is free software: you can redistribute it and/or modify ++* it under the terms of the GNU General Public License as published by ++* the Free Software Foundation, either version 3 of the License, or ++* (at your option) any later version. ++* ++* This program is distributed in the hope that it will be useful, ++* but WITHOUT ANY WARRANTY; without even the implied warranty of ++* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++* GNU General Public License for more details. ++* ++* You should have received a copy of the GNU General Public License ++* along with this program. If not, see <http://www.gnu.org/licenses/>. ++* ++* ++*****************************************************************************/ ++ ++const char *progname = "check_mysql_slave"; ++const char *copyright = "1999-2016"; ++const char *email = "devel@monitoring-plugins.org"; ++ ++#define SLAVERESULTSIZE 256 ++ ++#include "common.h" ++#include "utils.h" ++#include "utils_base.h" ++#include "netutils.h" ++ ++#include <mysql.h> ++#include <mysqld_error.h> ++#include <errmsg.h> ++ ++char *db_user = NULL; ++char *db_host = NULL; ++char *db_socket = NULL; ++char *db_pass = NULL; ++char *ca_cert = NULL; ++char *ca_dir = NULL; ++char *cert = NULL; ++char *key = NULL; ++char *ciphers = NULL; ++bool ssl = false; ++char *opt_file = NULL; ++char *opt_group = NULL; ++unsigned int db_port = MYSQL_PORT; ++int warn_sec = 0, crit_sec = 0; ++char *connection_name = NULL; ++char *query; ++ ++static double warning_time = 0; ++static double critical_time = 0; ++ ++thresholds *my_threshold = NULL; ++ ++int process_arguments (int, char **); ++int validate_arguments (void); ++void print_help (void); ++void print_usage (void); ++ ++int ++main (int argc, char **argv) ++{ ++ ++ MYSQL mysql; ++ MYSQL_RES *res; ++ MYSQL_ROW row; ++ char *perf; ++ perf = strdup (""); ++ ++ char *error = NULL; ++ char slaveresult[SLAVERESULTSIZE]; ++ ++ setlocale (LC_ALL, ""); ++ bindtextdomain (PACKAGE, LOCALEDIR); ++ textdomain (PACKAGE); ++ ++ /* Parse extra opts if any */ ++ argv = np_extra_opts (&argc, argv, progname); ++ ++ if (process_arguments (argc, argv) == ERROR) ++ usage4 (_("Could not parse arguments")); ++ ++ /* initialize mysql */ ++ mysql_init (&mysql); ++ ++ if (opt_file != NULL) ++ mysql_options (&mysql, MYSQL_READ_DEFAULT_FILE, opt_file); ++ ++ if (opt_group != NULL) ++ mysql_options (&mysql, MYSQL_READ_DEFAULT_GROUP, opt_group); ++ else ++ mysql_options (&mysql, MYSQL_READ_DEFAULT_GROUP, "client"); ++ ++ if (ssl) ++ mysql_ssl_set (&mysql, key, cert, ca_cert, ca_dir, ciphers); ++ ++ if (!mysql_real_connect ++ (&mysql, db_host, db_user, db_pass, "", db_port, db_socket, 0)) ++ { ++ if (mysql_errno (&mysql) == CR_UNKNOWN_HOST) ++ die (STATE_WARNING, "%s\n", mysql_error (&mysql)); ++ else if (mysql_errno (&mysql) == CR_VERSION_ERROR) ++ die (STATE_WARNING, "%s\n", mysql_error (&mysql)); ++ else if (mysql_errno (&mysql) == CR_OUT_OF_MEMORY) ++ die (STATE_WARNING, "%s\n", mysql_error (&mysql)); ++ else if (mysql_errno (&mysql) == CR_IPSOCK_ERROR) ++ die (STATE_WARNING, "%s\n", mysql_error (&mysql)); ++ else if (mysql_errno (&mysql) == CR_SOCKET_CREATE_ERROR) ++ die (STATE_WARNING, "%s\n", mysql_error (&mysql)); ++ else ++ die (STATE_CRITICAL, "%s\n", mysql_error (&mysql)); ++ } ++ ++ if (connection_name != NULL && strcmp (connection_name, "") != 0) ++ { ++ xasprintf (&query, "show slave '%s' status", connection_name); ++ } ++ else ++ { ++ xasprintf (&query, "show slave status"); ++ } ++ ++ if (mysql_query (&mysql, query) != 0) ++ { ++ error = strdup (mysql_error (&mysql)); ++ mysql_close (&mysql); ++ die (STATE_CRITICAL, _("slave query error: %s\n"), error); ++ } ++ ++ if ((res = mysql_store_result (&mysql)) == NULL) ++ { ++ error = strdup (mysql_error (&mysql)); ++ mysql_close (&mysql); ++ die (STATE_CRITICAL, _("slave store_result error: %s\n"), error); ++ } ++ ++ /* Check there is some data */ ++ if (mysql_num_rows (res) == 0) ++ { ++ mysql_close (&mysql); ++ die (STATE_WARNING, "%s\n", _("No slaves defined")); ++ } ++ ++ /* fetch the first row */ ++ if ((row = mysql_fetch_row (res)) == NULL) ++ { ++ error = strdup (mysql_error (&mysql)); ++ mysql_free_result (res); ++ mysql_close (&mysql); ++ die (STATE_CRITICAL, _("slave fetch row error: %s\n"), error); ++ } ++ ++ const char *last_io_error = NULL; ++ const char *last_sql_error = NULL; ++ const char *seconds_behind_master = NULL; ++ const char *slave_io = NULL; ++ const char *slave_sql = NULL; ++ MYSQL_FIELD *fields; ++ ++ int i, num_fields; ++ num_fields = mysql_num_fields (res); ++ fields = mysql_fetch_fields (res); ++ for (i = 0; i < num_fields; i++) ++ { ++ if (strcmp (fields[i].name, "Last_IO_Error") == 0 && row[i] ++ && row[i][0]) ++ { ++ last_io_error = row[i]; ++ continue; ++ } ++ if (strcmp (fields[i].name, "Last_SQL_Error") == 0 && row[i] ++ && row[i][0]) ++ { ++ last_sql_error = row[i]; ++ continue; ++ } ++ if (strcmp (fields[i].name, "Slave_IO_Running") == 0) ++ { ++ slave_io = row[i]; ++ continue; ++ } ++ if (strcmp (fields[i].name, "Slave_SQL_Running") == 0) ++ { ++ slave_sql = row[i]; ++ continue; ++ } ++ if (strcmp (fields[i].name, "Seconds_Behind_Master") == 0) ++ { ++ seconds_behind_master = row[i]; ++ continue; ++ } ++ } ++ ++ /* Check if slave status is available */ ++ if ((slave_io == NULL) || (slave_sql == NULL)) ++ { ++ mysql_free_result (res); ++ mysql_close (&mysql); ++ die (STATE_CRITICAL, "Slave status unavailable\n"); ++ } ++ ++ const char *last_error; ++ if (last_sql_error) ++ last_error = last_sql_error; ++ else if (last_io_error) ++ last_error = last_io_error; ++ else ++ last_error = NULL; ++ ++ if ((seconds_behind_master == NULL) ++ || (strcmp (seconds_behind_master, "NULL") == 0)) ++ seconds_behind_master = "N/A"; ++ ++ /* Save slave status in slaveresult */ ++ snprintf (slaveresult, SLAVERESULTSIZE, ++ "Slave IO: %s, Slave SQL: %s, %s: %s", ++ slave_io, slave_sql, ++ (last_error ? "Last Error" : "Seconds Behind Master"), ++ (last_error ? last_error : seconds_behind_master)); ++ ++ if (strcmp (slave_io, "Yes") != 0 || strcmp (slave_sql, "Yes") != 0) ++ { ++ mysql_free_result (res); ++ mysql_close (&mysql); ++ if (last_io_error || last_sql_error) ++ { ++ die (STATE_CRITICAL, "%s\n", slaveresult); ++ } ++ else ++ { ++ die (STATE_WARNING, "%s\n", slaveresult); ++ }; ++ } ++ ++ /* Check Seconds Behind against threshold */ ++ if (strcmp (seconds_behind_master, "N/A") != 0) ++ { ++ double value = atof (seconds_behind_master); ++ int status; ++ ++ status = get_status (value, my_threshold); ++ ++ xasprintf (&perf, "%s %s", perf, ++ fperfdata ("lag", value, "s", TRUE, ++ (double) warning_time, TRUE, ++ (double) critical_time, FALSE, 0, FALSE, 0)); ++ ++ if (status == STATE_WARNING) ++ { ++ printf ("LAG %s: %s|%s\n", _("WARNING"), slaveresult, perf); ++ exit (STATE_WARNING); ++ } ++ else if (status == STATE_CRITICAL) ++ { ++ printf ("LAG %s: %s|%s\n", _("CRITICAL"), slaveresult, perf); ++ exit (STATE_CRITICAL); ++ } ++ } ++ ++ mysql_free_result (res); ++ mysql_close (&mysql); ++ ++ printf ("%s|%s\n", slaveresult, perf); ++ return STATE_OK; ++} ++ ++ ++int ++process_arguments (int argc, char **argv) ++{ ++ int c; ++ char *warning = NULL; ++ char *critical = NULL; ++ ++ int option = 0; ++ static struct option longopts[] = { ++ {"ca-cert", optional_argument, 0, 'C'}, ++ {"ca-dir", required_argument, 0, 'D'}, ++ {"cert", required_argument, 0, 'a'}, ++ {"ciphers", required_argument, 0, 'L'}, ++ {"connection-name", required_argument, 0, 'N'}, ++ {"critical", required_argument, 0, 'c'}, ++ {"file", required_argument, 0, 'f'}, ++ {"group", required_argument, 0, 'g'}, ++ {"help", no_argument, 0, 'h'}, ++ {"hostname", required_argument, 0, 'H'}, ++ {"key", required_argument, 0, 'k'}, ++ {"password", required_argument, 0, 'p'}, ++ {"port", required_argument, 0, 'P'}, ++ {"socket", required_argument, 0, 's'}, ++ {"ssl", no_argument, 0, 'l'}, ++ {"username", required_argument, 0, 'u'}, ++ {"version", no_argument, 0, 'V'}, ++ {"warning", required_argument, 0, 'w'}, ++ {0, 0, 0, 0} ++ }; ++ ++ if (argc < 1) ++ return ERROR; ++ ++ while (1) ++ { ++ c = ++ getopt_long (argc, argv, "hlVnSP:p:u:H:s:c:w:a:k:C:D:L:f:g:N:", ++ longopts, &option); ++ ++ if (c == -1 || c == EOF) ++ break; ++ ++ switch (c) ++ { ++ case 'H': /* hostname */ ++ if (is_host (optarg)) ++ { ++ db_host = optarg; ++ } ++ else ++ { ++ usage2 (_("Invalid hostname/address"), optarg); ++ } ++ break; ++ case 's': /* socket */ ++ db_socket = optarg; ++ break; ++ case 'N': ++ connection_name = optarg; ++ break; ++ case 'l': ++ ssl = true; ++ break; ++ case 'C': ++ ca_cert = optarg; ++ break; ++ case 'a': ++ cert = optarg; ++ break; ++ case 'k': ++ key = optarg; ++ break; ++ case 'D': ++ ca_dir = optarg; ++ break; ++ case 'L': ++ ciphers = optarg; ++ break; ++ case 'u': /* username */ ++ db_user = optarg; ++ break; ++ case 'p': /* authentication information: password */ ++ db_pass = strdup (optarg); ++ ++ /* Delete the password from process list */ ++ while (*optarg != '\0') ++ { ++ *optarg = 'X'; ++ optarg++; ++ } ++ break; ++ case 'f': /* client options file */ ++ opt_file = optarg; ++ break; ++ case 'g': /* client options group */ ++ opt_group = optarg; ++ break; ++ case 'P': /* critical time threshold */ ++ db_port = atoi (optarg); ++ break; ++ case 'w': ++ warning = optarg; ++ warning_time = strtod (warning, NULL); ++ break; ++ case 'c': ++ critical = optarg; ++ critical_time = strtod (critical, NULL); ++ break; ++ case 'V': /* version */ ++ print_revision (progname, NP_VERSION); ++ exit (STATE_OK); ++ case 'h': /* help */ ++ print_help (); ++ exit (STATE_OK); ++ case '?': /* help */ ++ usage5 (); ++ } ++ } ++ ++ c = optind; ++ ++ set_thresholds (&my_threshold, warning, critical); ++ ++ while (argc > c) ++ { ++ ++ if (db_host == NULL) ++ if (is_host (argv[c])) ++ { ++ db_host = argv[c++]; ++ } ++ else ++ { ++ usage2 (_("Invalid hostname/address"), argv[c]); ++ } ++ else if (db_user == NULL) ++ db_user = argv[c++]; ++ else if (db_pass == NULL) ++ db_pass = argv[c++]; ++ else if (is_intnonneg (argv[c])) ++ db_port = atoi (argv[c++]); ++ else ++ break; ++ } ++ ++ return validate_arguments (); ++} ++ ++ ++int ++validate_arguments (void) ++{ ++ if (db_user == NULL) ++ db_user = strdup (""); ++ ++ if (db_host == NULL) ++ db_host = strdup (""); ++ ++ return OK; ++} ++ ++ ++void ++print_help (void) ++{ ++ char *myport; ++ xasprintf (&myport, "%d", MYSQL_PORT); ++ ++ print_revision (progname, NP_VERSION); ++ ++ printf (_(COPYRIGHT), copyright, email); ++ ++ printf ("%s\n", _("This program tests MySQL/MariaDB slaves")); ++ ++ printf ("\n\n"); ++ ++ print_usage (); ++ ++ printf (UT_HELP_VRSN); ++ printf (UT_EXTRA_OPTS); ++ ++ printf (UT_HOST_PORT, 'P', myport); ++ ++ printf (" %s\n", "-s, --socket=STRING"); ++ printf (" %s\n", ++ _("Use the specified socket (has no effect if -H is used)")); ++ ++ printf (" %s\n", "-f, --file=STRING"); ++ printf (" %s\n", _("Read from the specified client options file")); ++ printf (" %s\n", "-g, --group=STRING"); ++ printf (" %s\n", _("Use a client options group")); ++ printf (" %s\n", "-u, --username=STRING"); ++ printf (" %s\n", _("Connect using the indicated username")); ++ printf (" %s\n", "-p, --password=STRING"); ++ printf (" %s\n", ++ _("Use the indicated password to authenticate the connection")); ++ printf (" ==> %s <==\n", ++ _("IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!")); ++ printf (" %s\n", ++ _ ++ ("Your clear-text password could be visible as a process table entry")); ++ printf (" %s\n", "-N, --connection-name"); ++ printf (" %s\n", _("Connection name if using multi-source replication")); ++ ++ printf (" %s\n", "-w, --warning"); ++ printf (" %s\n", ++ _ ++ ("Exit with WARNING status if slave server is more than INTEGER seconds")); ++ printf (" %s\n", _("behind master")); ++ printf (" %s\n", "-c, --critical"); ++ printf (" %s\n", ++ _ ++ ("Exit with CRITICAL status if slave server is more then INTEGER seconds")); ++ printf (" %s\n", _("behind master")); ++ printf (" %s\n", "-l, --ssl"); ++ printf (" %s\n", _("Use ssl encryptation")); ++ printf (" %s\n", "-C, --ca-cert=STRING"); ++ printf (" %s\n", _("Path to CA signing the cert")); ++ printf (" %s\n", "-a, --cert=STRING"); ++ printf (" %s\n", _("Path to SSL certificate")); ++ printf (" %s\n", "-k, --key=STRING"); ++ printf (" %s\n", _("Path to private SSL key")); ++ printf (" %s\n", "-D, --ca-dir=STRING"); ++ printf (" %s\n", _("Path to CA directory")); ++ printf (" %s\n", "-L, --ciphers=STRING"); ++ printf (" %s\n", _("List of valid SSL ciphers")); ++ ++ ++ printf ("\n"); ++ printf (" %s\n", ++ _ ++ ("There are no required arguments. By default, the local database is checked")); ++ printf (" %s\n", ++ _ ++ ("using the default unix socket. You can force TCP on localhost by using an")); ++ printf (" %s\n", ++ _("IP address or FQDN ('localhost' will use the socket as well).")); ++ ++ printf ("\n"); ++ printf ("%s\n", _("Notes:")); ++ printf (" %s\n", ++ _ ++ ("You must specify -p with an empty string to force an empty password,")); ++ printf (" %s\n", _("overriding any my.cnf settings.")); ++ ++ printf (UT_SUPPORT); ++} ++ ++ ++void ++print_usage (void) ++{ ++ printf ("%s\n", _("Usage:")); ++ printf (" %s [-H host] [-P port] [-s socket]\n", progname); ++ printf (" [-u user] [-p password] [-S] [-l] [-a cert] [-k key]\n"); ++ printf ++ (" [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]\n"); ++} diff --git a/pkgs/mydumper.nix b/pkgs/mydumper.nix new file mode 100644 index 0000000..463cb22 --- /dev/null +++ b/pkgs/mydumper.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchbzr +, cmake, glib, mysql, openssl +, pcre, pkgconfig, zlib +}: + +stdenv.mkDerivation rec { + version = "0.9.2"; + name = "mydumper-${version}"; + + src = fetchbzr { + url = "lp:mydumper"; + rev = 188; + sha256 = "0kbhgbh6mqkxwbs5yd20s1k3h3f3jqp2i041dhmlrnzl6irgqbg5"; + }; + + buildInputs = [ cmake glib mysql.lib openssl pcre pkgconfig zlib ]; +} diff --git a/pkgs/mywatch/cabal2nix.nix b/pkgs/mywatch/cabal2nix.nix new file mode 100644 index 0000000..3dfbbcc --- /dev/null +++ b/pkgs/mywatch/cabal2nix.nix @@ -0,0 +1,25 @@ +{ mkDerivation, aeson, base, bytestring, ConfigFile +, data-default-class, docopt, fast-logger, fetchgit, http-types +, interpolatedstring-perl6, MissingH, mtl, mysql, mysql-simple +, network, resource-pool, scotty, stdenv, text, unix +, unordered-containers, wai, wai-extra, wai-middleware-static, warp +}: +mkDerivation { + pname = "mywatch"; + version = "0.2.0"; + src = fetchgit { + url = "https://github.com/zalora/mywatch.git"; + sha256 = "f1ae1b776cdbc11da24819381d5d1fe057be3c5ef69314024c9e0fc043085cd2"; + rev = "afd12c0190f64527a320a99cc6df97f6cfca57d7"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson base bytestring ConfigFile data-default-class docopt + fast-logger http-types interpolatedstring-perl6 MissingH mtl mysql + mysql-simple network resource-pool scotty text unix + unordered-containers wai wai-extra wai-middleware-static warp + ]; + description = "Web application to view and kill MySQL queries"; + license = stdenv.lib.licenses.mit; +} diff --git a/pkgs/mywatch/default.nix b/pkgs/mywatch/default.nix new file mode 100644 index 0000000..4afc645 --- /dev/null +++ b/pkgs/mywatch/default.nix @@ -0,0 +1,4 @@ +{ stdenv, haskellPackages }: + +haskellPackages.callPackage ./cabal2nix.nix {} + diff --git a/pkgs/nagios-plugins-rabbitmq/default.nix b/pkgs/nagios-plugins-rabbitmq/default.nix new file mode 100644 index 0000000..6ecb2e4 --- /dev/null +++ b/pkgs/nagios-plugins-rabbitmq/default.nix @@ -0,0 +1,36 @@ +{ fetchurl +, makeWrapper +, perl +, perlPackages +, stdenv +}: + +stdenv.mkDerivation rec { + version = "2.0.3"; + name = "nagios-plugins-rabbitmq-${version}"; + + src = fetchurl { + url = "https://github.com/nagios-plugins-rabbitmq/nagios-plugins-rabbitmq/archive/${version}.tar.gz"; + sha256 = "1fw40hzvb8sk5ss0hvrgv338lr019d2q9cc9ayy4hvk1c5bh3ljb"; + }; + + buildInputs = [ + makeWrapper + perl + perlPackages.JSON + perlPackages.LWPUserAgent + perlPackages.ModuleBuild + perlPackages.MonitoringPlugin + perlPackages.URI + ]; + + buildPhase = "perl Build.PL --prefix=$out; ./Build build"; + installPhase = '' + ./Build install + + for n in "$out/bin/"*; do + wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB" + done + ''; +} + diff --git a/pkgs/probes.nix b/pkgs/probes.nix new file mode 100644 index 0000000..650c996 --- /dev/null +++ b/pkgs/probes.nix @@ -0,0 +1,28 @@ +{ stdenv, pkgs, lib }: + +let + plugins = [ + "check_disk" + "check_file_age" + "check_http" + "check_load" + "check_log" + "check_mysql" + "check_mysql_query" + "check_procs" + "check_swap" + "check_users" + ]; + +in stdenv.mkDerivation { + name = "local-monitoring-plugins"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + ${lib.concatMapStringsSep "\n" (p: '' + cp -a ${pkgs.monitoringPlugins}/libexec/${p} $out/bin/${p} + '') plugins} + cp -a '${pkgs.check_mdstat}/bin/'* $out/bin/ + cp -a '${pkgs.check_systemd}/bin/'* $out/bin/ + ''; +} diff --git a/pkgs/rdsdump/default.nix b/pkgs/rdsdump/default.nix new file mode 100644 index 0000000..0efe033 --- /dev/null +++ b/pkgs/rdsdump/default.nix @@ -0,0 +1,14 @@ +{ stdenv, bash, ... }: + +stdenv.mkDerivation { + name = "rdsdump"; + buildInputs = [ bash ]; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + cp -a ${./rdsdump.bash} $out/bin/rdsdump + chmod +x $out/bin/rdsdump + patchShebangs $out/bin/rdsdump + ''; +} + diff --git a/pkgs/rdsdump/rdsdump.bash b/pkgs/rdsdump/rdsdump.bash new file mode 100644 index 0000000..6b8cbf1 --- /dev/null +++ b/pkgs/rdsdump/rdsdump.bash @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +set -euo pipefail + +mysql_args= +mysqldump_args= +master_data=0 +while [ $# -gt 0 ]; do + case $1 in + --host=*|--password=*|--user=*|\ + --defaults-file=*|--defaults-extra-file=*|\ + --ssl=*|--ssl-ca=*|--ssl-key=*|--ssl-cert=*|\ + -h?*|-u?*|-p?*) + mysql_args="$mysql_args $1" + mysqldump_args="$mysqldump_args $1" + shift 1;; + --host|--user|\ + --defaults-file|--defaults-extra-file|\ + --ssl-ca|--ssl-key|--ssl-cert|\ + -h|-u) + mysql_args="$mysql_args $1 $2" + mysqldump_args="$mysqldump_args $1 $2" + shift 2;; + --master-data=*) + master_data=$(echo "$1" | cut -d= -f2) + shift;; + --master-data) + master_data=$2 + shift 2;; + *) + mysqldump_args="$mysqldump_args $1" + shift;; + esac +done + +replica () { + mysql $mysql_args "$@" +} + +start_replication () { + replica -N -e "CALL mysql.rds_start_replication;" >&2 +} + +stop_replication () { + replica -N -e "CALL mysql.rds_stop_replication;" >&2 +} + +trap 'start_replication' EXIT +stop_replication + +if [ "$master_data" -gt 0 ]; then +if [ "$master_data" -eq 2 ]; then + printf '-- ' +fi +replica -e 'SHOW SLAVE STATUS\G' | awk -f <(cat - <<- 'AWK' + /\<Exec_Master_Log_Pos\>/ { log_pos = $2 }; + /\<Relay_Master_Log_File\>/ { log_file = $2 }; + END { + printf "CHANGE MASTER TO MASTER_LOG_FILE='%s', MASTER_LOG_POS=%d;\n", log_file, log_pos + } +AWK +) +fi + +mysqldump $mysqldump_args & +sleep 30 + +start_replication +trap - EXIT + +wait diff --git a/pkgs/sproxy-web/cabal2nix.nix b/pkgs/sproxy-web/cabal2nix.nix new file mode 100644 index 0000000..0f475f2 --- /dev/null +++ b/pkgs/sproxy-web/cabal2nix.nix @@ -0,0 +1,26 @@ +{ mkDerivation, aeson, base, blaze-html, blaze-markup, bytestring +, data-default-class, directory, docopt, fast-logger, fetchgit +, filepath, http-types, interpolatedstring-perl6, mtl, network +, postgresql-simple, resource-pool, scotty, stdenv, text, unix, wai +, wai-extra, wai-middleware-static, warp +}: +mkDerivation { + pname = "sproxy-web"; + version = "0.4.1"; + src = fetchgit { + url = "https://github.com/zalora/sproxy-web.git"; + sha256 = "529597548a3fbd0999acdbd3a382ed4f152043db01f275b08d4c4883b8fe5f5f"; + rev = "5d7ee61deb55359ae8ce6013dd7fe81bcdc0f9a9"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson base blaze-html blaze-markup bytestring data-default-class + directory docopt fast-logger filepath http-types + interpolatedstring-perl6 mtl network postgresql-simple + resource-pool scotty text unix wai wai-extra wai-middleware-static + warp + ]; + description = "Web interface to sproxy database"; + license = stdenv.lib.licenses.mit; +} diff --git a/pkgs/sproxy-web/default.nix b/pkgs/sproxy-web/default.nix new file mode 100644 index 0000000..4afc645 --- /dev/null +++ b/pkgs/sproxy-web/default.nix @@ -0,0 +1,4 @@ +{ stdenv, haskellPackages }: + +haskellPackages.callPackage ./cabal2nix.nix {} + diff --git a/pkgs/sproxy/cabal2nix.nix b/pkgs/sproxy/cabal2nix.nix new file mode 100644 index 0000000..1a7b3f6 --- /dev/null +++ b/pkgs/sproxy/cabal2nix.nix @@ -0,0 +1,25 @@ +{ mkDerivation, aeson, attoparsec, base, base64-bytestring +, bytestring, containers, data-default, docopt, entropy, fetchgit +, http-conduit, http-kit, http-types, interpolatedstring-perl6 +, network, postgresql-simple, resource-pool, SHA, split, stdenv +, text, time, tls, unix, utf8-string, x509, yaml +}: +mkDerivation { + pname = "sproxy"; + version = "0.9.8"; + src = fetchgit { + url = "https://github.com/zalora/sproxy.git"; + sha256 = "40d86e00cfbdc96033ca53e773a7467cd3e2206856d27e4a24076d9449c46ca7"; + rev = "507a0984d4ce01ef0d83e7cda37cba5c80a33b75"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson attoparsec base base64-bytestring bytestring containers + data-default docopt entropy http-conduit http-kit http-types + interpolatedstring-perl6 network postgresql-simple resource-pool + SHA split text time tls unix utf8-string x509 yaml + ]; + description = "HTTP proxy for authenticating users via OAuth2"; + license = stdenv.lib.licenses.mit; +} diff --git a/pkgs/sproxy/default.nix b/pkgs/sproxy/default.nix new file mode 100644 index 0000000..4afc645 --- /dev/null +++ b/pkgs/sproxy/default.nix @@ -0,0 +1,4 @@ +{ stdenv, haskellPackages }: + +haskellPackages.callPackage ./cabal2nix.nix {} + diff --git a/pkgs/writeBashScript.nix b/pkgs/writeBashScript.nix new file mode 100644 index 0000000..15e81c5 --- /dev/null +++ b/pkgs/writeBashScript.nix @@ -0,0 +1,13 @@ +{ bash, writeScript, haskellPackages, runCommand }: + +name: text: +let + f = writeScript name '' + #!${bash}/bin/bash + ${text} + ''; +in +runCommand name { } '' + ${haskellPackages.ShellCheck}/bin/shellcheck ${f} + cp -a ${f} $out +'' diff --git a/pkgs/writeBashScriptBin.nix b/pkgs/writeBashScriptBin.nix new file mode 100644 index 0000000..33b9bf6 --- /dev/null +++ b/pkgs/writeBashScriptBin.nix @@ -0,0 +1,7 @@ +{ writeBashScript, runCommand }: + +name: text: +runCommand name { } '' + mkdir -p $out/bin + cp -a ${writeBashScript name text} $out/bin/${name} +'' diff --git a/pkgs/writePHPFile.nix b/pkgs/writePHPFile.nix new file mode 100644 index 0000000..e031efe --- /dev/null +++ b/pkgs/writePHPFile.nix @@ -0,0 +1,10 @@ +{ php, writeText, runCommand }: + +name: text: +let + f = writeText name text; +in +runCommand name { } '' + ${php}/bin/php -l '${f}' + cp -a '${f}' $out +'' diff --git a/pkgs/writeXML.nix b/pkgs/writeXML.nix new file mode 100644 index 0000000..1cfc075 --- /dev/null +++ b/pkgs/writeXML.nix @@ -0,0 +1,11 @@ +{ writeText, runCommand, libxml2 }: + +name: text: + let + f = writeText "${name}.raw" text; + in + runCommand name { } '' + ${libxml2}/bin/xmllint \ + --format --noblanks --nocdata ${f} \ + > $out + '' |