diff --git a/nixos/module/hectic/service/sentinèlla.nix b/nixos/module/hectic/service/sentinèlla.nix new file mode 100644 index 0000000..ee3e387 --- /dev/null +++ b/nixos/module/hectic/service/sentinèlla.nix @@ -0,0 +1,106 @@ +{ + inputs, + flake, + self, +}: +{ + pkgs, + lib, + config, + ... +}: let + system = pkgs.system; + cfg = config.hectic.services.server-health; + # URLS="http://..." # default: none + # VOLUMES="/ /home" # default: all from df -P +in { + options = { + hectic.services."sentinèlla" = { + probe = { + enable = lib.mkEnableOption "enable sentinèlla probe services, that provides endpoints for server status check"; + urls = lib.mkOption { + type = lib.types.port; + description = '' + urls to check + ''; + }; + volumes = lib.mkOption { + type = lib.types.port; + description = '' + volumes to check + ''; + }; + port = lib.mkOption { + type = lib.types.port; + description = '' + service's port + ''; + }; + environmentPath = lib.mkOption { + type = lib.types.path; + example = '' + config.sops.secrets."name-of-service/environment".path + ''; + description = '' + in case when you do not want show configurations in repository + ``` + VOLUMES= + URLS= + PORT= + ``` + ''; + }; + }; + sentinel = { + enable = lib.mkEnableOption "enable sentinèlla sentinel services, that reported servers statuses based on probe polls"; + environmentPath = lib.mkOption { + type = lib.types.path; + example = '' + config.sops.secrets."name-of-service/environment".path + ''; + description = '' + in case when you do not want show configurations in repository + ''; + }; + }; + }; + }; + config = lib.mkMerge [ + (lib.mkIf cfg.probe.enable { + services.nginx.virtualHosts = { + }; + systemd.services."sentinèlla-probe" = { + description = "Hectic server health check"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${self.packages.${system}.server-health}/bin/probe"; + EnvironmentFile = cfg.probe.environmentPath; + Environment = (if cfg.probe.urls != null then [ + "URLS=${cfg.probe.urls}" + ] else []) ++ (if cfg.probe.volumes != null then [ + "VOLUMES=${cfg.volumes}" + ] else []) ++ (if cfg.probe.port != null then [ + "PORT=${builtins.toString cfg.probe.port}" + ] else []); + Restart = "always"; + RestartSec = "5s"; + + # Shutdown configuration + TimeoutStopSec = "30s"; + KillSignal = "SIGTERM"; + KillMode = "mixed"; + + # Security and process management + RemainAfterExit = false; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + }) + (lib.mkIf cfg.sentinel.enable { + + }) + ]; +} diff --git a/nixos/module/hectic/service/server-health.nix b/nixos/module/hectic/service/server-health.nix deleted file mode 100644 index 626ecf7..0000000 --- a/nixos/module/hectic/service/server-health.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ - inputs, - flake, - self, -}: -{ - pkgs, - lib, - config, - ... -}: let - system = pkgs.system; - cfg = config.hectic.services.server-health; - # URLS="http://..." # default: none - # VOLUMES="/ /home" # default: all from df -P -in { - options = { - hectic.services.server-health = { - enable = lib.mkEnableOption "enable serverhelth services"; - urls = lib.mkOption { - type = lib.types.port; - default = "5899"; - description = '' - urls to check - ''; - }; - volumes = lib.mkOption { - type = lib.types.port; - default = "5899"; - description = '' - volumes to check - ''; - }; - port = lib.mkOption { - type = lib.types.port; - default = "5899"; - description = '' - service's port - ''; - }; - }; - }; - config = lib.mkIf cfg.enable { - systemd.services."hectic-server-health" = { - description = "Hectic server health check"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${self.packages.${system}.server-health}/bin/server-health"; - Environment = (if cfg.urls != null then [ - "URLS=${cfg.urls}" - ] else []) ++ (if cfg.volumes != null then [ - "VOLUMES=${cfg.volumes}" - ] else []); - Restart = "always"; - RestartSec = "5s"; - - # Shutdown configuration - TimeoutStopSec = "30s"; - KillSignal = "SIGTERM"; - KillMode = "mixed"; - - # Security and process management - RemainAfterExit = false; - StandardOutput = "journal"; - StandardError = "journal"; - }; - }; - }; -} diff --git a/package/default.nix b/package/default.nix index 1417b59..2d69e77 100644 --- a/package/default.nix +++ b/package/default.nix @@ -238,42 +238,42 @@ in { sha256 = "sha256-atKhccp8Pr8anJUo+M9hnYkYrcgnB9SxrpmsiVusJZs="; }; }; - nvim-alias = pkgs.callPackage ./nvim-alias.nix {}; - bolt-unpack = pkgs.callPackage ./bolt-unpack.nix {}; - nvim-pager = pkgs.callPackage ./nvim-pager.nix {}; - printobstacle = pkgs.callPackage ./printobstacle.nix {}; - printprogress = pkgs.callPackage ./printprogress.nix {}; - colorize = pkgs.callPackage ./colorize.nix {}; - github-gh-tl = pkgs.callPackage ./github/gh-tl.nix {}; - supabase-with-env-collection = pkgs.callPackage ./supabase-with-env-collection.nix {}; - migration-name = pkgs.callPackage ./migration-name.nix {}; - prettify-log = pkgs.callPackage ./prettify-log/default.nix rust.commonArgs; - pg-from = pkgs.callPackage ./postgres/pg-from/default.nix rust.commonArgs; - pg-schema = pkgs.callPackage ./postgres/pg-schema/default.nix rust.commonArgs; - pg_wdumpall = pkgs.callPackage ./postgres/pg_wdumpall.nix rust.commonArgs; - pg_wdump = pkgs.callPackage ./postgres/pg_wdump.nix rust.commonArgs; - pg-migration = pkgs.callPackage ./postgres/pg-migration/default.nix rust.commonArgs; - pg-17-ext-hemar = buildHemarExt pkgs "17"; - pg-17-ext-http = buildHttpExt pkgs "17"; - pg-17-ext-smtp-client = buildSmtpExt pkgs "17"; - pg-17-ext-plhaskell = buildPlHaskellExt pkgs "17"; - pg-17-ext-plsh = buildPlShExt pkgs "17"; - pg-16-ext-hemar = buildHemarExt pkgs "16"; - pg-16-ext-http = buildHttpExt pkgs "16"; - pg-16-ext-smtp-client = buildSmtpExt pkgs "16"; - pg-16-ext-plhaskell = buildPlHaskellExt pkgs "16"; - pg-16-ext-plsh = buildPlShExt pkgs "16"; - pg-15-ext-hemar = buildHemarExt pkgs "15"; - pg-15-ext-http = buildHttpExt pkgs "15"; - pg-15-ext-smtp-client = buildSmtpExt pkgs "15"; - pg-15-ext-plhaskell = buildPlHaskellExt pkgs "15"; - pg-15-ext-plsh = buildPlShExt pkgs "15"; - slpt = pkgs.callPackage ./slpt.nix {}; - c-hectic = pkgs.callPackage ./c/hectic/default.nix {}; - watch = pkgs.callPackage ./c/watch/default.nix {}; - support-bot = pkgs.callPackage ./support-bot {}; - nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {}; - server-health = pkgs.callPackage ./server-health {}; - shellplot = pkgs.callPackage ./shellplot {}; - sops = pkgs.callPackage ./sops.nix {}; + nvim-alias = pkgs.callPackage ./nvim-alias.nix {}; + bolt-unpack = pkgs.callPackage ./bolt-unpack.nix {}; + nvim-pager = pkgs.callPackage ./nvim-pager.nix {}; + printobstacle = pkgs.callPackage ./printobstacle.nix {}; + printprogress = pkgs.callPackage ./printprogress.nix {}; + colorize = pkgs.callPackage ./colorize.nix {}; + github-gh-tl = pkgs.callPackage ./github/gh-tl.nix {}; + supabase-with-env-collection = pkgs.callPackage ./supabase-with-env-collection.nix {}; + migration-name = pkgs.callPackage ./migration-name.nix {}; + prettify-log = pkgs.callPackage ./prettify-log/default.nix rust.commonArgs; + pg-from = pkgs.callPackage ./postgres/pg-from/default.nix rust.commonArgs; + pg-schema = pkgs.callPackage ./postgres/pg-schema/default.nix rust.commonArgs; + pg_wdumpall = pkgs.callPackage ./postgres/pg_wdumpall.nix rust.commonArgs; + pg_wdump = pkgs.callPackage ./postgres/pg_wdump.nix rust.commonArgs; + pg-migration = pkgs.callPackage ./postgres/pg-migration/default.nix rust.commonArgs; + slpt = pkgs.callPackage ./slpt.nix {}; + c-hectic = pkgs.callPackage ./c/hectic/default.nix {}; + watch = pkgs.callPackage ./c/watch/default.nix {}; + support-bot = pkgs.callPackage ./support-bot {}; + nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {}; + "sentinèlla" = pkgs.callPackage (./. + "/sentinèlla") {}; + shellplot = pkgs.callPackage ./shellplot {}; + sops = pkgs.callPackage ./sops.nix {}; + pg-17-ext-hemar = buildHemarExt pkgs "17"; + pg-17-ext-http = buildHttpExt pkgs "17"; + pg-17-ext-smtp-client = buildSmtpExt pkgs "17"; + pg-17-ext-plhaskell = buildPlHaskellExt pkgs "17"; + pg-17-ext-plsh = buildPlShExt pkgs "17"; + pg-16-ext-hemar = buildHemarExt pkgs "16"; + pg-16-ext-http = buildHttpExt pkgs "16"; + pg-16-ext-smtp-client = buildSmtpExt pkgs "16"; + pg-16-ext-plhaskell = buildPlHaskellExt pkgs "16"; + pg-16-ext-plsh = buildPlShExt pkgs "16"; + pg-15-ext-hemar = buildHemarExt pkgs "15"; + pg-15-ext-http = buildHttpExt pkgs "15"; + pg-15-ext-smtp-client = buildSmtpExt pkgs "15"; + pg-15-ext-plhaskell = buildPlHaskellExt pkgs "15"; + pg-15-ext-plsh = buildPlShExt pkgs "15"; } diff --git a/package/sentinèlla/default.nix b/package/sentinèlla/default.nix new file mode 100644 index 0000000..c1efaaa --- /dev/null +++ b/package/sentinèlla/default.nix @@ -0,0 +1,10 @@ +{ writeShellScriptBin, socat, dash }: +writeShellScriptBin "server-health" '' + set +a + LOOP_FILE=${./probe-loop.sh} + socat() { ${socat}/bin/socat $@ } + dash() { ${dash}/bin/dash $@ } + set -a + + ${dash}/bin/dash ${./probe.sh} +'' diff --git a/package/sentinèlla/probe-loop.sh b/package/sentinèlla/probe-loop.sh new file mode 100644 index 0000000..7e25f9f --- /dev/null +++ b/package/sentinèlla/probe-loop.sh @@ -0,0 +1,185 @@ +#!/bin/dash + +# router.sh — POSIX sh HTTP backend (for socat) +# usage: socat -T5 -t5 TCP-LISTEN:${port},reuseaddr,fork EXEC:"sh ${currentfile}" +# Routes: +# GET /status -> check $URLS (0/0 if unset) +# GET /disk -> check $VOLUMES (all if unset) +# Env: +# URLS="http://..." # default: none +# VOLUMES="/ /home" # default: all from df -P +# TIMEOUT=5 + +base64() { + local mod + mod="${1:?}" + + case "$mod" in + encode) + printf '%s' "${2:?}" | od -An -t u1 | tr -s ' ' | tr -d '\n' | awk ' + BEGIN { + A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" + } + function dec2bin(n, r,len,pad) { + if (n==0) return "00000000" + while (n>0) { + r = (n%2) r + n = int(n/2) + } + return sprintf("%08s", r) + } + function bin2dec(s, i,d,r) { + r=0 + for(i=1;i<=length(s);i++) { + d=substr(s,i,1) + r = r*2 + d + } + return r + } + function buildbin(t, r) { + for(i=1;i<=NF;i+=1) { + #printf("%s | %s\n", dec2bin($i), $i) + r = sprintf("%s%s", r, dec2bin($i)) + } + return r + } + function base64(b, r,c) { + for(i=1;i<=length(b);i+=6) { + #printf("%s | %s\n", substr(b,i,6), bin2dec(substr(b,i,6))) + c = substr(A, bin2dec(substr(b,i,6))+1, 1) + r = sprintf("%s%s", r, c) + } + return r + } + { + b=buildbin($1) + l=length(b) + lack = (6 - l % 6) % 6 + b = sprintf("%s%0*d", b, lack, 0) + r = base64(b) + print lack + for(i=1;i<=lack/2;i+=1) { + r = sprintf("%s=", r) + } + print r + } + ' + ;; + decode) + printf '%b\n' "$(printf '%s' "${2:?}" | awk ' BEGIN { + A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" + } + function dec2bin(n, r,len,pad) { + if (n==0) return "000000" + while (n>0) { + r = (n%2) r + n = int(n/2) + } + r = sprintf("%6s", r) + gsub(/ /,"0",r) + return r + } + { + for(i=1;i<=length($1);i+=1) { + b=sprintf("%s%s", b, dec2bin(index(A, substr($1,i,1))-1)) + } + for(i=1; i<=length(b); i+=8){ + n=0 + for(j=0;j<8;j++) n = n*2 + (substr(b,i+j,1)=="1") + printf "\\x%02X", n + } + } + ')" + ;; + esac +} + +TIMEOUT=${TIMEOUT:-5} +[ -n "$VOLUMES" ] || VOLUMES=$(df -P | awk 'NR>1{print $6}') + +route_status() { + if [ -z "$URLS" ]; then + printf '{\n "checks": [],\n "summary":{"total":0,"ok":0}\n}\n' + return + fi + { + printf '{\n "checks": [\n' + first=1 okcnt=0 tot=0 + for u in $URLS; do + tot=$((tot+1)) + res=$(curl -sS -m "$TIMEOUT" -o /dev/null -w '%{http_code} %{time_total}' "$u" 2>/dev/null) || res="000 0" + code=${res%% *}; ttot=${res#* } + case $code in 2*|3*) ok=true; okcnt=$((okcnt+1));; *) ok=false;; esac + [ $first -eq 0 ] && printf ',\n'; first=0 + printf ' {"url":"%s","code":%s,"time_s":%s,"ok":%s}' "$u" "$code" "$ttot" "$ok" + done + printf '\n ],\n "summary":{"total":%s,"ok":%s}\n}\n' "$tot" "$okcnt" + } +} + +route_disk() { + { + printf '{\n "volumes": [\n' + first=1 + for v in $VOLUMES; do + # POSIX df -P: Filesystem 1K-blocks Used Available Capacity Mounted on + # shellcheck disable=SC2046 + set -- $(df -P "$v" 2>/dev/null | awk 'NR==2{print $2, $3, $4, $5, $6}') + size=$1 used=$2 avail=$3 usep=$4 mnt=$5 + [ -z "$size" ] && continue + [ $first -eq 0 ] && printf ',\n'; first=0 + printf ' {"mount":"%s","size_blocks":%s,"used":%s,"avail":%s,"use_percent":"%s"}' \ + "$mnt" "$size" "$used" "$avail" "$usep" + done + printf '\n ]\n}\n' + } +} + +require_auth=false +[ -n "$USER" ] && [ -n "$PASS" ] && require_auth=true + +# --- read request & headers --- +IFS= read -r req || exit 0 +cr=$(printf '\r') +while IFS= read -r line; do + [ -z "$line" ] && break + [ "$line" = "$cr" ] && break + case "$line" in + "Authorization: Basic "*) + tok=${line#Authorization: Basic } + tok=$(printf '%s' "$tok" | tr -d '\r\n') + expect=$(base64 encode "$USER:$PASS") + [ "$tok" = "$expect" ] && auth_ok=true + ;; + esac +done + +# --- auth gate --- +unauth() { + body='{"error":"unauthorized"}' + len=$(printf '%s' "$body" | wc -c | awk '{print $1}') + printf 'HTTP/1.1 401 Unauthorized\r\n' + printf 'Content-Type: application/json\r\n' + printf 'Content-Length: %s\r\n' "$len" + printf 'WWW-Authenticate: Basic realm="minimal", charset="UTF-8"\r\n' + printf 'Connection: close\r\n\r\n' + printf '%s' "$body" +} + +if $require_auth && ! $auth_ok; then + unauth + exit 0 +fi + +tmp=$(mktemp) || exit 1 +trap 'rm -f "$tmp"' EXIT INT HUP + +case "$req" in + "GET /status "*) route_status >"$tmp"; status='200 OK'; ctype='application/json' ;; + "GET /disk "*) route_disk >"$tmp"; status='200 OK'; ctype='application/json' ;; + *) printf 'Not found\n' >"$tmp"; status='404 Not Found'; ctype='text/plain' ;; +esac + +len=$(wc -c <"$tmp" | awk '{print $1}') +printf 'HTTP/1.1 %s\r\nContent-Type: %s\r\nContent-Length: %s\r\nConnection: close\r\n\r\n' "$status" "$ctype" "$len" +cat "$tmp" diff --git a/package/sentinèlla/probe.sh b/package/sentinèlla/probe.sh new file mode 100644 index 0000000..fdaae2d --- /dev/null +++ b/package/sentinèlla/probe.sh @@ -0,0 +1,3 @@ +#!/bin/dash + +socat -T5 -t5 TCP-LISTEN:"${PORT:-5988}",reuseaddr,fork EXEC:"dash $LOOP_FILE" diff --git a/package/sentinèlla/sentinel.sh b/package/sentinèlla/sentinel.sh new file mode 100644 index 0000000..5619f5a --- /dev/null +++ b/package/sentinèlla/sentinel.sh @@ -0,0 +1,3 @@ +#!/bin/dash + + diff --git a/package/server-health/default.nix b/package/server-health/default.nix deleted file mode 100644 index 58134ad..0000000 --- a/package/server-health/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ writeShellScriptBin, socat, bash }: -writeShellScriptBin "server-health" '' - ${socat}/bin/socat -T5 -t5 TCP-LISTEN:''${PORT:-5988},reuseaddr,fork EXEC:"${bash}/bin/sh ${./server-health.sh}" -'' diff --git a/package/server-health/server-health.sh b/package/server-health/server-health.sh deleted file mode 100644 index a6cb500..0000000 --- a/package/server-health/server-health.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh -# router.sh — POSIX sh HTTP backend (for socat) -# usage: socat -T5 -t5 TCP-LISTEN:${port},reuseaddr,fork EXEC:"sh ${currentfile}" -# Routes: -# GET /status -> check $URLS (0/0 if unset) -# GET /disk -> check $VOLUMES (all if unset) -# Env: -# URLS="http://..." # default: none -# VOLUMES="/ /home" # default: all from df -P -# TIMEOUT=5 - -TIMEOUT=${TIMEOUT:-5} -[ -n "$VOLUMES" ] || VOLUMES=$(df -P | awk 'NR>1{print $6}') - -route_status() { - if [ -z "$URLS" ]; then - printf '{\n "checks": [],\n "summary":{"total":0,"ok":0}\n}\n' - return - fi - { - printf '{\n "checks": [\n' - first=1 okcnt=0 tot=0 - for u in $URLS; do - tot=$((tot+1)) - res=$(curl -sS -m "$TIMEOUT" -o /dev/null -w '%{http_code} %{time_total}' "$u" 2>/dev/null) || res="000 0" - code=${res%% *}; ttot=${res#* } - case $code in 2*|3*) ok=true; okcnt=$((okcnt+1));; *) ok=false;; esac - [ $first -eq 0 ] && printf ',\n'; first=0 - printf ' {"url":"%s","code":%s,"time_s":%s,"ok":%s}' "$u" "$code" "$ttot" "$ok" - done - printf '\n ],\n "summary":{"total":%s,"ok":%s}\n}\n' "$tot" "$okcnt" - } -} - -route_disk() { - { - printf '{\n "volumes": [\n' - first=1 - for v in $VOLUMES; do - # POSIX df -P: Filesystem 1K-blocks Used Available Capacity Mounted on - # shellcheck disable=SC2046 - set -- $(df -P "$v" 2>/dev/null | awk 'NR==2{print $2, $3, $4, $5, $6}') - size=$1 used=$2 avail=$3 usep=$4 mnt=$5 - [ -z "$size" ] && continue - [ $first -eq 0 ] && printf ',\n'; first=0 - printf ' {"mount":"%s","size_blocks":%s,"used":%s,"avail":%s,"use_percent":"%s"}' \ - "$mnt" "$size" "$used" "$avail" "$usep" - done - printf '\n ]\n}\n' - } -} - -# --- read request & headers --- -IFS= read -r req || exit 0 -cr=$(printf '\r') -while IFS= read -r line; do - [ -z "$line" ] && break - [ "$line" = "$cr" ] && break -done - -tmp=$(mktemp) || exit 1 -trap 'rm -f "$tmp"' EXIT INT HUP - -case "$req" in - "GET /status "*) route_status >"$tmp"; status='200 OK'; ctype='application/json' ;; - "GET /disk "*) route_disk >"$tmp"; status='200 OK'; ctype='application/json' ;; - *) printf 'Not found\n' >"$tmp"; status='404 Not Found'; ctype='text/plain' ;; -esac - -len=$(wc -c <"$tmp" | awk '{print $1}') -printf 'HTTP/1.1 %s\r\nContent-Type: %s\r\nContent-Length: %s\r\nConnection: close\r\n\r\n' "$status" "$ctype" "$len" -cat "$tmp" diff --git a/package/shellplot/shellplot.sh b/package/shellplot/shellplot.sh index 0fc52e4..c9ca6e9 100644 --- a/package/shellplot/shellplot.sh +++ b/package/shellplot/shellplot.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/dash # ImageMagick: scatter plot "by dots" from (x y) data # - Input: points.txt with "x y" per line (whitespace-separated) # - Output: plot.png (white bg, black dots). Also draws an optional polyline through points.