diff options
| author | stuebinm | 2024-02-29 16:48:59 +0100 |
|---|---|---|
| committer | stuebinm | 2024-02-29 16:48:59 +0100 |
| commit | ffa6d5eb82c3f71cfaf60c98dfc3d82276497ac5 (patch) | |
| tree | a52b879ca2ea93578af3e7ada6e99397160ac95c | |
| parent | 86ced9c8aa3afef3d6cefb38328ed03f38bdfbf0 (diff) | |
flora: monit via ntfy sh
so it turns out ntfy can run a little smtp server, which monit can send
its alerts to, resulting in a halfway okayish monitoring setup. It
doesn't even require mucking about with `sendmail'!
Downside: this is still monit.
Upside: from what I've heard, the other monitoring tools don't actually
seem to be all that much better?
Now I only have to come up with reasonable checks for the stuff I want
to actually keep an eye on …
| -rw-r--r-- | flora/configuration.nix | 1 | ||||
| -rw-r--r-- | flora/services/monit.nix | 32 | ||||
| -rw-r--r-- | flora/services/ntfy.nix | 7 | ||||
| -rw-r--r-- | secrets/flora.yaml | 8 |
4 files changed, 45 insertions, 3 deletions
diff --git a/flora/configuration.nix b/flora/configuration.nix index 9f2eb82..40cd3a5 100644 --- a/flora/configuration.nix +++ b/flora/configuration.nix @@ -12,6 +12,7 @@ ./services/element.nix ./services/ntfy.nix ./services/murmur.nix + ./services/monit.nix ]; # Use the GRUB 2 boot loader. diff --git a/flora/services/monit.nix b/flora/services/monit.nix new file mode 100644 index 0000000..c8f7b3f --- /dev/null +++ b/flora/services/monit.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +{ + # includes mail address, which includes ntfy token + sops.secrets."monit/mail" = {}; + + services.monit = { + enable = true; + + config = '' + include /run/secrets/monit/mail + + set daemon 120 with start delay 60 + set mailserver + localhost + port 2525 + + set httpd port 2812 and use address localhost + allow localhost + allow admin:obwjoawijerfoijsiwfj29jf2f2jd + + check filesystem root with path / + if space usage > 80% then alert + if inode usage > 80% then alert + + check host stuebinm.eu with address stuebinm.eu + if failed + port 443 protocol https + then alert + ''; + }; +} diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix index cda212d..45dcb3c 100644 --- a/flora/services/ntfy.nix +++ b/flora/services/ntfy.nix @@ -10,6 +10,9 @@ listen-unix = "/run/ntfy-sh/ntfy.sock"; listen-unix-mode = 511; ## lossy nix->yaml conversion eats octal literals (equal to 0777) + smtp-server-listen = ":2525"; + smtp-server-domain = "ping.stuebinm.eu"; + auth-file = "/var/lib/ntfy-sh/user.db"; auth-default-access = "deny-all"; @@ -32,4 +35,8 @@ RuntimeDirectory = [ "ntfy-sh" ]; }; }; + + environment.etc."ntfy/client.yml".text = '' + default-host: https://ping.stuebinm.eu + ''; } diff --git a/secrets/flora.yaml b/secrets/flora.yaml index ca2db83..83daec0 100644 --- a/secrets/flora.yaml +++ b/secrets/flora.yaml @@ -4,6 +4,8 @@ akkoma: keyBase: ENC[AES256_GCM,data:E9jPxP8Hg3civkyqHYPdAizisq/Oxw1zHsOmN0XvzPcKlX63ov3Akb1EFGsNqDBoSwTXtMoQk305cMB6VPLqmw==,iv:5c5W83leUmwy3w0dDvkWNdS7JWeseuxEnQc7f98O3bg=,tag:xz5JtAzvqSlkS6FKd8hVhw==,type:str] signingSalt: ENC[AES256_GCM,data:/htaDciCAhI=,iv:MV4vYD+qaNBicKZEmYffGfTqE2AQgfUdQVjTrLGPMck=,tag:/Of2A9X2QeE6k4lHwWKcOQ==,type:str] jokenDefaultSigner: ENC[AES256_GCM,data:1Wl/N58oiGiGeBHSkJPqLeHOyBmVgLGshAmTyi2H8cu7w/tIHMxW2sd11hhzyq2FCNVsL3Bi+yXgydG7uCl5yw==,iv:criEzJfQMsAUZ7tnIQvr9HOqn7NjBBzXL+rFAgzohPY=,tag:+izDkiUEfwD1+Ym2OuZRnA==,type:str] +monit: + mail: ENC[AES256_GCM,data:wq+xDelBsyIZRJY0GHrZGPWCF0deLZRZxrU89M93hK1zUIeWP6i7xO3dgKE/A5OAGa350Zbj5v9QTieNFHiGqr9g,iv:APUuS3s+t4VPz24Ppen3u+LFSv+GqO49j9Mq77Mb3lQ=,tag:rNVJGN/lnCuq9Km8lZTkLw==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +30,8 @@ sops: SEx0Y2tsaGtkV3dMd0t0ejl3WVkwOW8KTpb14yYJ1bOeLquOrmworNqiwYoZSYiQ LkLkXKSGf6T3BrL0t0bM3fgwSQN3k92GGsEZzY7I2hhxZoNXGBOaKg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-11T16:27:36Z" - mac: ENC[AES256_GCM,data:jDwXDqpcX8eaYkVsHAt9rEVoavFCXF16YJV4QkjREy24f7c52pIqbOQ3RYcslyXjGWz0MCgUQ6B2w1MOvY6+xIF+dqPf1sSM5jnbazr9iyvhPIdlKWWq8MXHJEPDqC71ZkfGrPCboZmuZit2lWPu+czalZP/Dcm7bJexEsr2NZs=,iv:DVbxbYbgWNCTCgVKs3SvUCiDF0C9Av/OyrlGQHXW8WE=,tag:zwXtxzc6T8QO1T/esyDkNQ==,type:str] + lastmodified: "2024-02-29T15:29:35Z" + mac: ENC[AES256_GCM,data:kQ6+O8Ar7qnRTpuQauxngXvt+KlyqdFw85vjXPQ63vqVKWCrODlTJXD5saC2WQdMuMF3UfPLru1a35TyXxobu+MlvTadVpqUEtRZjtjhAydEA7+HEyvo+pUlmrm+LCrX3ajKhqlbobUE4kdHg0A2BYOlWIPq9CHtvwAC92R7De4=,iv:Gk5hgwEh4D1QLkiVaMRgcnyS2/F1mK/MpSMYjPaVL7U=,tag:noGbtmNC1yTDzUycML3Mpg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 |