summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorstuebinm2024-02-29 16:48:59 +0100
committerstuebinm2024-02-29 16:48:59 +0100
commitffa6d5eb82c3f71cfaf60c98dfc3d82276497ac5 (patch)
treea52b879ca2ea93578af3e7ada6e99397160ac95c
parent86ced9c8aa3afef3d6cefb38328ed03f38bdfbf0 (diff)
flora: monit via ntfy sh
so it turns out ntfy can run a little smtp server, which monit can send its alerts to, resulting in a halfway okayish monitoring setup. It doesn't even require mucking about with `sendmail'! Downside: this is still monit. Upside: from what I've heard, the other monitoring tools don't actually seem to be all that much better? Now I only have to come up with reasonable checks for the stuff I want to actually keep an eye on …
-rw-r--r--flora/configuration.nix1
-rw-r--r--flora/services/monit.nix32
-rw-r--r--flora/services/ntfy.nix7
-rw-r--r--secrets/flora.yaml8
4 files changed, 45 insertions, 3 deletions
diff --git a/flora/configuration.nix b/flora/configuration.nix
index 9f2eb82..40cd3a5 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -12,6 +12,7 @@
./services/element.nix
./services/ntfy.nix
./services/murmur.nix
+ ./services/monit.nix
];
# Use the GRUB 2 boot loader.
diff --git a/flora/services/monit.nix b/flora/services/monit.nix
new file mode 100644
index 0000000..c8f7b3f
--- /dev/null
+++ b/flora/services/monit.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+ # includes mail address, which includes ntfy token
+ sops.secrets."monit/mail" = {};
+
+ services.monit = {
+ enable = true;
+
+ config = ''
+ include /run/secrets/monit/mail
+
+ set daemon 120 with start delay 60
+ set mailserver
+ localhost
+ port 2525
+
+ set httpd port 2812 and use address localhost
+ allow localhost
+ allow admin:obwjoawijerfoijsiwfj29jf2f2jd
+
+ check filesystem root with path /
+ if space usage > 80% then alert
+ if inode usage > 80% then alert
+
+ check host stuebinm.eu with address stuebinm.eu
+ if failed
+ port 443 protocol https
+ then alert
+ '';
+ };
+}
diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix
index cda212d..45dcb3c 100644
--- a/flora/services/ntfy.nix
+++ b/flora/services/ntfy.nix
@@ -10,6 +10,9 @@
listen-unix = "/run/ntfy-sh/ntfy.sock";
listen-unix-mode = 511; ## lossy nix->yaml conversion eats octal literals (equal to 0777)
+ smtp-server-listen = ":2525";
+ smtp-server-domain = "ping.stuebinm.eu";
+
auth-file = "/var/lib/ntfy-sh/user.db";
auth-default-access = "deny-all";
@@ -32,4 +35,8 @@
RuntimeDirectory = [ "ntfy-sh" ];
};
};
+
+ environment.etc."ntfy/client.yml".text = ''
+ default-host: https://ping.stuebinm.eu
+ '';
}
diff --git a/secrets/flora.yaml b/secrets/flora.yaml
index ca2db83..83daec0 100644
--- a/secrets/flora.yaml
+++ b/secrets/flora.yaml
@@ -4,6 +4,8 @@ akkoma:
keyBase: ENC[AES256_GCM,data:E9jPxP8Hg3civkyqHYPdAizisq/Oxw1zHsOmN0XvzPcKlX63ov3Akb1EFGsNqDBoSwTXtMoQk305cMB6VPLqmw==,iv:5c5W83leUmwy3w0dDvkWNdS7JWeseuxEnQc7f98O3bg=,tag:xz5JtAzvqSlkS6FKd8hVhw==,type:str]
signingSalt: ENC[AES256_GCM,data:/htaDciCAhI=,iv:MV4vYD+qaNBicKZEmYffGfTqE2AQgfUdQVjTrLGPMck=,tag:/Of2A9X2QeE6k4lHwWKcOQ==,type:str]
jokenDefaultSigner: ENC[AES256_GCM,data:1Wl/N58oiGiGeBHSkJPqLeHOyBmVgLGshAmTyi2H8cu7w/tIHMxW2sd11hhzyq2FCNVsL3Bi+yXgydG7uCl5yw==,iv:criEzJfQMsAUZ7tnIQvr9HOqn7NjBBzXL+rFAgzohPY=,tag:+izDkiUEfwD1+Ym2OuZRnA==,type:str]
+monit:
+ mail: ENC[AES256_GCM,data:wq+xDelBsyIZRJY0GHrZGPWCF0deLZRZxrU89M93hK1zUIeWP6i7xO3dgKE/A5OAGa350Zbj5v9QTieNFHiGqr9g,iv:APUuS3s+t4VPz24Ppen3u+LFSv+GqO49j9Mq77Mb3lQ=,tag:rNVJGN/lnCuq9Km8lZTkLw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -28,8 +30,8 @@ sops:
SEx0Y2tsaGtkV3dMd0t0ejl3WVkwOW8KTpb14yYJ1bOeLquOrmworNqiwYoZSYiQ
LkLkXKSGf6T3BrL0t0bM3fgwSQN3k92GGsEZzY7I2hhxZoNXGBOaKg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-04-11T16:27:36Z"
- mac: ENC[AES256_GCM,data:jDwXDqpcX8eaYkVsHAt9rEVoavFCXF16YJV4QkjREy24f7c52pIqbOQ3RYcslyXjGWz0MCgUQ6B2w1MOvY6+xIF+dqPf1sSM5jnbazr9iyvhPIdlKWWq8MXHJEPDqC71ZkfGrPCboZmuZit2lWPu+czalZP/Dcm7bJexEsr2NZs=,iv:DVbxbYbgWNCTCgVKs3SvUCiDF0C9Av/OyrlGQHXW8WE=,tag:zwXtxzc6T8QO1T/esyDkNQ==,type:str]
+ lastmodified: "2024-02-29T15:29:35Z"
+ mac: ENC[AES256_GCM,data:kQ6+O8Ar7qnRTpuQauxngXvt+KlyqdFw85vjXPQ63vqVKWCrODlTJXD5saC2WQdMuMF3UfPLru1a35TyXxobu+MlvTadVpqUEtRZjtjhAydEA7+HEyvo+pUlmrm+LCrX3ajKhqlbobUE4kdHg0A2BYOlWIPq9CHtvwAC92R7De4=,iv:Gk5hgwEh4D1QLkiVaMRgcnyS2/F1mK/MpSMYjPaVL7U=,tag:noGbtmNC1yTDzUycML3Mpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
- version: 3.7.3
+ version: 3.8.1