diff options
author | stuebinm | 2024-04-07 20:02:27 +0200 |
---|---|---|
committer | stuebinm | 2024-04-07 20:03:13 +0200 |
commit | 8c13f3e743fe3de7ff8e5aef421099cc37a117be (patch) | |
tree | d1bd165bfe5da922b43a591e08d92ed0b33b9207 /common | |
parent | 74b0a75c5b9454de83c96caee506a575286c8beb (diff) |
common/headless: basic monitoring on by default
Diffstat (limited to 'common')
-rw-r--r-- | common/headless.nix | 2 | ||||
-rw-r--r-- | common/monitoring.nix | 40 |
2 files changed, 41 insertions, 1 deletions
diff --git a/common/headless.nix b/common/headless.nix index 14181ef..da1cdd2 100644 --- a/common/headless.nix +++ b/common/headless.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - imports = [ ./common.nix ]; + imports = [ ./common.nix ./monitoring.nix ]; # environment.systemPackages = [ pkgs.kitty.terminfo ]; diff --git a/common/monitoring.nix b/common/monitoring.nix new file mode 100644 index 0000000..e5f111c --- /dev/null +++ b/common/monitoring.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + # includes mail address, which includes ntfy token + sops.secrets."monit/mail".sopsFile = ../secrets/common.yaml; + + services.monit = { + enable = true; + + config = '' + include /run/secrets/monit/mail + + set daemon 120 with start delay 60 + set mailserver + ping.stuebinm.eu + port 2525 + + set httpd port 2812 address localhost + allow localhost + + check filesystem root with path / + if space usage > 80% then alert + if inode usage > 80% then alert + + check process sshd with pidfile /var/run/sshd.pid + start program "${pkgs.systemd}/bin/systemctl start sshd" + stop program "${pkgs.systemd}/bin/systemctl stop sshd" + if failed port 22 protocol ssh for 2 cycles then restart + + check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running + if status != 0 then alert + + set mail-format { + subject: ${config.networking.hostName}/$SERVICE: $EVENT + message: Action: $ACTION $SERVICE: $DESCRIPTION. + ($DATE) + } + ''; + }; +} |