summaryrefslogtreecommitdiff
path: root/flora/services
diff options
context:
space:
mode:
authorstuebinm2024-04-07 20:02:27 +0200
committerstuebinm2024-04-07 20:03:13 +0200
commit8c13f3e743fe3de7ff8e5aef421099cc37a117be (patch)
treed1bd165bfe5da922b43a591e08d92ed0b33b9207 /flora/services
parent74b0a75c5b9454de83c96caee506a575286c8beb (diff)
common/headless: basic monitoring on by default
Diffstat (limited to 'flora/services')
-rw-r--r--flora/services/monit.nix32
-rw-r--r--flora/services/ntfy.nix2
2 files changed, 2 insertions, 32 deletions
diff --git a/flora/services/monit.nix b/flora/services/monit.nix
index 6c11522..0b7ee7c 100644
--- a/flora/services/monit.nix
+++ b/flora/services/monit.nix
@@ -1,27 +1,9 @@
{ config, lib, pkgs, ... }:
{
- # includes mail address, which includes ntfy token
- sops.secrets."monit/mail" = {};
-
services.monit = {
- enable = true;
config = ''
- include /run/secrets/monit/mail
-
- set daemon 120 with start delay 60
- set mailserver
- localhost
- port 2525
-
- set httpd port 2812 address localhost
- allow localhost
-
- check filesystem root with path /
- if space usage > 80% then alert
- if inode usage > 80% then alert
-
check host stuebinm.eu with address stuebinm.eu
if failed port 443 with protocol https
then alert
@@ -34,11 +16,6 @@
if failed port 64738 of type tcp using ssl with expect "NixOS"
then alert
- check process sshd with pidfile /var/run/sshd.pid
- start program "${pkgs.systemd}/bin/systemctl start sshd"
- stop program "${pkgs.systemd}/bin/systemctl stop sshd"
- if failed port 22 protocol ssh for 2 cycles then restart
-
check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid
start program = "${pkgs.systemd}/bin/systemctl start postfix"
stop program = "${pkgs.systemd}/bin/systemctl stop postfix"
@@ -53,9 +30,6 @@
if failed port 443 with protocol https
then alert
- check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running
- if status != 0 then alert
-
check host hacc-uffd with address login.infra4future.de
if failed port 443 with protocol https
then alert
@@ -67,12 +41,6 @@
check host hacc-mattermost with address mattermost.infra4future.de
if failed port 443 with protocol https
then alert
-
- set mail-format {
- subject: $SERVICE: $EVENT
- message: Action: $ACTION $SERVICE: $DESCRIPTION.
- ($DATE)
- }
'';
};
diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix
index e00971f..aa46a39 100644
--- a/flora/services/ntfy.nix
+++ b/flora/services/ntfy.nix
@@ -21,6 +21,8 @@
};
};
+ networking.firewall.allowedTCPPorts = [ 2525 ];
+
services.mollysocket = {
enable = true;
settings = {