diff options
| author | stuebinm | 2024-04-07 20:02:27 +0200 |
|---|---|---|
| committer | stuebinm | 2024-04-07 20:03:13 +0200 |
| commit | 8c13f3e743fe3de7ff8e5aef421099cc37a117be (patch) | |
| tree | d1bd165bfe5da922b43a591e08d92ed0b33b9207 /flora/services | |
| parent | 74b0a75c5b9454de83c96caee506a575286c8beb (diff) | |
common/headless: basic monitoring on by default
Diffstat (limited to 'flora/services')
| -rw-r--r-- | flora/services/monit.nix | 32 | ||||
| -rw-r--r-- | flora/services/ntfy.nix | 2 |
2 files changed, 2 insertions, 32 deletions
diff --git a/flora/services/monit.nix b/flora/services/monit.nix index 6c11522..0b7ee7c 100644 --- a/flora/services/monit.nix +++ b/flora/services/monit.nix @@ -1,27 +1,9 @@ { config, lib, pkgs, ... }: { - # includes mail address, which includes ntfy token - sops.secrets."monit/mail" = {}; - services.monit = { - enable = true; config = '' - include /run/secrets/monit/mail - - set daemon 120 with start delay 60 - set mailserver - localhost - port 2525 - - set httpd port 2812 address localhost - allow localhost - - check filesystem root with path / - if space usage > 80% then alert - if inode usage > 80% then alert - check host stuebinm.eu with address stuebinm.eu if failed port 443 with protocol https then alert @@ -34,11 +16,6 @@ if failed port 64738 of type tcp using ssl with expect "NixOS" then alert - check process sshd with pidfile /var/run/sshd.pid - start program "${pkgs.systemd}/bin/systemctl start sshd" - stop program "${pkgs.systemd}/bin/systemctl stop sshd" - if failed port 22 protocol ssh for 2 cycles then restart - check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid start program = "${pkgs.systemd}/bin/systemctl start postfix" stop program = "${pkgs.systemd}/bin/systemctl stop postfix" @@ -53,9 +30,6 @@ if failed port 443 with protocol https then alert - check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running - if status != 0 then alert - check host hacc-uffd with address login.infra4future.de if failed port 443 with protocol https then alert @@ -67,12 +41,6 @@ check host hacc-mattermost with address mattermost.infra4future.de if failed port 443 with protocol https then alert - - set mail-format { - subject: $SERVICE: $EVENT - message: Action: $ACTION $SERVICE: $DESCRIPTION. - ($DATE) - } ''; }; diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix index e00971f..aa46a39 100644 --- a/flora/services/ntfy.nix +++ b/flora/services/ntfy.nix @@ -21,6 +21,8 @@ }; }; + networking.firewall.allowedTCPPorts = [ 2525 ]; + services.mollysocket = { enable = true; settings = { |