From 8c13f3e743fe3de7ff8e5aef421099cc37a117be Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 7 Apr 2024 20:02:27 +0200 Subject: common/headless: basic monitoring on by default --- common/headless.nix | 2 +- common/monitoring.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 common/monitoring.nix (limited to 'common') diff --git a/common/headless.nix b/common/headless.nix index 14181ef..da1cdd2 100644 --- a/common/headless.nix +++ b/common/headless.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - imports = [ ./common.nix ]; + imports = [ ./common.nix ./monitoring.nix ]; # environment.systemPackages = [ pkgs.kitty.terminfo ]; diff --git a/common/monitoring.nix b/common/monitoring.nix new file mode 100644 index 0000000..e5f111c --- /dev/null +++ b/common/monitoring.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + # includes mail address, which includes ntfy token + sops.secrets."monit/mail".sopsFile = ../secrets/common.yaml; + + services.monit = { + enable = true; + + config = '' + include /run/secrets/monit/mail + + set daemon 120 with start delay 60 + set mailserver + ping.stuebinm.eu + port 2525 + + set httpd port 2812 address localhost + allow localhost + + check filesystem root with path / + if space usage > 80% then alert + if inode usage > 80% then alert + + check process sshd with pidfile /var/run/sshd.pid + start program "${pkgs.systemd}/bin/systemctl start sshd" + stop program "${pkgs.systemd}/bin/systemctl stop sshd" + if failed port 22 protocol ssh for 2 cycles then restart + + check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running + if status != 0 then alert + + set mail-format { + subject: ${config.networking.hostName}/$SERVICE: $EVENT + message: Action: $ACTION $SERVICE: $DESCRIPTION. + ($DATE) + } + ''; + }; +} -- cgit v1.2.3