common/monitoring.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

{ config, lib, pkgs, ... }:

{
  # includes mail address, which includes ntfy token
  sops.secrets."monit/mail".sopsFile = ../secrets/common.yaml;

  services.monit = {
    enable = true;

    config = ''
      include /run/secrets/monit/mail

      set daemon 120 with start delay 60
      set mailserver
          ping.stuebinm.eu
          port 2525

      set httpd port 2812 address localhost
          allow localhost

      check filesystem root with path /
            if space usage > 80% then alert
            if inode usage > 80% then alert

      check process sshd with pidfile /var/run/sshd.pid
            start program  "${pkgs.systemd}/bin/systemctl start sshd"
            stop program  "${pkgs.systemd}/bin/systemctl stop sshd"
            if failed port 22 protocol ssh for 2 cycles then restart

      check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running
            if status != 0 then alert

      set mail-format {
        subject: ${config.networking.hostName}/$SERVICE: $EVENT
        message: Action: $ACTION $SERVICE: $DESCRIPTION.
      ($DATE)
      }
    '';
  };
}