flora/services/monit.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

{ config, lib, pkgs, ... }:

{
  services.monit = {

    config = ''
      check host stuebinm.eu with address stuebinm.eu
            if failed port 443 with protocol https
            then alert

      check host akkoma with address pleroma.stuebinm.eu
            if failed port 443 with protocol https
            then alert

      check host murmur with address meow.noms.ing
            if failed port 64738 of type tcp using ssl with expect "NixOS"
            then alert

      check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid
            start program = "${pkgs.systemd}/bin/systemctl start postfix"
            stop program = "${pkgs.systemd}/bin/systemctl stop postfix"
            if failed port 25 protocol smtp for 5 cycles then restart

      check process dovecot with pidfile /var/run/dovecot2/master.pid
            start program = "${pkgs.systemd}/bin/systemctl start dovecot2"
            stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2"
            if failed host mail.stuebinm.eu port 993 type tcpssl sslauto protocol imap for 5 cycles then restart

      check host bahnhof.name with address bahnhof.name
            if failed port 443 with protocol https
            then alert

      check host hacc-uffd with address login.infra4future.de
            if failed port 443 with protocol https
            then alert

      check host hacc-onlyoffice with address onlyoffice.infra4future.de
            if failed port 443 with protocol https and status 302
            then alert

      check host hacc-mattermost with address mattermost.infra4future.de
            if failed port 443 with protocol https
            then alert

      check host hacc-nextcloud with address cloud.infra4future.de
            if failed port 443 with protocol https
            then alert

      check host nobelium with address colorspace.club
            if failed port 443 with protocol https
            then alert
    '';
  };

  systemd.services.monit_prometheus = {
    enable = true;
    serviceConfig = {
      ExecStart = "${pkgs.gauche}/bin/gosh ${pkgs.copyPathToStore ../../pkgs/scripts/monit-prometheus.scm} -i http://localhost:2812 -o /tmp/dings";
    };
    path = [ pkgs.curl ];
    startAt = "*-*-* *:*:00";
  };
}