summaryrefslogtreecommitdiff
path: root/flora/services/monit.nix
blob: e9544e12fb64c6ea5873e85d9b94baf86eb15ec3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{ config, lib, pkgs, ... }:

{
  # includes mail address, which includes ntfy token
  sops.secrets."monit/mail" = {};

  services.monit = {
    enable = true;

    config = ''
      include /run/secrets/monit/mail

      set daemon 120 with start delay 60
      set mailserver
          localhost
          port 2525

      set httpd port 2812 address localhost
          allow localhost

      check filesystem root with path /
            if space usage > 80% then alert
            if inode usage > 80% then alert

      check host stuebinm.eu with address stuebinm.eu
            if failed port 443 with protocol https
            then alert

      check host akkoma with address pleroma.stuebinm.eu
            if failed port 443 with protocol https
            then alert

      check host murmur with address meow.noms.ing
            if failed port 64738 of type tcp using ssl with expect "NixOS"
            then alert

      check process sshd with pidfile /var/run/sshd.pid
            start program  "${pkgs.systemd}/bin/systemctl start sshd"
            stop program  "${pkgs.systemd}/bin/systemctl stop sshd"
            if failed port 22 protocol ssh for 2 cycles then restart

      check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid
            start program = "${pkgs.systemd}/bin/systemctl start postfix"
            stop program = "${pkgs.systemd}/bin/systemctl stop postfix"
            if failed port 25 protocol smtp for 5 cycles then restart

      check process dovecot with pidfile /var/run/dovecot2/master.pid
            start program = "${pkgs.systemd}/bin/systemctl start dovecot2"
            stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2"
            if failed host mail.stuebinm.eu port 993 type tcpssl sslauto protocol imap for 5 cycles then restart

      check host bahnhof.name with address bahnhof.name
            if failed port 443 with protocol https
            then alert

      check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running
            if status != 0 then alert

      check host hacc-uffd with address login.infra4future.de
            if failed port 443 with protocol https
            then alert

      check host hacc-onlyoffice with address onlyoffice.infra4future.de
            if failed port 443 with protocol https and status 302
            then alert

      check host hacc-mattermost with address mattermost.infra4future.de
            if failed port 443 with protocol https
            then alert

      set mail-format {
        subject: $SERVICE: $EVENT
        message: Action: $ACTION $SERVICE: $DESCRIPTION.
      ($DATE)
      }
    '';
  };
}