blob: 6c11522707db9ed5b7a7822831919f305e9b1b3c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
{ config, lib, pkgs, ... }:
{
# includes mail address, which includes ntfy token
sops.secrets."monit/mail" = {};
services.monit = {
enable = true;
config = ''
include /run/secrets/monit/mail
set daemon 120 with start delay 60
set mailserver
localhost
port 2525
set httpd port 2812 address localhost
allow localhost
check filesystem root with path /
if space usage > 80% then alert
if inode usage > 80% then alert
check host stuebinm.eu with address stuebinm.eu
if failed port 443 with protocol https
then alert
check host akkoma with address pleroma.stuebinm.eu
if failed port 443 with protocol https
then alert
check host murmur with address meow.noms.ing
if failed port 64738 of type tcp using ssl with expect "NixOS"
then alert
check process sshd with pidfile /var/run/sshd.pid
start program "${pkgs.systemd}/bin/systemctl start sshd"
stop program "${pkgs.systemd}/bin/systemctl stop sshd"
if failed port 22 protocol ssh for 2 cycles then restart
check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid
start program = "${pkgs.systemd}/bin/systemctl start postfix"
stop program = "${pkgs.systemd}/bin/systemctl stop postfix"
if failed port 25 protocol smtp for 5 cycles then restart
check process dovecot with pidfile /var/run/dovecot2/master.pid
start program = "${pkgs.systemd}/bin/systemctl start dovecot2"
stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2"
if failed host mail.stuebinm.eu port 993 type tcpssl sslauto protocol imap for 5 cycles then restart
check host bahnhof.name with address bahnhof.name
if failed port 443 with protocol https
then alert
check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running
if status != 0 then alert
check host hacc-uffd with address login.infra4future.de
if failed port 443 with protocol https
then alert
check host hacc-onlyoffice with address onlyoffice.infra4future.de
if failed port 443 with protocol https and status 302
then alert
check host hacc-mattermost with address mattermost.infra4future.de
if failed port 443 with protocol https
then alert
set mail-format {
subject: $SERVICE: $EVENT
message: Action: $ACTION $SERVICE: $DESCRIPTION.
($DATE)
}
'';
};
systemd.services.monit_prometheus = {
enable = true;
serviceConfig = {
ExecStart = "${pkgs.gauche}/bin/gosh ${pkgs.copyPathToStore ../../pkgs/scripts/monit-prometheus.scm} -i http://localhost:2812 -o /tmp/dings";
};
path = [ pkgs.curl ];
startAt = "*-*-* *:*:00";
};
}
|