From 29cb68a21666ea57e65932f5faed82daed7c109b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20D=C3=B6rfler?= <phdoerfler@gmail.com>
Date: Fri, 12 Jan 2018 21:22:05 +0000
Subject: [PATCH] Added monitoring of disk space and more with monit.
---
default.nix | 60 +++++++++++++++++++++++++++++++++++++++++++
mail-server/monit.nix | 32 +++++++++++++++++++++++
2 files changed, 92 insertions(+)
create mode 100644 mail-server/monit.nix
diff --git a/default.nix b/default.nix
index 7fd29fd..40305db 100644
--- a/default.nix
+++ b/default.nix
@@ -363,10 +363,70 @@ in
Runs a local DNS resolver (kresd) as recommended when running rspamd. This prevents your log file from filling up with rspamd_monitored_dns_mon entries.
'';
};
+
+ monitoring = {
+ enable = mkEnableOption "monitoring via monit";
+
+ alertAddress = mkOption {
+ type = types.string;
+ description = ''
+ The email address to send alerts to.
+ '';
+ };
+
+ config = mkOption {
+ type = types.string;
+ default = ''
+ set daemon 120 with start delay 60
+ set mailserver
+ localhost
+
+ set httpd port 2812 and use address localhost
+ allow localhost
+ allow admin:obwjoawijerfoijsiwfj29jf2f2jd
+
+ check filesystem root with path /
+ if space usage > 80% then alert
+ if inode usage > 80% then alert
+
+ check system $HOST
+ if cpu usage > 95% for 10 cycles then alert
+ if memory usage > 75% for 5 cycles then alert
+ if swap usage > 20% for 10 cycles then alert
+ if loadavg (1min) > 90 for 15 cycles then alert
+ if loadavg (5min) > 80 for 10 cycles then alert
+ if loadavg (15min) > 70 for 8 cycles then alert
+
+ check process sshd with pidfile /var/run/sshd.pid
+ start program "${pkgs.systemd}/bin/systemctl start sshd"
+ stop program "${pkgs.systemd}/bin/systemctl stop sshd"
+ if failed port 22 protocol ssh for 2 cycles then restart
+
+ check process postfix with pidfile /var/lib/postfix/queue/pid/master.pid
+ start program = "${pkgs.systemd}/bin/systemctl start postfix"
+ stop program = "${pkgs.systemd}/bin/systemctl stop postfix"
+ if failed port 25 protocol smtp for 5 cycles then restart
+
+ check process dovecot with pidfile /var/run/dovecot2/master.pid
+ start program = "${pkgs.systemd}/bin/systemctl start dovecot2"
+ stop program = "${pkgs.systemd}/bin/systemctl stop dovecot2"
+ if failed host ${cfg.fqdn} port 993 type tcpssl sslauto protocol imap for 5 cycles then restart
+
+ check process rspamd with pidfile /var/run/rspamd.pid
+ start program = "${pkgs.systemd}/bin/systemctl start rspamd"
+ stop program = "${pkgs.systemd}/bin/systemctl stop rspamd"
+ '';
+ description = ''
+ The configuration used for monitoring via monit.
+ Use a mail address that you actively check and set it via 'set alert ...'.
+ '';
+ };
+ };
};
imports = [
./mail-server/clamav.nix
+ ./mail-server/monit.nix
./mail-server/users.nix
./mail-server/environment.nix
./mail-server/networking.nix
diff --git a/mail-server/monit.nix b/mail-server/monit.nix
new file mode 100644
index 0000000..93f5eca
--- /dev/null
+++ b/mail-server/monit.nix
@@ -0,0 +1,32 @@
+# nixos-mailserver: a simple mail server
+# Copyright (C) 2016-2018 Robin Raymond
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>
+
+{ config, pkgs, lib, ... }:
+
+let
+ cfg = config.mailserver;
+in
+{
+ config = lib.mkIf cfg.monitoring.enable {
+ services.monit = {
+ enable = true;
+ config = ''
+ set alert ${cfg.monitoring.alertAddress}
+ ${cfg.monitoring.config}
+ '';
+ };
+ };
+}