From b0ef041feef04fbd7e4beffd242fa25fb708ef8c Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Fri, 4 Aug 2023 19:42:54 +0200
Subject: nixos: add option to monitor systemd services

---
 modules/nixos/personal/default.nix    |  1 +
 modules/nixos/personal/monitoring.nix | 55 +++++++++++++++++++++++++++++++++++
 modules/nixos/personal/nix.nix        | 15 +++++-----
 3 files changed, 64 insertions(+), 7 deletions(-)
 create mode 100644 modules/nixos/personal/monitoring.nix

(limited to 'modules')

diff --git a/modules/nixos/personal/default.nix b/modules/nixos/personal/default.nix
index 9485a9d..ffaa97f 100644
--- a/modules/nixos/personal/default.nix
+++ b/modules/nixos/personal/default.nix
@@ -6,6 +6,7 @@
     ./environment.nix
     ./gui.nix
     ./hardware.nix
+    ./monitoring.nix
     ./networking.nix
     ./nix.nix
     ./user.nix
diff --git a/modules/nixos/personal/monitoring.nix b/modules/nixos/personal/monitoring.nix
new file mode 100644
index 0000000..876b5e9
--- /dev/null
+++ b/modules/nixos/personal/monitoring.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.personal.monitoring;
+in {
+  options.personal.monitoring = {
+    enable = lib.mkEnableOption "e-mail monitoring";
+    services = lib.mkOption {
+      type = with lib.types; listOf str;
+      default = [ ];
+      description = "The list of services whose failure should be notified.";
+    };
+  };
+
+  config = {
+    programs.msmtp = {
+      enable = cfg.enable;
+      accounts.default = {
+        auth = true;
+        tls = true;
+        tls_starttls = false;
+        host = "ssl0.ovh.net";
+        port = 465;
+        from = "quentin@aristote.fr";
+        user = "quentin@aristote.fr";
+        passwordeval = "cat /etc/msmtp/secrets";
+      };
+    };
+
+    systemd.services = lib.mkIf cfg.enable (lib.mkMerge ([{
+      "notify@" = {
+        enable = true;
+        description = "Send the status of the %i service as an e-mail.";
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = let
+            netCfg = config.networking;
+            me = "${netCfg.hostName}.${netCfg.domain}";
+            script = pkgs.writeScript "notify" ''
+              #!${pkgs.runtimeShell}
+              service="$1"
+              echo \
+              "Subject: ${me}: service $service failed
+              Service $service failed on ${me}, with the following status:
+
+              $(systemctl status $service)
+              " | ${pkgs.msmtp}/bin/msmtp quentin@aristote.fr
+            '';
+          in "${script} %i";
+        };
+      };
+    }] ++ builtins.map
+      (service: { "${service}".onFailure = [ "notify@%i.service" ]; })
+      cfg.services));
+  };
+}
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix
index a4948f4..8744e80 100644
--- a/modules/nixos/personal/nix.nix
+++ b/modules/nixos/personal/nix.nix
@@ -45,13 +45,14 @@ in {
         wantedBy = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ];
       };
     };
-    programs.git = lib.mkIf (cfg.flake != null 
-                            && lib.hasPrefix "git+file" cfg.flake) {
-      enable = true;
-      config.user =  {
-        name = "Root user of ${config.networking.hostName}";
-        email = "root@${config.networking.hostName}";
+    personal.monitoring.services = [ "nixos-upgrade" "nix-gc" ];
+    programs.git =
+      lib.mkIf (cfg.flake != null && lib.hasPrefix "git+file" cfg.flake) {
+        enable = true;
+        config.user = {
+          name = "Root user of ${config.networking.hostName}";
+          email = "root@${config.networking.hostName}";
+        };
       };
-    };
   };
 }
-- 
cgit v1.2.3