From c131e4cd9549cd0cc17d33219d1748a5eea8c442 Mon Sep 17 00:00:00 2001
From: Malte Brandy <malte.brandy@maralorn.de>
Date: Mon, 17 Jan 2022 01:43:48 +0100
Subject: [PATCH] Add monitoring rule for expiring SSL certificates

---
 nixos/roles/monitoring/rules.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nixos/roles/monitoring/rules.yml b/nixos/roles/monitoring/rules.yml
index 6a78b779..7f0cf05b 100644
--- a/nixos/roles/monitoring/rules.yml
+++ b/nixos/roles/monitoring/rules.yml
@@ -50,3 +50,11 @@ groups:
              severity: warning
           annotations:
              description: "mail queue {{ $labels.queue }} of {{ $labels.name }} has accumulated a waiting time of {{ $value | humanizeDuration }}."
+        # TLS
+        - alert: CertificateExpiry
+          expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 14
+          for: 10m
+          labels:
+            severity: warning
+          annotations:
+            summary: "Certificate for {{ $labels.instance }} is expiring soon."