Zed + fail2ban notifications

systems/x86_64-linux/stargate/default.nix

@@ -78,14 +78,15 @@ in {
       extraArgs = ["--sshoption=StrictHostKeyChecking=off"];
     };
   };
-
   services.zfs.zed.settings = {
-    ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+    ZED_DEBUG_LOG = "/var/log/zed-debug.log";
-    ZED_NTFY_URL = "ntfy.kylekrein.com";
+    ZED_EMAIL_ADDR = ["zed@localhost.com"];
-    ZED_NTFY_TOPIC = "zed";
+    ZED_EMAIL_PROG = "/run/wrappers/bin/sendmail";
+    ZED_EMAIL_OPTS = "-i @ADDRESS@";
 
     ZED_NOTIFY_INTERVAL_SECS = 3600;
     ZED_NOTIFY_VERBOSE = true;
+    ZED_NOTIFY_DATA = true;
 
     ZED_USE_ENCLOSURE_LEDS = true;
     ZED_SCRUB_AFTER_RESILVER = true;

systems/x86_64-linux/stargate/services/fail2ban.nix

@@ -8,7 +8,7 @@
     "fail2ban/action.d/ntfy.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
       [Definition]
       norestored = true # Needed to avoid receiving a new notification after every restart
-      actionban = curl -H "Title: <ip> has been banned" -d "<name> jail has banned <ip> from accessing $(hostname) after <failures> attempts of hacking the system." https://ntfy.kylekrein.com/Fail2banNotifications
+      actionban = echo "<ip> has been banned: <name> jail has banned <ip> from accessing $(hostname) after <failures> attempts of hacking the system." | /run/wrappers/bin/sendmail -i fail2ban@localhost.com
     '');
     # Defines a filter that detects URL probing by reading the Nginx access log
     "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''