move the monit config out of mail.nix, and add two checks: - has any systemd unit failed? - is the currently deployed commit the tip of the main branch of haccfiles?
