monitoring software is the answer, of course, but to directly answer your question is to use the systemd top level overrides feature like so:
{ config, lib, pkgs, ... }: {
systemd.packages = [
(pkgs.runCommandNoCC "on-failure.conf" {
preferLocalBuild = true;
allowSubstitutes = false;
} ''
mkdir -p $out/etc/systemd/system/service.d/
echo "[Service]\nOnFailure=email@%n.service" > $out/etc/systemd/system/service.d/on-failure.conf
'')
];
}
untested, so please ping back if this is incorrect and we can edit
reference on discourse: How to use toplevel-overrides for systemd - #4 by hmenke