nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / monitoring / prometheus / xmpp-alerts.nix

at 23.05-pre 1.7 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.prometheus.xmpp-alerts;
 7  settingsFormat = pkgs.formats.yaml {};
 8  configFile = settingsFormat.generate "prometheus-xmpp-alerts.yml" cfg.settings;
 9in
10{
11  imports = [
12    (mkRenamedOptionModule
13      [ "services" "prometheus" "xmpp-alerts" "configuration" ]
14      [ "services" "prometheus" "xmpp-alerts" "settings" ])
15  ];
16
17  options.services.prometheus.xmpp-alerts = {
18    enable = mkEnableOption (lib.mdDoc "XMPP Web hook service for Alertmanager");
19
20    settings = mkOption {
21      type = settingsFormat.type;
22      default = {};
23
24      description = lib.mdDoc ''
25        Configuration for prometheus xmpp-alerts, see
26        <https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example>
27        for supported values.
28      '';
29    };
30  };
31
32  config = mkIf cfg.enable {
33    systemd.services.prometheus-xmpp-alerts = {
34      wantedBy = [ "multi-user.target" ];
35      after = [ "network-online.target" ];
36      wants = [ "network-online.target" ];
37      serviceConfig = {
38        ExecStart = "${pkgs.prometheus-xmpp-alerts}/bin/prometheus-xmpp-alerts --config ${configFile}";
39        Restart = "on-failure";
40        DynamicUser = true;
41        PrivateTmp = true;
42        PrivateDevices = true;
43        ProtectHome = true;
44        ProtectSystem = "strict";
45        ProtectKernelTunables = true;
46        ProtectKernelModules = true;
47        ProtectControlGroups = true;
48        NoNewPrivileges = true;
49        SystemCallArchitectures = "native";
50        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
51        SystemCallFilter = [ "@system-service" ];
52      };
53    };
54  };
55}