pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.uptime-kuma;
7in
8{
9
10 options = {
11 services.uptime-kuma = {
12 enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set.");
13
14 package = mkOption {
15 type = types.package;
16 example = literalExpression "pkgs.uptime-kuma";
17 default = pkgs.uptime-kuma;
18 defaultText = "pkgs.uptime-kuma";
19 description = lib.mdDoc "Uptime Kuma package to use.";
20 };
21
22 settings = lib.mkOption {
23 type =
24 lib.types.submodule { freeformType = with lib.types; attrsOf str; };
25 default = { };
26 example = {
27 PORT = "4000";
28 NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
29 };
30 description = lib.mdDoc ''
31 Additional configuration for Uptime Kuma, see
32 <https://github.com/louislam/uptime-kuma/wiki/Environment-Variables">
33 for supported values.
34 '';
35 };
36 };
37 };
38
39 config = mkIf cfg.enable {
40
41 services.uptime-kuma.settings = {
42 DATA_DIR = "/var/lib/uptime-kuma/";
43 NODE_ENV = mkDefault "production";
44 };
45
46 systemd.services.uptime-kuma = {
47 description = "Uptime Kuma";
48 after = [ "network.target" ];
49 wantedBy = [ "multi-user.target" ];
50 environment = cfg.settings;
51 serviceConfig = {
52 Type = "simple";
53 StateDirectory = "uptime-kuma";
54 DynamicUser = true;
55 ExecStart = "${cfg.package}/bin/uptime-kuma-server";
56 Restart = "on-failure";
57 ProtectHome = true;
58 ProtectSystem = "strict";
59 PrivateTmp = true;
60 PrivateDevices = true;
61 ProtectHostname = true;
62 ProtectClock = true;
63 ProtectKernelTunables = true;
64 ProtectKernelModules = true;
65 ProtectKernelLogs = true;
66 ProtectControlGroups = true;
67 NoNewPrivileges = true;
68 RestrictRealtime = true;
69 RestrictSUIDSGID = true;
70 RemoveIPC = true;
71 PrivateMounts = true;
72 };
73 };
74 };
75}
76