nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / alertmanager-irc-relay.nix
at 23.11-pre 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.prometheus.alertmanagerIrcRelay;
  7
  8  configFormat = pkgs.formats.yaml { };
  9  configFile = configFormat.generate "alertmanager-irc-relay.yml" cfg.settings;
 10in
 11{
 12  options.services.prometheus.alertmanagerIrcRelay = {
 13    enable = mkEnableOption (mdDoc "Alertmanager IRC Relay");
 14
 15    package = mkOption {
 16      type = types.package;
 17      default = pkgs.alertmanager-irc-relay;
 18      defaultText = literalExpression "pkgs.alertmanager-irc-relay";
 19      description = mdDoc "Alertmanager IRC Relay package to use.";
 20    };
 21
 22    extraFlags = mkOption {
 23      type = types.listOf types.str;
 24      default = [];
 25      description = mdDoc "Extra command line options to pass to alertmanager-irc-relay.";
 26    };
 27
 28    settings = mkOption {
 29      type = configFormat.type;
 30      example = literalExpression ''
 31        {
 32          http_host = "localhost";
 33          http_port = 8000;
 34
 35          irc_host = "irc.example.com";
 36          irc_port = 7000;
 37          irc_nickname = "myalertbot";
 38
 39          irc_channels = [
 40            { name = "#mychannel"; }
 41          ];
 42        }
 43      '';
 44      description = mdDoc ''
 45        Configuration for Alertmanager IRC Relay as a Nix attribute set.
 46        For a reference, check out the
 47        [example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot)
 48        and the
 49        [source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go).
 50
 51        Note: The webhook's URL MUST point to the IRC channel where the message
 52        should be posted. For `#mychannel` from the example, this would be
 53        `http://localhost:8080/mychannel`.
 54      '';
 55    };
 56  };
 57
 58  config = mkIf cfg.enable {
 59    systemd.services.alertmanager-irc-relay = {
 60      description = "Alertmanager IRC Relay";
 61
 62      wantedBy = [ "multi-user.target" ];
 63      after = [ "network-online.target" ];
 64
 65      serviceConfig = {
 66        ExecStart = ''
 67          ${cfg.package}/bin/alertmanager-irc-relay \
 68          -config ${configFile} \
 69          ${escapeShellArgs cfg.extraFlags}
 70        '';
 71
 72        DynamicUser = true;
 73        NoNewPrivileges = true;
 74
 75        ProtectProc = "invisible";
 76        ProtectSystem = "strict";
 77        ProtectHome = "tmpfs";
 78
 79        PrivateTmp = true;
 80        PrivateDevices = true;
 81        PrivateIPC = true;
 82
 83        ProtectHostname = true;
 84        ProtectClock = true;
 85        ProtectKernelTunables = true;
 86        ProtectKernelModules = true;
 87        ProtectKernelLogs = true;
 88        ProtectControlGroups = true;
 89
 90        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
 91        RestrictRealtime = true;
 92        RestrictSUIDSGID = true;
 93
 94        SystemCallFilter = [
 95          "@system-service"
 96          "~@cpu-emulation"
 97          "~@privileged"
 98          "~@reboot"
 99          "~@setuid"
100          "~@swap"
101        ];
102      };
103    };
104  };
105
106  meta.maintainers = [ maintainers.oxzi ];
107}