nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / alertmanager-irc-relay.nix
at 24.11-pre 2.8 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.prometheus.alertmanagerIrcRelay;
  7
  8  configFormat = pkgs.formats.yaml { };
  9  configFile = configFormat.generate "alertmanager-irc-relay.yml" cfg.settings;
 10in
 11{
 12  options.services.prometheus.alertmanagerIrcRelay = {
 13    enable = mkEnableOption "Alertmanager IRC Relay";
 14
 15    package = mkPackageOption pkgs "alertmanager-irc-relay" { };
 16
 17    extraFlags = mkOption {
 18      type = types.listOf types.str;
 19      default = [];
 20      description = "Extra command line options to pass to alertmanager-irc-relay.";
 21    };
 22
 23    settings = mkOption {
 24      type = configFormat.type;
 25      example = literalExpression ''
 26        {
 27          http_host = "localhost";
 28          http_port = 8000;
 29
 30          irc_host = "irc.example.com";
 31          irc_port = 7000;
 32          irc_nickname = "myalertbot";
 33
 34          irc_channels = [
 35            { name = "#mychannel"; }
 36          ];
 37        }
 38      '';
 39      description = ''
 40        Configuration for Alertmanager IRC Relay as a Nix attribute set.
 41        For a reference, check out the
 42        [example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot)
 43        and the
 44        [source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go).
 45
 46        Note: The webhook's URL MUST point to the IRC channel where the message
 47        should be posted. For `#mychannel` from the example, this would be
 48        `http://localhost:8080/mychannel`.
 49      '';
 50    };
 51  };
 52
 53  config = mkIf cfg.enable {
 54    systemd.services.alertmanager-irc-relay = {
 55      description = "Alertmanager IRC Relay";
 56
 57      wantedBy = [ "multi-user.target" ];
 58      after = [ "network-online.target" ];
 59
 60      serviceConfig = {
 61        ExecStart = ''
 62          ${cfg.package}/bin/alertmanager-irc-relay \
 63          -config ${configFile} \
 64          ${escapeShellArgs cfg.extraFlags}
 65        '';
 66
 67        DynamicUser = true;
 68        NoNewPrivileges = true;
 69
 70        ProtectProc = "invisible";
 71        ProtectSystem = "strict";
 72        ProtectHome = "tmpfs";
 73
 74        PrivateTmp = true;
 75        PrivateDevices = true;
 76        PrivateIPC = true;
 77
 78        ProtectHostname = true;
 79        ProtectClock = true;
 80        ProtectKernelTunables = true;
 81        ProtectKernelModules = true;
 82        ProtectKernelLogs = true;
 83        ProtectControlGroups = true;
 84
 85        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
 86        RestrictRealtime = true;
 87        RestrictSUIDSGID = true;
 88
 89        SystemCallFilter = [
 90          "@system-service"
 91          "~@cpu-emulation"
 92          "~@privileged"
 93          "~@reboot"
 94          "~@setuid"
 95          "~@swap"
 96        ];
 97      };
 98    };
 99  };
100
101  meta.maintainers = [ maintainers.oxzi ];
102}