nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / alertmanager-irc-relay.nix
at 25.11-pre 2.8 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7let
  8  cfg = config.services.prometheus.alertmanagerIrcRelay;
  9
 10  configFormat = pkgs.formats.yaml { };
 11  configFile = configFormat.generate "alertmanager-irc-relay.yml" cfg.settings;
 12in
 13{
 14  options.services.prometheus.alertmanagerIrcRelay = {
 15    enable = lib.mkEnableOption "Alertmanager IRC Relay";
 16
 17    package = lib.mkPackageOption pkgs "alertmanager-irc-relay" { };
 18
 19    extraFlags = lib.mkOption {
 20      type = lib.types.listOf lib.types.str;
 21      default = [ ];
 22      description = "Extra command line options to pass to alertmanager-irc-relay.";
 23    };
 24
 25    settings = lib.mkOption {
 26      type = configFormat.type;
 27      example = lib.literalExpression ''
 28        {
 29          http_host = "localhost";
 30          http_port = 8000;
 31
 32          irc_host = "irc.example.com";
 33          irc_port = 7000;
 34          irc_nickname = "myalertbot";
 35
 36          irc_channels = [
 37            { name = "#mychannel"; }
 38          ];
 39        }
 40      '';
 41      description = ''
 42        Configuration for Alertmanager IRC Relay as a Nix attribute set.
 43        For a reference, check out the
 44        [example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot)
 45        and the
 46        [source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go).
 47
 48        Note: The webhook's URL MUST point to the IRC channel where the message
 49        should be posted. For `#mychannel` from the example, this would be
 50        `http://localhost:8080/mychannel`.
 51      '';
 52    };
 53  };
 54
 55  config = lib.mkIf cfg.enable {
 56    systemd.services.alertmanager-irc-relay = {
 57      description = "Alertmanager IRC Relay";
 58
 59      wantedBy = [ "multi-user.target" ];
 60      after = [ "network-online.target" ];
 61
 62      serviceConfig = {
 63        ExecStart = ''
 64          ${cfg.package}/bin/alertmanager-irc-relay \
 65          -config ${configFile} \
 66          ${lib.escapeShellArgs cfg.extraFlags}
 67        '';
 68
 69        DynamicUser = true;
 70        NoNewPrivileges = true;
 71
 72        ProtectProc = "invisible";
 73        ProtectSystem = "strict";
 74        ProtectHome = "tmpfs";
 75
 76        PrivateTmp = true;
 77        PrivateDevices = true;
 78        PrivateIPC = true;
 79
 80        ProtectHostname = true;
 81        ProtectClock = true;
 82        ProtectKernelTunables = true;
 83        ProtectKernelModules = true;
 84        ProtectKernelLogs = true;
 85        ProtectControlGroups = true;
 86
 87        RestrictAddressFamilies = [
 88          "AF_INET"
 89          "AF_INET6"
 90        ];
 91        RestrictRealtime = true;
 92        RestrictSUIDSGID = true;
 93
 94        SystemCallFilter = [
 95          "@system-service"
 96          "~@cpu-emulation"
 97          "~@privileged"
 98          "~@reboot"
 99          "~@setuid"
100          "~@swap"
101        ];
102      };
103    };
104  };
105
106  meta.maintainers = [ lib.maintainers.oxzi ];
107}