pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / prometheus / alertmanager-ntfy.nix
at 25.11-pre 6.5 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.services.prometheus.alertmanager-ntfy; 10 11 settingsFormat = pkgs.formats.yaml { }; 12 settingsFile = settingsFormat.generate "settings.yml" cfg.settings; 13 14 configsArg = lib.concatStringsSep "," ( 15 [ settingsFile ] ++ lib.imap0 (i: _: "%d/config-${toString i}.yml") cfg.extraConfigFiles 16 ); 17in 18 19{ 20 meta.maintainers = with lib.maintainers; [ defelo ]; 21 22 options.services.prometheus.alertmanager-ntfy = { 23 enable = lib.mkEnableOption "alertmanager-ntfy"; 24 25 package = lib.mkPackageOption pkgs "alertmanager-ntfy" { }; 26 27 settings = lib.mkOption { 28 description = '' 29 Configuration of alertmanager-ntfy. 30 See <https://github.com/alexbakker/alertmanager-ntfy> for more information. 31 ''; 32 default = { }; 33 34 type = lib.types.submodule { 35 freeformType = settingsFormat.type; 36 37 options = { 38 http.addr = lib.mkOption { 39 type = lib.types.str; 40 description = "The address to listen on."; 41 default = "127.0.0.1:8000"; 42 example = ":8000"; 43 }; 44 45 ntfy = { 46 baseurl = lib.mkOption { 47 type = lib.types.str; 48 description = "The base URL of the ntfy.sh instance."; 49 example = "https://ntfy.sh"; 50 }; 51 52 notification = { 53 topic = lib.mkOption { 54 type = lib.types.str; 55 description = '' 56 The topic to which alerts should be published. 57 Can either be a hardcoded string or a gval expression that evaluates to a string. 58 ''; 59 example = "alertmanager"; 60 }; 61 62 priority = lib.mkOption { 63 type = lib.types.str; 64 description = '' 65 The ntfy.sh message priority (see <https://docs.ntfy.sh/publish/#message-priority> for more information). 66 Can either be a hardcoded string or a gval expression that evaluates to a string. 67 ''; 68 default = ''status == "firing" ? "high" : "default"''; 69 }; 70 71 tags = lib.mkOption { 72 type = lib.types.listOf ( 73 lib.types.submodule { 74 options = { 75 tag = lib.mkOption { 76 type = lib.types.str; 77 description = '' 78 The tag to add. 79 See <https://docs.ntfy.sh/emojis> for a list of all supported emojis. 80 ''; 81 example = "rotating_light"; 82 }; 83 84 condition = lib.mkOption { 85 type = lib.types.nullOr lib.types.str; 86 description = '' 87 The condition under which this tag should be added. 88 Tags with no condition are always included. 89 ''; 90 default = null; 91 example = ''status == "firing"''; 92 }; 93 }; 94 } 95 ); 96 description = '' 97 Tags to add to ntfy.sh messages. 98 See <https://docs.ntfy.sh/publish/#tags-emojis> for more information. 99 ''; 100 default = [ 101 { 102 tag = "green_circle"; 103 condition = ''status == "resolved"''; 104 } 105 { 106 tag = "red_circle"; 107 condition = ''status == "firing"''; 108 } 109 ]; 110 }; 111 112 templates = { 113 title = lib.mkOption { 114 type = lib.types.str; 115 description = "The ntfy.sh message title template."; 116 default = '' 117 {{ if eq .Status "resolved" }}Resolved: {{ end }}{{ index .Annotations "summary" }} 118 ''; 119 }; 120 121 description = lib.mkOption { 122 type = lib.types.str; 123 description = "The ntfy.sh message description template."; 124 default = '' 125 {{ index .Annotations "description" }} 126 ''; 127 }; 128 }; 129 }; 130 }; 131 }; 132 }; 133 }; 134 135 extraConfigFiles = lib.mkOption { 136 type = lib.types.listOf lib.types.path; 137 default = [ ]; 138 example = [ "/run/secrets/alertmanager-ntfy.yml" ]; 139 description = '' 140 Config files to merge into the settings defined in [](#opt-services.prometheus.alertmanager-ntfy.settings). 141 This is useful to avoid putting secrets into the Nix store. 142 See <https://github.com/alexbakker/alertmanager-ntfy> for more information. 143 ''; 144 }; 145 }; 146 147 config = lib.mkIf cfg.enable { 148 systemd.services.alertmanager-ntfy = { 149 wantedBy = [ "multi-user.target" ]; 150 151 wants = [ "network-online.target" ]; 152 after = [ "network-online.target" ]; 153 154 serviceConfig = { 155 User = "alertmanager-ntfy"; 156 Group = "alertmanager-ntfy"; 157 DynamicUser = true; 158 159 LoadCredential = lib.imap0 (i: path: "config-${toString i}.yml:${path}") cfg.extraConfigFiles; 160 161 ExecStart = "${lib.getExe cfg.package} --configs ${configsArg}"; 162 163 Restart = "always"; 164 RestartSec = 5; 165 166 # Hardening 167 AmbientCapabilities = ""; 168 CapabilityBoundingSet = [ "" ]; 169 DevicePolicy = "closed"; 170 LockPersonality = true; 171 MemoryDenyWriteExecute = true; 172 NoNewPrivileges = true; 173 PrivateDevices = true; 174 PrivateTmp = true; 175 PrivateUsers = true; 176 ProcSubset = "pid"; 177 ProtectClock = true; 178 ProtectControlGroups = true; 179 ProtectHome = true; 180 ProtectHostname = true; 181 ProtectKernelLogs = true; 182 ProtectKernelModules = true; 183 ProtectKernelTunables = true; 184 ProtectProc = "invisible"; 185 ProtectSystem = "strict"; 186 RemoveIPC = true; 187 RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; 188 RestrictNamespaces = true; 189 RestrictRealtime = true; 190 RestrictSUIDSGID = true; 191 SystemCallArchitectures = "native"; 192 SystemCallFilter = [ 193 "@system-service" 194 "~@privileged" 195 "~@resources" 196 ]; 197 UMask = "0077"; 198 }; 199 }; 200 }; 201}