nixos/modules/services/monitoring/prometheus/sachet.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / sachet.nix
at 25.11-pre 2.4 kB view raw
 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7let
 8  cfg = config.services.prometheus.sachet;
 9  configFile = pkgs.writeText "sachet.yml" (builtins.toJSON cfg.configuration);
10in
11{
12  options = {
13    services.prometheus.sachet = {
14      enable = lib.mkEnableOption "Sachet, an SMS alerting tool for the Prometheus Alertmanager";
15
16      configuration = lib.mkOption {
17        type = lib.types.nullOr lib.types.attrs;
18        default = null;
19        example = lib.literalExpression ''
20          {
21            providers = {
22              twilio = {
23                # environment variables gets expanded at runtime
24                account_sid = "$TWILIO_ACCOUNT";
25                auth_token = "$TWILIO_TOKEN";
26              };
27            };
28            templates = [ ./some-template.tmpl ];
29            receivers = [{
30              name = "pager";
31              provider = "twilio";
32              to = [ "+33123456789" ];
33              text = "{{ template \"message\" . }}";
34            }];
35          }
36        '';
37        description = ''
38          Sachet's configuration as a nix attribute set.
39        '';
40      };
41
42      address = lib.mkOption {
43        type = lib.types.str;
44        default = "localhost";
45        description = ''
46          The address Sachet will listen to.
47        '';
48      };
49
50      port = lib.mkOption {
51        type = lib.types.port;
52        default = 9876;
53        description = ''
54          The port Sachet will listen to.
55        '';
56      };
57
58    };
59  };
60
61  config = lib.mkIf cfg.enable {
62    assertions = lib.singleton {
63      assertion = cfg.configuration != null;
64      message = "Cannot enable Sachet without a configuration.";
65    };
66
67    systemd.services.sachet = {
68      wantedBy = [ "multi-user.target" ];
69      after = [
70        "network.target"
71        "network-online.target"
72      ];
73      script = ''
74        ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /tmp/sachet.yaml
75        exec ${pkgs.prometheus-sachet}/bin/sachet -config /tmp/sachet.yaml -listen-address ${cfg.address}:${builtins.toString cfg.port}
76      '';
77
78      serviceConfig = {
79        Restart = "always";
80
81        ProtectSystem = "strict";
82        ProtectHome = true;
83        ProtectKernelTunables = true;
84        ProtectKernelModules = true;
85        ProtectControlGroups = true;
86
87        DynamicUser = true;
88        PrivateTmp = true;
89        WorkingDirectory = "/tmp/";
90      };
91    };
92  };
93}