pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / prometheus / xmpp-alerts.nix
at 25.11-pre 1.7 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.prometheus.xmpp-alerts; 9 settingsFormat = pkgs.formats.yaml { }; 10 configFile = settingsFormat.generate "prometheus-xmpp-alerts.yml" cfg.settings; 11in 12{ 13 imports = [ 14 (lib.mkRenamedOptionModule 15 [ "services" "prometheus" "xmpp-alerts" "configuration" ] 16 [ "services" "prometheus" "xmpp-alerts" "settings" ] 17 ) 18 ]; 19 20 options.services.prometheus.xmpp-alerts = { 21 enable = lib.mkEnableOption "XMPP Web hook service for Alertmanager"; 22 23 settings = lib.mkOption { 24 type = settingsFormat.type; 25 default = { }; 26 27 description = '' 28 Configuration for prometheus xmpp-alerts, see 29 <https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example> 30 for supported values. 31 ''; 32 }; 33 }; 34 35 config = lib.mkIf cfg.enable { 36 systemd.services.prometheus-xmpp-alerts = { 37 wantedBy = [ "multi-user.target" ]; 38 after = [ "network-online.target" ]; 39 wants = [ "network-online.target" ]; 40 serviceConfig = { 41 ExecStart = "${pkgs.prometheus-xmpp-alerts}/bin/prometheus-xmpp-alerts --config ${configFile}"; 42 Restart = "on-failure"; 43 DynamicUser = true; 44 PrivateTmp = true; 45 PrivateDevices = true; 46 ProtectHome = true; 47 ProtectSystem = "strict"; 48 ProtectKernelTunables = true; 49 ProtectKernelModules = true; 50 ProtectControlGroups = true; 51 NoNewPrivileges = true; 52 SystemCallArchitectures = "native"; 53 RestrictAddressFamilies = [ 54 "AF_INET" 55 "AF_INET6" 56 ]; 57 SystemCallFilter = [ "@system-service" ]; 58 }; 59 }; 60 }; 61}