nixos/prometheus.alertmanagerIrcRelay: init
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
This commit is contained in:
parent
8bc6945b12
commit
0810a6e018
|
@ -47,6 +47,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
|
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
|
||||||
|
|
||||||
|
- [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable).
|
||||||
|
|
||||||
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
|
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
|
||||||
|
|
||||||
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
||||||
|
|
|
@ -735,6 +735,7 @@
|
||||||
./services/monitoring/nagios.nix
|
./services/monitoring/nagios.nix
|
||||||
./services/monitoring/netdata.nix
|
./services/monitoring/netdata.nix
|
||||||
./services/monitoring/parsedmarc.nix
|
./services/monitoring/parsedmarc.nix
|
||||||
|
./services/monitoring/prometheus/alertmanager-irc-relay.nix
|
||||||
./services/monitoring/prometheus/alertmanager.nix
|
./services/monitoring/prometheus/alertmanager.nix
|
||||||
./services/monitoring/prometheus/default.nix
|
./services/monitoring/prometheus/default.nix
|
||||||
./services/monitoring/prometheus/exporters.nix
|
./services/monitoring/prometheus/exporters.nix
|
||||||
|
|
|
@ -0,0 +1,107 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.prometheus.alertmanagerIrcRelay;
|
||||||
|
|
||||||
|
configFormat = pkgs.formats.yaml { };
|
||||||
|
configFile = configFormat.generate "alertmanager-irc-relay.yml" cfg.settings;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.prometheus.alertmanagerIrcRelay = {
|
||||||
|
enable = mkEnableOption (mdDoc "Alertmanager IRC Relay");
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.alertmanager-irc-relay;
|
||||||
|
defaultText = literalExpression "pkgs.alertmanager-irc-relay";
|
||||||
|
description = mdDoc "Alertmanager IRC Relay package to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraFlags = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = mdDoc "Extra command line options to pass to alertmanager-irc-relay.";
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = configFormat.type;
|
||||||
|
example = literalExpression ''
|
||||||
|
{
|
||||||
|
http_host = "localhost";
|
||||||
|
http_port = 8000;
|
||||||
|
|
||||||
|
irc_host = "irc.example.com";
|
||||||
|
irc_port = 7000;
|
||||||
|
irc_nickname = "myalertbot";
|
||||||
|
|
||||||
|
irc_channels = [
|
||||||
|
{ name = "#mychannel"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = mdDoc ''
|
||||||
|
Configuration for Alertmanager IRC Relay as a Nix attribute set.
|
||||||
|
For a reference, check out the
|
||||||
|
[example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot)
|
||||||
|
and the
|
||||||
|
[source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go).
|
||||||
|
|
||||||
|
Note: The webhook's URL MUST point to the IRC channel where the message
|
||||||
|
should be posted. For `#mychannel` from the example, this would be
|
||||||
|
`http://localhost:8080/mychannel`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.alertmanager-irc-relay = {
|
||||||
|
description = "Alertmanager IRC Relay";
|
||||||
|
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${cfg.package}/bin/alertmanager-irc-relay \
|
||||||
|
-config ${configFile} \
|
||||||
|
${escapeShellArgs cfg.extraFlags}
|
||||||
|
'';
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = "tmpfs";
|
||||||
|
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateIPC = true;
|
||||||
|
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
|
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@cpu-emulation"
|
||||||
|
"~@privileged"
|
||||||
|
"~@reboot"
|
||||||
|
"~@setuid"
|
||||||
|
"~@swap"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = [ maintainers.oxzi ];
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user