From 0810a6e018ee759de935e25a330f7710f2c4ca9c Mon Sep 17 00:00:00 2001 From: Alvar Penning Date: Mon, 2 May 2022 17:31:17 +0200 Subject: nixos/prometheus.alertmanagerIrcRelay: init Co-authored-by: Martin Weinelt --- nixos/modules/module-list.nix | 1 + .../prometheus/alertmanager-irc-relay.nix | 107 +++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix (limited to 'nixos/modules') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 49cb5c6a491..1c976de0ef0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -735,6 +735,7 @@ ./services/monitoring/nagios.nix ./services/monitoring/netdata.nix ./services/monitoring/parsedmarc.nix + ./services/monitoring/prometheus/alertmanager-irc-relay.nix ./services/monitoring/prometheus/alertmanager.nix ./services/monitoring/prometheus/default.nix ./services/monitoring/prometheus/exporters.nix diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix b/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix new file mode 100644 index 00000000000..b81d5f6db5e --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.prometheus.alertmanagerIrcRelay; + + configFormat = pkgs.formats.yaml { }; + configFile = configFormat.generate "alertmanager-irc-relay.yml" cfg.settings; +in +{ + options.services.prometheus.alertmanagerIrcRelay = { + enable = mkEnableOption (mdDoc "Alertmanager IRC Relay"); + + package = mkOption { + type = types.package; + default = pkgs.alertmanager-irc-relay; + defaultText = literalExpression "pkgs.alertmanager-irc-relay"; + description = mdDoc "Alertmanager IRC Relay package to use."; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + description = mdDoc "Extra command line options to pass to alertmanager-irc-relay."; + }; + + settings = mkOption { + type = configFormat.type; + example = literalExpression '' + { + http_host = "localhost"; + http_port = 8000; + + irc_host = "irc.example.com"; + irc_port = 7000; + irc_nickname = "myalertbot"; + + irc_channels = [ + { name = "#mychannel"; } + ]; + } + ''; + description = mdDoc '' + Configuration for Alertmanager IRC Relay as a Nix attribute set. + For a reference, check out the + [example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot) + and the + [source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go). + + Note: The webhook's URL MUST point to the IRC channel where the message + should be posted. For `#mychannel` from the example, this would be + `http://localhost:8080/mychannel`. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.alertmanager-irc-relay = { + description = "Alertmanager IRC Relay"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + + serviceConfig = { + ExecStart = '' + ${cfg.package}/bin/alertmanager-irc-relay \ + -config ${configFile} \ + ${escapeShellArgs cfg.extraFlags} + ''; + + DynamicUser = true; + NoNewPrivileges = true; + + ProtectProc = "invisible"; + ProtectSystem = "strict"; + ProtectHome = "tmpfs"; + + PrivateTmp = true; + PrivateDevices = true; + PrivateIPC = true; + + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + SystemCallFilter = [ + "@system-service" + "~@cpu-emulation" + "~@privileged" + "~@reboot" + "~@setuid" + "~@swap" + ]; + }; + }; + }; + + meta.maintainers = [ maintainers.oxzi ]; +} -- cgit 1.4.1