| blob | 3deb29aeb222eaa6c37372fb23b791dd456054f0 |
1 { config, pkgs, lib, ... }:
3 with lib;
5 let
6 cfg = config.services.prometheus.sachet;
7 configFile = pkgs.writeText "sachet.yml" (builtins.toJSON cfg.configuration);
8 in
9 {
10 options = {
11 services.prometheus.sachet = {
12 enable = mkEnableOption "Sachet, an SMS alerting tool for the Prometheus Alertmanager";
14 configuration = mkOption {
15 type = types.nullOr types.attrs;
16 default = null;
17 example = literalExpression ''
18 {
19 providers = {
20 twilio = {
21 # environment variables gets expanded at runtime
22 account_sid = "$TWILIO_ACCOUNT";
23 auth_token = "$TWILIO_TOKEN";
24 };
25 };
26 templates = [ ./some-template.tmpl ];
27 receivers = [{
28 name = "pager";
29 provider = "twilio";
30 to = [ "+33123456789" ];
31 text = "{{ template \"message\" . }}";
32 }];
33 }
34 '';
35 description = ''
36 Sachet's configuration as a nix attribute set.
37 '';
38 };
40 address = mkOption {
41 type = types.str;
42 default = "localhost";
43 description = ''
44 The address Sachet will listen to.
45 '';
46 };
48 port = mkOption {
49 type = types.port;
50 default = 9876;
51 description = ''
52 The port Sachet will listen to.
53 '';
54 };
56 };
57 };
59 config = mkIf cfg.enable {
60 assertions = singleton {
61 assertion = cfg.configuration != null;
62 message = "Cannot enable Sachet without a configuration.";
63 };
65 systemd.services.sachet = {
66 wantedBy = [ "multi-user.target" ];
67 after = [ "network.target" "network-online.target" ];
68 script = ''
69 ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /tmp/sachet.yaml
70 exec ${pkgs.prometheus-sachet}/bin/sachet -config /tmp/sachet.yaml -listen-address ${cfg.address}:${builtins.toString cfg.port}
71 '';
73 serviceConfig = {
74 Restart = "always";
76 ProtectSystem = "strict";
77 ProtectHome = true;
78 ProtectKernelTunables = true;
79 ProtectKernelModules = true;
80 ProtectControlGroups = true;
82 DynamicUser = true;
83 PrivateTmp = true;
84 WorkingDirectory = "/tmp/";
85 };
86 };
87 };
88 }