| blob | 4c7dd900f52b6b4450507eb53ced6345a0a6e6ff |
1 { config, pkgs, lib, ... }:
3 with lib;
5 let
6 cfg = config.services.uptime-kuma;
7 in
8 {
10 meta.maintainers = [ lib.maintainers.julienmalka ];
12 options = {
13 services.uptime-kuma = {
14 enable = mkEnableOption "Uptime Kuma, this assumes a reverse proxy to be set";
16 package = mkPackageOption pkgs "uptime-kuma" { };
18 appriseSupport = mkEnableOption "apprise support for notifications";
20 settings = lib.mkOption {
21 type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };
22 default = { };
23 example = {
24 PORT = "4000";
25 NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
26 };
27 description = ''
28 Additional configuration for Uptime Kuma, see
29 <https://github.com/louislam/uptime-kuma/wiki/Environment-Variables>
30 for supported values.
31 '';
32 };
33 };
34 };
36 config = mkIf cfg.enable {
38 services.uptime-kuma.settings = {
39 DATA_DIR = "/var/lib/uptime-kuma/";
40 NODE_ENV = mkDefault "production";
41 HOST = mkDefault "127.0.0.1";
42 PORT = mkDefault "3001";
43 };
45 systemd.services.uptime-kuma = {
46 description = "Uptime Kuma";
47 after = [ "network.target" ];
48 wantedBy = [ "multi-user.target" ];
49 environment = cfg.settings;
50 path = with pkgs; [ unixtools.ping ] ++ lib.optional cfg.appriseSupport apprise;
51 serviceConfig = {
52 Type = "simple";
53 StateDirectory = "uptime-kuma";
54 DynamicUser = true;
55 ExecStart = "${cfg.package}/bin/uptime-kuma-server";
56 Restart = "on-failure";
57 ProtectHome = true;
58 ProtectSystem = "strict";
59 PrivateTmp = true;
60 PrivateDevices = true;
61 ProtectHostname = true;
62 ProtectClock = true;
63 ProtectKernelTunables = true;
64 ProtectKernelModules = true;
65 ProtectKernelLogs = true;
66 ProtectControlGroups = true;
67 NoNewPrivileges = true;
68 RestrictRealtime = true;
69 RestrictSUIDSGID = true;
70 RemoveIPC = true;
71 PrivateMounts = true;
72 };
73 };
74 };
75 }