diff options
| author | Seth Flynn <[email protected]> | 2025-04-03 04:06:41 -0400 |
|---|---|---|
| committer | Seth Flynn <[email protected]> | 2025-04-03 07:42:02 -0400 |
| commit | 62a139b99eaaf8735c132bec52d2fe412647eccf (patch) | |
| tree | ecac25b01b67e2b5a9d3c2066f7e0a0ccf528bde /modules/nixos/custom/systemd-discord-notifier.nix | |
| parent | 0b2f22fffb65cbe309cfd2a95a0c4228fc26a12b (diff) | |
nixos/systemd-discord-notifier: init
Diffstat (limited to 'modules/nixos/custom/systemd-discord-notifier.nix')
| -rw-r--r-- | modules/nixos/custom/systemd-discord-notifier.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/nixos/custom/systemd-discord-notifier.nix b/modules/nixos/custom/systemd-discord-notifier.nix new file mode 100644 index 0000000..8556695 --- /dev/null +++ b/modules/nixos/custom/systemd-discord-notifier.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.systemd-discord-notifier; + + # Add our template unit to each service by default if enabled + systemdServicesSubmodule = { + config = lib.mkIf cfg.enable { + onFailure = lib.mkDefault [ "discord-notify-failure@%N.service" ]; + }; + }; +in + +{ + options = { + services.systemd-discord-notifier = { + enable = lib.mkEnableOption "systemd-discord-notifier"; + + content = lib.mkOption { + type = lib.types.str; + default = "# 🚨 %i.service failed! 🚨"; + description = "String template for webhook message content."; + }; + + webhookURLFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Path to a file containing the webhook URL. + + NOTE: This is required. + If not set declaratively, use `systemctl edit` and pass a `webhook-url` credential. + ''; + example = "/run/secrets/discordWebhookURL"; + }; + }; + + systemd.services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule systemdServicesSubmodule); + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services."discord-notify-failure@" = { + description = "Notify of service failures on Discord."; + + after = [ "network.target" ]; + + path = [ pkgs.curl ]; + + script = '' + systemd-creds cat webhook-url | xargs curl -X POST -F "content=$CONTENT" + ''; + + enableStrictShellChecks = true; + + environment = { + CONTENT = cfg.content; + }; + + serviceConfig = { + Type = "oneshot"; + # TODO: Why doesn't AssertCredential work with this? + LoadCredential = lib.mkIf (cfg.webhookURLFile != null) "webhook-url:${cfg.webhookURLFile}"; + # TODO: Harden + DynamicUser = true; + }; + }; + }; +} |