SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 17:31:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

gatus: Disable DynamicUser

Browse source
This commit is contained in:
SebastianStork 2025-09-19 20:55:19 +02:00
parent 74a4206094
commit cc211d016b
1 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

23
modules/system/services/gatus.nix
View file

@ -6,7 +6,9 @@
}:
let
cfg = config.custom.services.gatus;
tailscaleDomain = config.custom.services.tailscale.domain;
dataDir = "/var/lib/gatus";
in
{
options.custom.services.gatus = {
@ -78,10 +80,27 @@ in
secrets."healthchecks/ping-key" = { };
templates."gatus.env" = {
content = "HEALTHCHECKS_PING_KEY=${config.sops.placeholder."healthchecks/ping-key"}";
owner = config.users.users.gatus.name;
restartUnits = [ "gatus.service" ];
};
};
users = {
users.gatus = {
isSystemUser = true;
group = config.users.groups.gatus.name;
};
groups.gatus = { };
};
systemd.services.gatus.serviceConfig = {
DynamicUser = lib.mkForce false;
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = true;
RemoveIPC = true;
};
custom.services.gatus.endpoints =
let
getSubdomain = domain: domain |> lib.splitString "." |> lib.head;
@ -114,7 +133,7 @@ in
};
storage = {
type = "sqlite";
path = "/var/lib/gatus/data.db";
path = "${dataDir}/data.db";
};
connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS
alerting.ntfy = {
@ -173,6 +192,6 @@ in
};
};
custom.persist.directories = [ "/var/lib/private/gatus" ];
custom.persist.directories = [ dataDir ];
};
}