nixos/uptime-kuma: init module

          <link xlink:href="options.html#opt-services.listmonk.enable">services.listmonk</link>.

        </para>

      </listitem>

      <listitem>

        <para>

          <link xlink:href="https://uptime.kuma.pet/">Uptime

          Kuma</link>, a fancy self-hosted monitoring tool. Available as

          <link linkend="opt-services.uptime-kuma.enable">services.uptime-kuma</link>.

        </para>

      </listitem>

    </itemizedlist>

  </section>

  <section xml:id="sec-release-22.11-incompatibilities">

- [Listmonk](https://listmonk.app), a self-hosted newsletter manager. Enable using [services.listmonk](options.html#opt-services.listmonk.enable).

- [Uptime Kuma](https://uptime.kuma.pet/), a fancy self-hosted monitoring tool. Available as [services.uptime-kuma](#opt-services.uptime-kuma.enable).

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

## Backward Incompatibilities {#sec-release-22.11-incompatibilities}

  ./services/monitoring/ups.nix

  ./services/monitoring/uptime.nix

  ./services/monitoring/vmagent.nix

  ./services/monitoring/uptime-kuma.nix

  ./services/monitoring/vnstat.nix

  ./services/monitoring/zabbix-agent.nix

  ./services/monitoring/zabbix-proxy.nix

{ config, pkgs, lib, ... }:

with lib;

let

  cfg = config.services.uptime-kuma;

in

{

  options = {

    services.uptime-kuma = {

      enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set.");

      package = mkOption {

        type = types.package;

        example = literalExpression "pkgs.uptime-kuma";

        default = pkgs.uptime-kuma;

        defaultText = "pkgs.uptime-kuma";

        description = lib.mdDoc "Uptime Kuma package to use.";

      };

      settings = lib.mkOption {

        type =

          lib.types.submodule { freeformType = with lib.types; attrsOf str; };

        default = { };

        example = {

          PORT = "4000";

          NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";

        };

        description = lib.mdDoc ''

          Additional configuration for Uptime Kuma, see

          <https://github.com/louislam/uptime-kuma/wiki/Environment-Variables">

          for supported values.

        '';

      };

    };

  };

  config = mkIf cfg.enable {

    services.uptime-kuma.settings = {

      DATA_DIR = "/var/lib/uptime-kuma/";

      NODE_ENV = mkDefault "production";

    };

    systemd.services.uptime-kuma = {

      description = "Uptime Kuma";

      after = [ "network.target" ];

      wantedBy = [ "multi-user.target" ];

      environment = cfg.settings;

      serviceConfig = {

        Type = "simple";

        StateDirectory = "uptime-kuma";

        DynamicUser = true;

        ExecStart = "${cfg.package}/bin/uptime-kuma-server";

        Restart = "on-failure";

        ProtectHome = true;

        ProtectSystem = "strict";

        PrivateTmp = true;

        PrivateDevices = true;

        ProtectHostname = true;

        ProtectClock = true;

        ProtectKernelTunables = true;

        ProtectKernelModules = true;

        ProtectKernelLogs = true;

        ProtectControlGroups = true;

        NoNewPrivileges = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;

        RemoveIPC = true;

        PrivateMounts = true;

      };

    };

  };

}

  unit-php = handleTest ./web-servers/unit-php.nix {};

  upnp = handleTest ./upnp.nix {};

  uptermd = handleTest ./uptermd.nix {};

  uptime-kuma = handleTest ./uptime-kuma.nix {};

  usbguard = handleTest ./usbguard.nix {};

  user-activation-scripts = handleTest ./user-activation-scripts.nix {};

  user-home-mode = handleTest ./user-home-mode.nix {};