feat(nix): enhance systemd-email-notify service configuration

- Added `StartLimitIntervalSec` and `StartLimitBurst` for `ntfy-failure@` unit.
- Refactored `ExecStart` into `script` for improved readability.
- Adjusted `scriptArgs` from `%I` to `%i`.

modules/nixos/services/systemd-email-notify/default.nix

@@ -33,9 +33,10 @@ let
     ERRMAIL
   '';
 
-  onFailureUnits =
-    [ "email@%n.service" ]
-    ++ optionals (cfg.ntfy.tokenFile != null) [ "ntfy-failure@%n.service" ];
+  onFailureUnits = [
+    "email@%n.service"
+  ]
+  ++ optionals (cfg.ntfy.tokenFile != null) [ "ntfy-failure@%n.service" ];
 in
 {
   options = {
@@ -103,21 +104,25 @@ in
       systemd.services."ntfy-failure@" = {
         description = "Send ntfy notification on service failure";
         onFailure = mkForce [ ];
+        unitConfig = {
+          StartLimitIntervalSec = "5m";
+          StartLimitBurst = 1;
+        };
         serviceConfig = {
           Type = "oneshot";
-          ExecStart = pkgs.writeShellScript "ntfy-failure-notify" ''
-            TOKEN=$(cat ${cfg.ntfy.tokenFile})
-            UNIT="$1"
-            ${pkgs.curl}/bin/curl -s \
-              -H "Authorization: Bearer $TOKEN" \
-              -H "Title: Service failed: $UNIT" \
-              -H "Priority: urgent" \
-              -H "Tags: rotating_light" \
-              -d "$(systemctl status --full "$UNIT" 2>&1 | head -40)" \
-              ${cfg.ntfy.url}/${cfg.ntfy.topic}
-          '';
         };
-        scriptArgs = "%I";
+        script = ''
+          TOKEN=$(cat ${cfg.ntfy.tokenFile})
+          UNIT="$1"
+          ${pkgs.curl}/bin/curl -s \
+            -H "Authorization: Bearer $TOKEN" \
+            -H "Title: Service failed: $UNIT" \
+            -H "Priority: urgent" \
+            -H "Tags: rotating_light" \
+            -d "$(systemctl status --full "$UNIT" 2>&1 | head -40)" \
+            ${cfg.ntfy.url}/${cfg.ntfy.topic}
+        '';
+        scriptArgs = "%i";
       };
     })
   ]);