summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.sops.yaml8
-rw-r--r--chaski/configuration.nix3
-rw-r--r--chaski/services/conduit.nix24
-rw-r--r--flake.lock23
-rw-r--r--flake.nix5
-rw-r--r--pkgs/overlay.nix9
-rw-r--r--secrets/chaski.yaml31
7 files changed, 98 insertions, 5 deletions
diff --git a/.sops.yaml b/.sops.yaml
index c3f890a..ec05e3f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,9 +2,15 @@ keys:
- &ilex age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
# server's ssh pubkeys as age keys
- &flora age1d8hulw7weg6gwxv0cmz969w04d2jkphdx93tm9xs0mqr0ut0t4ls4g4vah
+ - &chaski age14cf8h02c8r2c7nag5fezyhp56za9c4p0t8n39qy452t8hsqwlvgs9y7r8v
creation_rules:
- - path_regex: secrets/[^/]+\.yaml$
+ - path_regex: secrets/flora\.yaml$
key_groups:
- age:
- *ilex
- *flora
+ - path_regex: secrets/chaski\.yaml$
+ key_groups:
+ - age:
+ - *ilex
+ - *chaski
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index 875e412..d2b1233 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -15,6 +15,9 @@
./services/conduit.nix
];
+ sops.defaultSopsFile = ../secrets/chaski.yaml;
+ # This will automatically import SSH keys as age keys
+ sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
environment.noXlibs = true;
services.nginx.enable = true;
diff --git a/chaski/services/conduit.nix b/chaski/services/conduit.nix
index 022863c..30d6a0b 100644
--- a/chaski/services/conduit.nix
+++ b/chaski/services/conduit.nix
@@ -1,5 +1,14 @@
{ config, lib, pkgs, ... }:
+let
+ botConfig = pkgs.writeText "ntfy-matrix-bot.toml" ''
+ matrix_homeserver = "https://conduit.stuebinm.eu"
+ matrix_username = "testbot"
+ matrix_rooms = [ "#test:conduit.stuebinm.eu" ]
+ ntfy_server = "https://ping.stuebinm.eu"
+ ntfy_topics = [ "monit" ]
+ '';
+in
{
services.matrix-conduit = {
enable = true;
@@ -11,7 +20,22 @@
port = 6167;
allow_registration = false;
};
+ };
+
+ sops.secrets."ntfy-matrix-bot/env" = {};
+ systemd.services.ntfy-matrix-bot = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${lib.getExe pkgs.ntfy-matrix-bot} -c ${botConfig}";
+ Type = "simple";
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ DynamicUser = true;
+ BindPaths = botConfig;
+ EnvironmentFile = "/run/secrets/ntfy-matrix-bot/env";
+ };
+ environment.RUST_LOG = "ntfy_matrix_bot=info";
};
services.nginx.virtualHosts."conduit.stuebinm.eu" = {
diff --git a/flake.lock b/flake.lock
index 5a82db9..c04d1d0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -252,6 +252,22 @@
"type": "github"
}
},
+ "ntfy-matrix-bot": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1711577402,
+ "narHash": "sha256-O8xtbOhrXiJhteEOcYYXqXuA/edkebg0GERBcZ3mH/w=",
+ "ref": "refs/heads/main",
+ "rev": "bade89a506c380a7d4cab4fdd765e28686c14776",
+ "revCount": 1,
+ "type": "git",
+ "url": "https://stuebinm.eu/git/ntfy-matrix-bot"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://stuebinm.eu/git/ntfy-matrix-bot"
+ }
+ },
"playground": {
"flake": false,
"locked": {
@@ -281,6 +297,7 @@
"nixpkgs": "nixpkgs",
"nixpkgs-review": "nixpkgs-review",
"nixpkgs-unstable": "nixpkgs-unstable",
+ "ntfy-matrix-bot": "ntfy-matrix-bot",
"playground": "playground",
"rust-overlay": "rust-overlay",
"showrt": "showrt",
@@ -300,11 +317,11 @@
]
},
"locked": {
- "lastModified": 1711419061,
- "narHash": "sha256-+5M/czgYGqs/jKmi8bvYC+JUYboUKNTfkRiesXopeXQ=",
+ "lastModified": 1711505476,
+ "narHash": "sha256-yK1zue1c8EdpZvEyQWrjawG9Ykzl7eB2xJ/V+2vU5Jo=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "4c11d2f698ff1149f76b69e72852d5d75f492d0c",
+ "rev": "56f48d6e7559b807763ea03191bfaf95549ce610",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 7acdf75..eb4cfcb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,8 @@
isabelle-utils.flake = false;
bahnhof-name.url = "git+https://stuebinm.eu/git/bahnhof.name";
bahnhof-name.flake = false;
+ ntfy-matrix-bot.url = "git+https://stuebinm.eu/git/ntfy-matrix-bot";
+ ntfy-matrix-bot.flake = false;
gtfsBooks.url = "git+https://stuebinm.eu/git/forks/gtfs-books?ref=main";
gtfsBooks.flake = false;
@@ -152,7 +154,8 @@
kijetesantakaluotokieni showrt isabelle-utils isabat
travelynx crs-tracker crs-php bahnhof-name matrix-to
hikari_unstable heartwood radicle-interface radicle-tui
- inweb nomsring bookwyrm mollysocket git-annex-remote-remarkable2;
+ inweb nomsring bookwyrm mollysocket git-annex-remote-remarkable2
+ ntfy-matrix-bot;
tests.bookwyrm = nixpkgs.nixosTest ./tests/bookwyrm.nix;
};
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 0194a2a..9d8b7b8 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -107,6 +107,15 @@ in
isabelle-rust-utils = self.isabelle-utils;
};
+ ntfy-matrix-bot = rustPlatform.buildRustPackage rec {
+ pname = "ntfy-matrix-bot";
+ version = "0.10";
+ src = inputs.ntfy-matrix-bot;
+ cargoLock.lockFile = "${src}/Cargo.lock";
+ doCheck = false;
+ meta.mainProgram = "ntfy-matrix-bot";
+ };
+
bahnhof-name =
let
haskellPkgs = self.haskellPackages.override (old: {
diff --git a/secrets/chaski.yaml b/secrets/chaski.yaml
new file mode 100644
index 0000000..7f07b2c
--- /dev/null
+++ b/secrets/chaski.yaml
@@ -0,0 +1,31 @@
+ntfy-matrix-bot:
+ env: ENC[AES256_GCM,data:mk/7fcdfsq+BOB8QK7LzVhYMDmMLw0cB0qq3p2IGWQAJtodqlqQMJukVF0jpoJLB/9GMcCweloVikus9K23/lcUPMZFHCdpMRR94puGROub8RF+v6XvegC741utlsLWGnS+Z/U8atHoI2rptdh4OV9lwELFYMpwDC/2IhxnhIyqWbAKnuWGdJcNVAKF6QxI0gY854xKoxRNXs3BrctoubSbBSyarjQiFgpk=,iv:jip5eTFPyBa199/SZhfezMY+Og8i1rh+2dmfVzBRPpo=,tag:xyLR34PqtJI63M5qnMvemQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eVRBaUxaUFREd3AvK3hE
+ YmcxUFRlK0F0aW0wMlFsWEtSSHdxUm1rK0Y4CkNyYVI4TnBXL0hOUDJYbThXYks5
+ WkVKMThqdWxRdzBURXp2aHUxZko3RzgKLS0tIHRVclNFNkRWZThBZklhRklrSmZP
+ TUE5N2IyNnFXb0ZTQ2U1NTYzSXZtVkEKM4fyZCpQtaFj2xmHJXJJlsQ48olr5uTV
+ IYs/FkXHIu2MXD4br3M5VQRNoN2htYKlMwEUF2tLdZio73RN3jodPw==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age14cf8h02c8r2c7nag5fezyhp56za9c4p0t8n39qy452t8hsqwlvgs9y7r8v
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRGd3Nmhzd0NVM3lmcUxO
+ NG1mMWhMaGNEYURNK0MxUFdvakltT01Obnk0CkI4bDA0UUF0QkJqVGxMeWRXSjg0
+ SDF5cDF1bDUrbVNIcGUydWpVL0kxcjgKLS0tIE5LYTdnTzVlcjFTRXhJM1pNd1Ji
+ aFF6Nkowc3kxckFGNWRqSUxYdXZOd0kKsoRAtnnhIkaPACXgaGzMNW6uAG4pAg4d
+ DdgcTPKdAEv0uAqAmndsll+vWE1C0FaUwe37/jmBfAKrXpN7GwVa4g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-03-27T22:32:40Z"
+ mac: ENC[AES256_GCM,data:MJTMrHLh9rL7p1Y+e4if51ZYvfYWDV25eJvJ3unZwIAahF5GoOav4rb1hU1hLObZFhtlyjgHe/VGP2D+QsDARJOop0kGiybnfHqz7Vh7KIWhjDwsxaBPkxMUovxrEhxnwHR8+zKqNs+Vcl06ZaJ2F6U0rJRqyxO2CK5aSnuqDtE=,iv:qDsnPrVlnwnmWFJYxgCBCvg1/qgFl1IOC3QEifXaEbs=,tag:/oVJDam2l7pD+g2tIBAakg==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.8.1