diff --git a/hosts/web02/secrets.yaml b/hosts/web02/secrets.yaml index cc3bb63..10b6d75 100644 --- a/hosts/web02/secrets.yaml +++ b/hosts/web02/secrets.yaml @@ -1,5 +1,5 @@ ssh_host_ed25519_key: ENC[AES256_GCM,data:mp33XErF8FL7/rxKUsXiVijkCcDlSmtopkxTA/tDpcVx1ft6e9/YIoGYvLwxMhwowlEjktuANnZXo0tPHoCaiRdsFL2XMlNhbMHz5PKdIwpQyGysbqJKzVSa81F8RS1IG0sY8YGaCXsOfWPBbNJFTapT+9Xb6niRwiQkwwPAxBN9zdS+nMvllNHEZSv4RQ84uKzvyaLPB9N3GU7GHPq5UzBYNO1eH0eHoDEvv3JI6W/C8dws4liAwCSoCOF0RTdBpVKZvlf2DMYCKEZYWlnyBvq/NVJr2JujNDhtKOozL0tVLCkh8QQrLiWucN1yCMiy+1VS5yqmvqa6Gvc4P9hgmMHRjA37oJtDrik4SWQZq0VfxJ00oC3ByGmH6mR4AZY/BTPMnRAgF/m3rjryEd4hCjlQ1jJhdWmRTchruK7oSz/FrZmtCp/fVsRulcJ2JmU2gEQF0rfP9+eq/LWLD0FPvsp9ytf18wPMAY6fYj7vQGj5dx9ZB6oJ0RxlgAhPFhjAztjmMQD43oSsNnm9FKISS5Vv07tQDQBUHe3d,iv:Z6SfUFsjfRaVc23CNM1NE4/c92MLmbdEXilPJomX9qM=,tag:xknd9rqBVvUg69ICvhXHcA==,type:str] -nix-community-matrix-bot-token: ENC[AES256_GCM,data:uWqZe3tC5bGSC78SfVH0uwjnHBU0RdgglOlVUQo99AYykdzeAH9toTk2ZgtP97L1kKdyQo70f7QcNSCqtbmB0Q==,iv:xPob8PjdF0ha9u4lwFOWRJvSD+xUMIL6uw6OogMVP+g=,tag:gx0tIiiH6eNiapcEVZaiBw==,type:str] +nix-community-matrix-bot-token: ENC[AES256_GCM,data:CHL3h0ttoBjj5xGfvQ9k4kYDMFdKV9V5DV9KOtz84LotVjZ7MRP9LDjvxfchO8T3kU1OMPWqBVYOS04da3xMLyRQRa1phkkGwjigjQ==,iv:pGyD4w4LLYfZmyZol52DTKeWMOniG96TX0aoF/4/uxM=,tag:Hw/eCheMjiUBj9bDTz0Ysw==,type:str] sops: kms: [] gcp_kms: [] @@ -60,8 +60,8 @@ sops: QnJZZzN1a1M5b1dwa3hvL3ZHYkpxQUkK1g9sQB0UHl9coaznjIn4WDpQv21Y8cl9 LNqnv0Q6KrxNliq2JEJoEpjD5+xTcqV/5FgylKhtdNWUZ0eAX8taog== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-12T01:00:57Z" - mac: ENC[AES256_GCM,data:GqsV7ULY9kWLooThcpJulxkJgxP92kY9OEWETuvO1Do9uiUaJUpmmPcwu7mhAEZzys4U+wZEfpRvfrrJanCotGCeNsfGh9zAbgHn4T5P8wqOyTWns5qaQDQki1Fs83CyGuCUjwPUWcH6euLYUlWANYcUbIZms9sb1l0bo7MxZ18=,iv:xqqpUsc5nfHmB+DX9S5fNPrdDqPBd+IPtlr3GnS/jfU=,tag:pPLlZ2q8ZxQJFHBxGTJRdA==,type:str] + lastmodified: "2023-08-15T22:00:57Z" + mac: ENC[AES256_GCM,data:caG26hmL2TlFVhufXG2lkhrKK0CtseYj+5HWnWYIaBo28jGesWONp9o3r3/eKa+7ZlBnQu1Xt+ctQmIOiyqavQtfTWYjlS8Pb2yvfjAKrKSYwg8gxRXnD+vqCzFAFsvlCdWV5uPdLmO6YuDWjO8QCccDQaJuo9ChAGDryngNPqY=,iv:cbS1zpaZFUr/HP4eDSOJe90IJ2IqxFzQdkBGfaHt6Uc=,tag:soKRVwIBbusdrcYLjA4B0w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/modules/nixos/monitoring/alert-rules.nix b/modules/nixos/monitoring/alert-rules.nix index 2059c23..7ed0940 100644 --- a/modules/nixos/monitoring/alert-rules.nix +++ b/modules/nixos/monitoring/alert-rules.nix @@ -89,8 +89,8 @@ lib.mapAttrsToList description = "{{$labels.host}} failed to (re)start service {{$labels.name}}"; }; - matrix_alertmanager_receiver_not_running = { - condition = ''systemd_units_active_code{name="matrix-alertmanager-receiver.service", sub!="running"}''; + matrix_hook_not_running = { + condition = ''systemd_units_active_code{name="matrix-hook.service", sub!="running"}''; description = "{{$labels.host}} should have a running {{$labels.name}}"; }; diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 8150c89..732314e 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -1,6 +1,6 @@ { imports = [ - ./matrix-alertmanager.nix + ./matrix-hook.nix ./prometheus.nix ./telegraf.nix ]; diff --git a/modules/nixos/monitoring/matrix-alertmanager.nix b/modules/nixos/monitoring/matrix-alertmanager.nix deleted file mode 100644 index 301bc17..0000000 --- a/modules/nixos/monitoring/matrix-alertmanager.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, pkgs, ... }: -let - matrix-alertmanager-receiver = pkgs.buildGoModule rec { - pname = "matrix-alertmanager-receiver"; - version = "0.1.2"; - src = pkgs.fetchFromSourcehut { - owner = "~fnux"; - repo = "matrix-alertmanager-receiver"; - rev = version; - hash = "sha256-F6Cn0lmASAjWGEBCmyLdfz4r06fDTEfZQcynfA/RRtI="; - }; - vendorHash = "sha256-7tRCX9FzOsLXCTWWjLp3hr1kegt1dxsbCKfC7tICreo="; - }; -in -{ - sops.secrets.nix-community-matrix-bot-token = { }; - sops.templates."config.toml".content = '' - Homeserver = "https://matrix-client.matrix.org" - TargetRoomID = "!cBybDCkeRlSWfuaFvn:numtide.com" - MXID = "@nix-community-matrix-bot:matrix.org" - MXToken = "${config.sops.placeholder.nix-community-matrix-bot-token}" - HTTPPort = 9088 - HTTPAddress = "localhost" - ''; - sops.templates."config.toml".owner = "matrix-alertmanager-receiver"; - - users.users.matrix-alertmanager-receiver = { - isSystemUser = true; - group = "matrix-alertmanager-receiver"; - }; - users.groups.matrix-alertmanager-receiver = { }; - - systemd.services.matrix-alertmanager-receiver = { - description = "Matrix Alertmanager Receiver"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${matrix-alertmanager-receiver}/bin/matrix-alertmanager-receiver -config ${config.sops.templates."config.toml".path}"; - Restart = "always"; - RestartSec = "10"; - User = "matrix-alertmanager-receiver"; - Group = "matrix-alertmanager-receiver"; - }; - }; -} diff --git a/modules/nixos/monitoring/matrix-hook.nix b/modules/nixos/monitoring/matrix-hook.nix new file mode 100644 index 0000000..ce599cd --- /dev/null +++ b/modules/nixos/monitoring/matrix-hook.nix @@ -0,0 +1,51 @@ +{ config, pkgs, ... }: +let + matrixHook = pkgs.buildGoModule rec { + pname = "matrix-hook"; + version = "2e2770e685ca57e111b9dd2dc178cc6984404a25"; + src = pkgs.fetchFromGitHub { + owner = "pinpox"; + repo = "matrix-hook"; + rev = version; + hash = "sha256-G5pq9sIz94V2uTYBcuHJsqD2/pMtxhWkAO8B0FncLbE="; + }; + vendorHash = "sha256-185Wz9IpJRBmunl+KGj/iy37YeszbT3UYzyk9V994oQ="; + postInstall = '' + install message.html.tmpl -Dt $out + ''; + }; +in +{ + sops.secrets.nix-community-matrix-bot-token = { }; + + users.users.matrix-hook = { + isSystemUser = true; + group = "matrix-hook"; + }; + users.groups.matrix-hook = { }; + + systemd.services.matrix-hook = { + description = "Matrix Hook"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + HTTP_ADDRESS = "localhost"; + HTTP_PORT = "9088"; + MX_HOMESERVER = "https://matrix-client.matrix.org"; + MX_ID = "@nix-community-matrix-bot:matrix.org"; + MX_ROOMID = "!cBybDCkeRlSWfuaFvn:numtide.com"; + MX_MSG_TEMPLATE = "${matrixHook}/message.html.tmpl"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = "${matrixHook}/bin/matrix-hook"; + EnvironmentFile = [ + config.sops.secrets.nix-community-matrix-bot-token.path + ]; + Restart = "always"; + RestartSec = "10"; + User = "matrix-hook"; + Group = "matrix-hook"; + }; + }; +}