DGNum/infrastructure
9
5
Fork 3
Code Issues 31 Pull requests 28 Projects 1 Releases Packages Wiki Activity Actions

feat(dgn-notify): use nfty-sh to push notification

Browse source 
fix(ntfy-sh): various typos and bug
This commit is contained in:
catvayor 2025-05-16 15:09:32 +02:00
parent 9931e7ba85
commit 74535b83ba
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
6 changed files with 81 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
REUSE.toml generated
View file

@ -14,7 +14,7 @@ precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "La Délégation Générale Numérique <contact@dgnum.eu>"
SPDX-License-Identifier = "CC-BY-NC-ND-4.0"
path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"]
path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-notify/ntfy-sh-systemd_passwd", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"]
precedence = "closest"
[[annotations]]

1
default.nix
View file

@ -102,6 +102,7 @@ let
"modules/nixos/dgn-backups/keys/*"
"modules/nixos/dgn-netbox-agent/secrets/netbox-agent"
"modules/nixos/dgn-notify/mail"
"modules/nixos/dgn-notify/ntfy-sh-systemd_passwd"
"modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file"
"modules/nixos/dgn-records/__arkheon-token_file"
"modules/nixos/dgn-s3/garage-*_file"

1
modules/nixos/default.nix
View file

@ -55,6 +55,7 @@
"services/reaction"
"services/victorialogs"
"services/victoriametrics"
"services/ntfy-sh"
]
++ nodeMeta.nix-modules
));

10
modules/nixos/dgn-notify/default.nix
View file

@ -14,6 +14,7 @@
let
inherit (lib)
concatMapStringsSep
getExe
mkEnableOption
mkForce
mkIf
@ -64,6 +65,15 @@ in
$(systemctl status --full "$1")
ERRMAIL
'';
ntfy = pkgs.writeShellScriptBin "send-ntfy" ''
${getExe pkgs.jq} \
'.title |= $title | .message |= $body' \
<(echo '{ "topic": "monitoring", "priority": 4 }') \
--arg title "[$HOSTNAME] Systemd failure: $1" \
--rawfile body <(systemctl status --full "$1") | \
${getExe pkgs.curl} https://push.dgnum.eu -d @- \
-u "systemd:$(cat ${config.age.secrets."ntfy-sh-systemd_passwd".path})"
'';
};
age-secrets.sources = [ ./. ];
};

64
modules/nixos/dgn-notify/ntfy-sh-systemd_passwd Normal file
View file

@ -0,0 +1,64 @@
age-encryption.org/v1
-> ssh-ed25519 ZIo4kw /vCX1cst2/IfRYgjytUqKar9nvLwanXftEg2Tnv4GF4
m6IL7hx/a8kLZeXrfpI4wEQia2TsSK8aoczvMDiN+dQ
-> ssh-ed25519 9/PCvA ynVPgQIUAnX9hCGlx6+alSi9i+lsfC+tHIIRjuFsC1E
63MiBEM8pLCWw1FvIjTpALECIQmPbbucdBtkaf2Zl8o
-> ssh-ed25519 jIXfPA xoVetmOG10fh+ZDfuaJq46dAo/ROHPIvJDWF/kknZEg
eHwocHO2umlRnBHIjaV5O93RYmgRXsk52lecyC3twuA
-> ssh-ed25519 QlRB9Q 3l6d6IMFUgjmaZLUKci34SPkSl+QErieE4aZikqFrGM
aG2yHooYgMuMMXM44f4gZKU+8DKcGE/zXzAWWL0MoF0
-> ssh-ed25519 r+nK/Q faNMozUNG4ODsMV5MQtcx3E61iTicp2YpFlGnK4ZW1Q
j8DwTirU1AuOooY3LOS6xR5UlaRiVZPTfT6oV7tQBSg
-> ssh-rsa krWCLQ
acGlomsef9kSxyX2luCJjrW8Jf0Xf/0wYJKhSp6ElDAc/cLCdsycNy/tYeEDZQYJ
3NbFJ9Xm4mS10hsiwKGVK0lHvfsqTvLlLmEGnatb/hlPd8UyJ09CGI4aTFl+FSdD
JjNfZBJJqkkVAgLN+H7mBNQlPkBnaa4Rzb+w+yA2j7fG0rnM+0+TCNVLQbzsdWDV
/VfofqsOKOG18VjRttFWgD5SR3prFcn8LVCrTSQqQ84hRA/E660cjFcOs+/0n/aA
K1uOEJYm/AQl8cB5SQ6VuHRzQ6ow97j8f7kGmd3ByojzhODIG9nAV4m+ttQKTRL1
W8qb386IkF0MO0ME+1hJ3A
-> ssh-ed25519 /vwQcQ rcU+0AqBKB1LSTJyLkcXDETX9+5EEOK9ilIYRFinKUM
eW3aKdgRIk+0X4VL4kwIs0OrlNCD3yrvCZpkeHUo83U
-> ssh-ed25519 0R97PA z1PiXZaq+d2pUkFZFTxU6XEtGt99QKOZwG2GdNod9mE
zHo7Vn43kM++ksThfTRenh5OgBRAFwdPpJXTaaKIo2o
-> ssh-ed25519 JGx7Ng HL15rzdWfpvGbaRJZCxKi402Xw+IPTDOqoXXHe+RCyk
oSm7yF745lnmBlrb335L8R4hoQqpJXFL824C8fh2qc4
-> ssh-ed25519 bUjjig H3d5iSjblMkrC+YXybEilE/ad3Ki3qf3YdmfjCOwoA4
+JAmp7/tmikEc5oTt5Yt/GuJtRi1Gk1sPKy8umzENZY
-> ssh-ed25519 DqHxWQ K4C8ucGgEYLB0rGUcyMohXCcRlswE9SBmGccXemrA0Q
r8PzcQmWqIYeKRnDLZCWcelVirn9ylUwruSxOU79hQ8
-> ssh-ed25519 IxxZqA Hnsl5lhANjbkt2SOotgevJHuko0ZPrbpaj+THdvC7GM
PvH1x+PTiErwWagejtOLt916tGu2+ZUnjNZg87fcX8w
-> ssh-ed25519 /fsvPA vfLM3KlAQ7kWXP8rjbvjHUQnYDPBBDm46lXcsZkj9HA
W28VyuU50aYkJIQKMSpWrsml9osp3Xh4y71Vkt4ixsQ
-> ssh-ed25519 tDqJRg slvxcW7Dk8kBC4vDqkB+oO26py2d+XJkri6hSyFY3Bw
VpPY/QVEohOpYUCtqT6A6v/A9ehG+FShIhwMeaSkG20
-> ssh-ed25519 9pVK7Q FjkiavyKruqyWcOJZFckSXp/mMHVNvSTtbtOLJvMT3Q
b7tV92zKa6K4kbb4fFvMfyEw2ZcKlwEt6HfCu97m4cY
-> ssh-ed25519 /BRpBQ TY+GlLdL9btJUd5aawMR8FyMv446qw0i9VILOt5sfjM
4TJqKu6ArxIiAwj4y7QA/9Ae3Si9n5BCGvy2uSZteTA
-> ssh-ed25519 t0vvHQ Q8glq3+dtNt8EdUjR3GHRDqyRjGy6VbOMGrdyQT7Fn8
ZCY815CBUcWmfQedZM5Fz4S07YnhJ0u1cnPjMA7gUEE
-> ssh-ed25519 E6cGqw sFBSoOmjVWn4hq874CpnqX0KWNAIpIsir/zjdAEobgk
0Hiq0XSwrUokKzT5c3E2FgSdYUGokBwuWMejBblyYRE
-> ssh-ed25519 EEPmeQ yrg3ijttuMg7/nI4zGKaF4/R1Qm6Soy5wxtR5kHfbmU
rmfB33kZ6FQSZZKZrLvfJaStUFxzU/BFaPV33MF0VS4
-> ssh-ed25519 /x+F2Q mh+XGtsJJJ6hofaXuC+fJCB/JMAcNcgL1iNUbBJ6gWg
W40ec8qKQ0oqGynUqSIIpub+spxTs2uBOWqBxvnIA9Y
-> ssh-ed25519 +MNHsw PQHHZTbDn3APsjbv7JBJL8Y1l1k7baHKhYomd/8qjkI
sZAvnuWYmh9xyfRQwymgj0/jMUbQpJimfXq5jqcLKdA
-> ssh-ed25519 rHotTw rQQQI+Uq7BPUjzxb/Eg47vbxIBncymuHTHLfuIJto1M
MmDgHmZ7W7G6XJW5wSaZ4LQfsj879fhsPCDuhWCiE7E
-> ssh-ed25519 NaIdrw owPLPaxO53AOJDKrcX4/jAoM/YigsMTVoUqNWhhb7XQ
1G1S7CNEKiNZG/Lm8u8mKv9LbZ6b5ZozFIirZgqzoJw
-> ssh-ed25519 +mFdtQ d8XMK+HzfseHJc9jgGMrPJuxgL5x76PFjxD45ZLdZkY
JwpwP6hOLGMbOzJ6e+SkPgRm+lYBCDjNCYDhksFgCp0
-> ssh-ed25519 0IVRbA Cp7aESgB0Vy8kxtpsj9Ir8tNGfhskmqwgYs2YmVEti4
XKohsYMcsfTHkW10Z4GhQXhzYV/zCN9+Fds2QSY3/Os
-> ssh-ed25519 IY5FSQ eNrFwrMtMGohRm3M1jYrdFaYwEUQhJ3SQa5V5+0lF08
obVQ34czAIbNfVASCqY7jZrzTbKZGByElRdjjFwLgw0
-> ssh-ed25519 VQSaNw ZPlbcDvtlhq1hucmNvhWUyoIjSuKrwHRFA2KcxxG6E4
5Hn+z4h8E1f5vCRxPWeewJqZqyNWKKRjNcDc3ZtTefQ
-> F(+y[k(-grease n! ej
V3zMd0eK7BpMvoPXEQ
--- M1aBoNB2qmOHMDu1eSvUM7m+8pQRCxy0QHSPeHcDfXg
ø=´e>Â"]qŽÁ.ȪN`ÀYXy—: ¾ØY€YyÇ\þµÆ{Ìmb;-õ«¼z

5
modules/nixos/dgn-notify/secrets.nix
View file

@ -2,4 +2,7 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; }
{
mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos";
ntfy-sh-systemd_passwd.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos";
}