diff --git a/REUSE.toml b/REUSE.toml index 9c959f9..1f903c0 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -14,7 +14,7 @@ precedence = "closest" [[annotations]] SPDX-FileCopyrightText = "La Délégation Générale Numérique " SPDX-License-Identifier = "CC-BY-NC-ND-4.0" -path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"] +path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-notify/ntfy", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"] precedence = "closest" [[annotations]] diff --git a/default.nix b/default.nix index 4c9c864..fe7e54e 100644 --- a/default.nix +++ b/default.nix @@ -92,6 +92,7 @@ let "modules/nixos/dgn-backups/keys/*" "modules/nixos/dgn-netbox-agent/secrets/netbox-agent" "modules/nixos/dgn-notify/mail" + "modules/nixos/dgn-notify/ntfy" "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file" "modules/nixos/dgn-records/__arkheon-token_file" "modules/nixos/dgn-s3/garage-*_file" diff --git a/modules/nixos/dgn-notify/default.nix b/modules/nixos/dgn-notify/default.nix index dcc3fe3..6600631 100644 --- a/modules/nixos/dgn-notify/default.nix +++ b/modules/nixos/dgn-notify/default.nix @@ -14,6 +14,7 @@ let inherit (lib) concatMapStringsSep + getExe mkEnableOption mkForce mkIf @@ -63,6 +64,14 @@ in $(systemctl status --full "$1") ERRMAIL + + ${getExe pkgs.jq} \ + '.title |= $title | .message |= $body' \ + <(echo '{ topic: "monitoring", priority: 4 }') \ + --arg title "[$HOSTNAME] Systemd failure: $1" \ + --rawfile body <(systemctl status --full "$1") | \ + ${getExe pkgs.curl} https://push.dgnum.eu -d @- \ + -H "Authorization: Bearer $(cat ${config.age.secrets.ntfy.path})" '' ); }; diff --git a/modules/nixos/dgn-notify/ntfy b/modules/nixos/dgn-notify/ntfy new file mode 100644 index 0000000..69c31fa --- /dev/null +++ b/modules/nixos/dgn-notify/ntfy @@ -0,0 +1,60 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA fliq4UcU2T15wd/CEB5NYk9+0cNpA8higneZUX9uY2I +ui9Ii+fWdvyAjeireGBE1EiHhpuhl8N1GO8krhi3Wuo +-> ssh-ed25519 QlRB9Q y9MDkopaEWegSkuB+XqwWOro3lC4Em7Eb+sN8rg8oUE +khM4m4lpDkR1JbwDUwfTwLBRlSCEehHD7mOnQnz61Lo +-> ssh-ed25519 r+nK/Q f4nQQYqyR9y4wt9IuyFhMoiw1JowiK8TAY1qmekK4lI +4xIGaCr/1WeTMW1uCdnIMMm6ZGCtTjJt9AKWWk8oByk +-> ssh-rsa krWCLQ +Vr8FpWnZQniLGaYH4Uq+u9kROYunor/ScH/68PObnlsM/BSukBhNT0lgGEbvms2l +3FT0W9T4/9m2A8XnEHKOQ5sZNp7wQQbqBqoDmpdSBTqY+FIQrz+0srJ7tiGiybhJ +cKm1lgHShfuv4+Pe0QNgg/UwyhNv8j7tf7VYqSWiMqULbrHPXk2yyHQfT5UtrnlL +c106eoI8o6OMViGbKbHWJlRe65zhO4iV2tVjWq61UpvGK4PjLKH/XKZ2lDbUNnO+ +eTHjWf3he9SpgdoO6CyK+h9+c9o6BgHGpDlo5Lgl5nL2xXmD1RRQQR+kHRKliuLf +prMc4d9vXxAx4PHqe4XrMg +-> ssh-ed25519 /vwQcQ bApaXrSD43O8sNpxyg+VjR/HvDLLk600yJjXuFUKHTU +lCy9D1Yx0nuTlaX0Uh/0ZqKbCgRBAKSqCytmu+GTA8Y +-> ssh-ed25519 0R97PA 2AL2O7dV8YzAUwc27TRWF4YtST4MChprpPBG75NX2Q0 +oBPbVy5JngLoHrQG4FdQSv8RcXw0yJ/vWQHsA6N8JCI +-> ssh-ed25519 JGx7Ng C7gFRz4NMrLzAPfCI5EY5CpUvQ/u4V59NbKZYJj4LD8 +SxM40YJcPX/iL4szqs7M6VZJyaNmj2xUcunoyouXfgU +-> ssh-ed25519 bUjjig hy0Tj8gXPuwpq3sBHOQ8JXAz0xg/s3doqOfbC2C7i3g +5KVwYkZp3XkCprFHhKJu+WUAgAKrFpga6BOwMS218w4 +-> ssh-ed25519 DqHxWQ mzemsdxZ9mmQUHb3K0CCN4nbgaWWC/XfMFclVf5VH3k +H4zzq3ra6WAupZh1WTvdxqu5U9MaKdHQZ26fqUwHXTs +-> ssh-ed25519 IxxZqA UKjyIDwJSWOG6M9jNvQOL+fDEpnTuIpCVUaLe1o7YWg +DHBp7hyl9ViLeM4EKIrqGTtO/jrBofBA1qkog1OnSfY +-> ssh-ed25519 /fsvPA QIkPRMMVzTkX5GEsFxSnNGeICn7gCguPHVK1FLlbFU8 +YK+pz/tmNYV1XRU5JC1dDIOonq5D86J9X3hmJgJTlcg +-> ssh-ed25519 tDqJRg I4b5qLm6/c7kZD14FFgv/Y1lpAnMl+hSAurzNcjRHmA +Q6A+6M9I1atpMyaE+rIXt68Xco9sCX1lySDnNmwxnpw +-> ssh-ed25519 9pVK7Q sBP87Q+34Pgx2/uIOcvcu3Amf78Clj9BZfQ4FhjVAEg +7TMI1cmEBJm1uDoXlE18lPmOAV+cJKuXtNnRxWOmf4Y +-> ssh-ed25519 /BRpBQ bGI32xEyyM1hJ4pQV1VOgjJYkOu5HIzNGpBgZJGPLic +CmJf02BnchNgyy5uUEPO4GLn+XZ08PuVyrBqKir5/Xg +-> ssh-ed25519 t0vvHQ RpEDX65fLny4bm2vUvvV8cSvFS5vRCL3LyZVBw392j8 +NWQd/7kUHKEi919cOOOYHGGn9FdoyKMOhHjBu84/Z4A +-> ssh-ed25519 E6cGqw ItjYI/zA8VklrSAsp+X4CkVGj/wBf6Bga722fwKEoCU ++DXH2k8vW+xdJwg+VEaC3re9ikAwGcIzc00a1OpW0MA +-> ssh-ed25519 EEPmeQ xeSzsHR8qA+qwFhQP83S3ANg484KbkppW+51fpP05VE +oC5xLk0nstn0zzT8jAfC+fZc7FLIR43QjEGxBHXy7eM +-> ssh-ed25519 /x+F2Q 7YNTNvaZsXhQVz70ZLNrTthtLByqyTmz0i4jMtdasR4 +6lCNttcesatKVzFBAI8BCHU1KKE01vJVAiSMhkg+M2U +-> ssh-ed25519 +MNHsw K++mpX4PIlHN4om/zVJXmmMd+oV7GZEXO4FVT5vT2AQ +YEU316rCwxr+XS0TU2k9PurHF05S36rXJkaaLMqxW38 +-> ssh-ed25519 rHotTw VeSoOZpNUWekWyzY8cQdrggg5CQffYZMwdenHoCETE0 +dWTaT+PUd/U93VDaIwck/mo0hMYaV+S7H5EE8vL+nUo +-> ssh-ed25519 NaIdrw AEvxg0Ef0mcakpx+FY6MyniVHrseG6XLWCkU4JYeXn0 +iSRU4r/LdQppgn9VCUQ9WZoyVGHI81AcaAz6oTCl3v8 +-> ssh-ed25519 +mFdtQ keWGRyoODhSW0cSazXshktZAIP5NUOpKJ2kwVu4ffic +mm1aPpst94ZGnnMl7PxbgPPD0s4BkIR3g3YT2bhyIDA +-> ssh-ed25519 0IVRbA iEzMhoRhacu7KEbZC5AwGhIM4LPqZkTU6uiIVwm5wEg +dbxRMrEpLMXOECfCvGgBgZvn3pGX9+DxRzSjZANJbP4 +-> ssh-ed25519 IY5FSQ BUmBe3r7emA3bUEvUpNanyLzxVmAjZyHWVGSQStvdgo +V7W+sevmsGDBrOsyWM3CRSiZrW0gPyV5v/IrfqcdbFw +-> ssh-ed25519 VQSaNw KqPjcuCZvM/Ao54AYHJHlZ9tLoUstwzsAESqlS/g12M +6nVO0c0g+ULE0A1POGFaylpLR+HwRSnfkdXl0vR0FQw +-> %Oq`'8n+-grease HV" C5b[8N +ncBsUWVkkJ4UvIaxFWwN8SXvMUrk1J5pCAeRg2e1bHp75RkGd6apUWdg +--- IpyGgm4d6PctYg3NCJ1FTHR9RSVh4dX+ERhj75xRH/4 +wM?8NwV(ɧ]ǨO \ No newline at end of file diff --git a/modules/nixos/dgn-notify/secrets.nix b/modules/nixos/dgn-notify/secrets.nix index 92144a7..b89b6a6 100644 --- a/modules/nixos/dgn-notify/secrets.nix +++ b/modules/nixos/dgn-notify/secrets.nix @@ -2,4 +2,7 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; } +{ + mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; + ntfy.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; +}