diff --git a/machines/nixos/web01/ntfy-sh.nix b/machines/nixos/web01/ntfy-sh.nix index 41b79da..be82dbc 100644 --- a/machines/nixos/web01/ntfy-sh.nix +++ b/machines/nixos/web01/ntfy-sh.nix @@ -2,11 +2,31 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ config, ... }: +{ + config, + lib, + meta, + ... +}: let + inherit (lib) + filterAttrs + mapAttrsToList + mapAttrs + ; + host = "push.dgnum.eu"; port = 2586; + + ntfy-users = mapAttrs (_: member: { hashedPassword = member.ntfy-hashedPassword; }) ( + filterAttrs (_: member: member.ntfy-hashedPassword != null) meta.organization.members + ); + ntfy-access = mapAttrsToList (name: _: { + topic = "monitoring"; + username = name; + permission = "ro"; + }) ntfy-users; in { nixpkgs.overlays = [ @@ -41,15 +61,9 @@ in username = "systemd"; permission = "wo"; } - ]; - users = { + ] ++ ntfy-access; + users = ntfy-users // { "systemd".passwordFile = config.age.secrets."ntfy-sh-systemd_passwd".path; - - # TODO: through meta - "catvayor" = { - role = "admin"; - hashedPassword = "$2b$05$rDvB8C7OoWoyAgLAeaZBcuptiJulF/BfSYREoPRIZkmAO7hhimvNy"; - }; }; }; }; diff --git a/meta/options.nix b/meta/options.nix index 403b5c9..8949b0e 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -142,6 +142,14 @@ in ''; }; + ntfy-hashedPassword = mkOption { + type = nullOr str; + default = null; + description = '' + Hashed password for ntfy-sh account. + ''; + }; + # FIXME: Unused vpnKeys = mkOption { type = attrsOf vpnKeyType; diff --git a/meta/organization/members.nix b/meta/organization/members.nix index 92fbccd..8db3f66 100644 --- a/meta/organization/members.nix +++ b/meta/organization/members.nix @@ -42,6 +42,7 @@ builderKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDn3ft6Pmlql8er86nyCVFSQDEY993By+667OmN3ECK9 catvayor@kat-probook" ]; + ntfy-hashedPassword = "$2b$05$rDvB8C7OoWoyAgLAeaZBcuptiJulF/BfSYREoPRIZkmAO7hhimvNy"; }; cst1 = {