DGNum/infrastructure
9
6
Fork 3
Code Issues 31 Pull requests 29 Projects 1 Releases Packages Wiki Activity Actions

fix(ntfy-sh): various typos and bug
All checks were successful
Check meta / check_meta (pull_request) Successful in 14s
Details
Check meta / check_dns (push) Successful in 16s
Details
Check meta / check_meta (push) Successful in 16s
Details
Check meta / check_dns (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 17s
Details
Run pre-commit on all files / pre-commit (push) Successful in 29s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 30s
Details
Build all the nodes / ap01 (pull_request) Successful in 42s
Details
Build all the nodes / geo01 (pull_request) Successful in 53s
Details
Build all the nodes / cof02 (pull_request) Successful in 55s
Details
Build all the nodes / bridge01 (pull_request) Successful in 58s
Details
Build all the nodes / geo02 (pull_request) Successful in 56s
Details
Build all the nodes / build01 (pull_request) Successful in 1m0s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 58s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 58s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 59s
Details
Build all the nodes / netaccess01 (pull_request) Successful in 22s
Details
Build all the nodes / netcore00 (pull_request) Successful in 22s
Details
Build all the nodes / netcore02 (pull_request) Successful in 23s
Details
Build all the nodes / netcore01 (pull_request) Successful in 23s
Details
Build all the nodes / iso (pull_request) Successful in 1m6s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m22s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 45s
Details
Build the shell / build-shell (pull_request) Successful in 23s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m37s
Details
Build all the nodes / tower01 (pull_request) Successful in 46s
Details
Build all the nodes / web02 (pull_request) Successful in 48s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m7s
Details
Build all the nodes / web03 (pull_request) Successful in 58s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m10s
Details
Build all the nodes / web01 (pull_request) Successful in 1m9s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m43s
Details

Browse source
This commit is contained in:
catvayor 2025-05-20 08:12:38 +02:00
parent 8cf46361b8
commit ec050d0323
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
9 changed files with 77 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

2
REUSE.toml generated
View file

@ -14,7 +14,7 @@ precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "La Délégation Générale Numérique <contact@dgnum.eu>"
SPDX-License-Identifier = "CC-BY-NC-ND-4.0"
path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-notify/ntfy_sh-systemd_passwd", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"]
path = ["machines/**/secrets/*", "modules/nixos/dgn-backups/keys/*", "modules/nixos/dgn-netbox-agent/secrets/netbox-agent", "modules/nixos/dgn-notify/mail", "modules/nixos/dgn-notify/ntfy-sh-systemd_passwd", "modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file", "modules/nixos/dgn-records/__arkheon-token_file", "modules/nixos/dgn-s3/garage-*_file"]
precedence = "closest"
[[annotations]]

2
default.nix
View file

@ -92,7 +92,7 @@ let
"modules/nixos/dgn-backups/keys/*"
"modules/nixos/dgn-netbox-agent/secrets/netbox-agent"
"modules/nixos/dgn-notify/mail"
"modules/nixos/dgn-notify/ntfy_sh-systemd_passwd"
"modules/nixos/dgn-notify/ntfy-sh-systemd_passwd"
"modules/nixos/dgn-forgejo-runners/forgejo_runners-token_file"
"modules/nixos/dgn-records/__arkheon-token_file"
"modules/nixos/dgn-s3/garage-*_file"

4
machines/nixos/web01/ntfy-sh/default.nix
View file

@ -38,7 +38,7 @@ in
}
];
users = {
"systemd".passwordFile = config.age.secrets."ntfy_sh-systemd_passwd".path;
"systemd".passwordFile = config.age.secrets."ntfy-sh-systemd_passwd".path;
# TODO: through meta
"catvayor" = {
@ -49,6 +49,8 @@ in
};
};
age-secrets.autoMatch = [ "ntfy-sh" ];
dgn-web.simpleProxies.ntfy-sh = {
inherit host port;
proxyWebsockets = true;

4
modules/nixos/dgn-notify/default.nix
View file

@ -69,11 +69,11 @@ in
${getExe pkgs.jq} \
'.title |= $title | .message |= $body' \
<(echo '{ topic: "monitoring", priority: 4 }') \
<(echo '{ "topic": "monitoring", "priority": 4 }') \
--arg title "[$HOSTNAME] Systemd failure: $1" \
--rawfile body <(systemctl status --full "$1") | \
${getExe pkgs.curl} https://push.dgnum.eu -d @- \
-u "systemd:$(cat ${config.age.secrets."ntfy_sh-systemd_passwd".path})"
-u "systemd:$(cat ${config.age.secrets."ntfy-sh-systemd_passwd".path})"
''
);
};

64
modules/nixos/dgn-notify/ntfy-sh-systemd_passwd Normal file
View file

@ -0,0 +1,64 @@
age-encryption.org/v1
-> ssh-ed25519 ZIo4kw /vCX1cst2/IfRYgjytUqKar9nvLwanXftEg2Tnv4GF4
m6IL7hx/a8kLZeXrfpI4wEQia2TsSK8aoczvMDiN+dQ
-> ssh-ed25519 9/PCvA ynVPgQIUAnX9hCGlx6+alSi9i+lsfC+tHIIRjuFsC1E
63MiBEM8pLCWw1FvIjTpALECIQmPbbucdBtkaf2Zl8o
-> ssh-ed25519 jIXfPA xoVetmOG10fh+ZDfuaJq46dAo/ROHPIvJDWF/kknZEg
eHwocHO2umlRnBHIjaV5O93RYmgRXsk52lecyC3twuA
-> ssh-ed25519 QlRB9Q 3l6d6IMFUgjmaZLUKci34SPkSl+QErieE4aZikqFrGM
aG2yHooYgMuMMXM44f4gZKU+8DKcGE/zXzAWWL0MoF0
-> ssh-ed25519 r+nK/Q faNMozUNG4ODsMV5MQtcx3E61iTicp2YpFlGnK4ZW1Q
j8DwTirU1AuOooY3LOS6xR5UlaRiVZPTfT6oV7tQBSg
-> ssh-rsa krWCLQ
acGlomsef9kSxyX2luCJjrW8Jf0Xf/0wYJKhSp6ElDAc/cLCdsycNy/tYeEDZQYJ
3NbFJ9Xm4mS10hsiwKGVK0lHvfsqTvLlLmEGnatb/hlPd8UyJ09CGI4aTFl+FSdD
JjNfZBJJqkkVAgLN+H7mBNQlPkBnaa4Rzb+w+yA2j7fG0rnM+0+TCNVLQbzsdWDV
/VfofqsOKOG18VjRttFWgD5SR3prFcn8LVCrTSQqQ84hRA/E660cjFcOs+/0n/aA
K1uOEJYm/AQl8cB5SQ6VuHRzQ6ow97j8f7kGmd3ByojzhODIG9nAV4m+ttQKTRL1
W8qb386IkF0MO0ME+1hJ3A
-> ssh-ed25519 /vwQcQ rcU+0AqBKB1LSTJyLkcXDETX9+5EEOK9ilIYRFinKUM
eW3aKdgRIk+0X4VL4kwIs0OrlNCD3yrvCZpkeHUo83U
-> ssh-ed25519 0R97PA z1PiXZaq+d2pUkFZFTxU6XEtGt99QKOZwG2GdNod9mE
zHo7Vn43kM++ksThfTRenh5OgBRAFwdPpJXTaaKIo2o
-> ssh-ed25519 JGx7Ng HL15rzdWfpvGbaRJZCxKi402Xw+IPTDOqoXXHe+RCyk
oSm7yF745lnmBlrb335L8R4hoQqpJXFL824C8fh2qc4
-> ssh-ed25519 bUjjig H3d5iSjblMkrC+YXybEilE/ad3Ki3qf3YdmfjCOwoA4
+JAmp7/tmikEc5oTt5Yt/GuJtRi1Gk1sPKy8umzENZY
-> ssh-ed25519 DqHxWQ K4C8ucGgEYLB0rGUcyMohXCcRlswE9SBmGccXemrA0Q
r8PzcQmWqIYeKRnDLZCWcelVirn9ylUwruSxOU79hQ8
-> ssh-ed25519 IxxZqA Hnsl5lhANjbkt2SOotgevJHuko0ZPrbpaj+THdvC7GM
PvH1x+PTiErwWagejtOLt916tGu2+ZUnjNZg87fcX8w
-> ssh-ed25519 /fsvPA vfLM3KlAQ7kWXP8rjbvjHUQnYDPBBDm46lXcsZkj9HA
W28VyuU50aYkJIQKMSpWrsml9osp3Xh4y71Vkt4ixsQ
-> ssh-ed25519 tDqJRg slvxcW7Dk8kBC4vDqkB+oO26py2d+XJkri6hSyFY3Bw
VpPY/QVEohOpYUCtqT6A6v/A9ehG+FShIhwMeaSkG20
-> ssh-ed25519 9pVK7Q FjkiavyKruqyWcOJZFckSXp/mMHVNvSTtbtOLJvMT3Q
b7tV92zKa6K4kbb4fFvMfyEw2ZcKlwEt6HfCu97m4cY
-> ssh-ed25519 /BRpBQ TY+GlLdL9btJUd5aawMR8FyMv446qw0i9VILOt5sfjM
4TJqKu6ArxIiAwj4y7QA/9Ae3Si9n5BCGvy2uSZteTA
-> ssh-ed25519 t0vvHQ Q8glq3+dtNt8EdUjR3GHRDqyRjGy6VbOMGrdyQT7Fn8
ZCY815CBUcWmfQedZM5Fz4S07YnhJ0u1cnPjMA7gUEE
-> ssh-ed25519 E6cGqw sFBSoOmjVWn4hq874CpnqX0KWNAIpIsir/zjdAEobgk
0Hiq0XSwrUokKzT5c3E2FgSdYUGokBwuWMejBblyYRE
-> ssh-ed25519 EEPmeQ yrg3ijttuMg7/nI4zGKaF4/R1Qm6Soy5wxtR5kHfbmU
rmfB33kZ6FQSZZKZrLvfJaStUFxzU/BFaPV33MF0VS4
-> ssh-ed25519 /x+F2Q mh+XGtsJJJ6hofaXuC+fJCB/JMAcNcgL1iNUbBJ6gWg
W40ec8qKQ0oqGynUqSIIpub+spxTs2uBOWqBxvnIA9Y
-> ssh-ed25519 +MNHsw PQHHZTbDn3APsjbv7JBJL8Y1l1k7baHKhYomd/8qjkI
sZAvnuWYmh9xyfRQwymgj0/jMUbQpJimfXq5jqcLKdA
-> ssh-ed25519 rHotTw rQQQI+Uq7BPUjzxb/Eg47vbxIBncymuHTHLfuIJto1M
MmDgHmZ7W7G6XJW5wSaZ4LQfsj879fhsPCDuhWCiE7E
-> ssh-ed25519 NaIdrw owPLPaxO53AOJDKrcX4/jAoM/YigsMTVoUqNWhhb7XQ
1G1S7CNEKiNZG/Lm8u8mKv9LbZ6b5ZozFIirZgqzoJw
-> ssh-ed25519 +mFdtQ d8XMK+HzfseHJc9jgGMrPJuxgL5x76PFjxD45ZLdZkY
JwpwP6hOLGMbOzJ6e+SkPgRm+lYBCDjNCYDhksFgCp0
-> ssh-ed25519 0IVRbA Cp7aESgB0Vy8kxtpsj9Ir8tNGfhskmqwgYs2YmVEti4
XKohsYMcsfTHkW10Z4GhQXhzYV/zCN9+Fds2QSY3/Os
-> ssh-ed25519 IY5FSQ eNrFwrMtMGohRm3M1jYrdFaYwEUQhJ3SQa5V5+0lF08
obVQ34czAIbNfVASCqY7jZrzTbKZGByElRdjjFwLgw0
-> ssh-ed25519 VQSaNw ZPlbcDvtlhq1hucmNvhWUyoIjSuKrwHRFA2KcxxG6E4
5Hn+z4h8E1f5vCRxPWeewJqZqyNWKKRjNcDc3ZtTefQ
-> F(+y[k(-grease n! ej
V3zMd0eK7BpMvoPXEQ
--- M1aBoNB2qmOHMDu1eSvUM7m+8pQRCxy0QHSPeHcDfXg
ø=´e>Â"]qŽÁ.ȪN`ÀYXy—: ¾ØY€YyÇ\þµÆ{Ìmb;-õ«¼z

60
modules/nixos/dgn-notify/ntfy_sh-systemd_passwd
View file

@ -1,60 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA fliq4UcU2T15wd/CEB5NYk9+0cNpA8higneZUX9uY2I
ui9Ii+fWdvyAjeireGBE1EiHhpuhl8N1GO8krhi3Wuo
-> ssh-ed25519 QlRB9Q y9MDkopaEWegSkuB+XqwWOro3lC4Em7Eb+sN8rg8oUE
khM4m4lpDkR1JbwDUwfTwLBRlSCEehHD7mOnQnz61Lo
-> ssh-ed25519 r+nK/Q f4nQQYqyR9y4wt9IuyFhMoiw1JowiK8TAY1qmekK4lI
4xIGaCr/1WeTMW1uCdnIMMm6ZGCtTjJt9AKWWk8oByk
-> ssh-rsa krWCLQ
Vr8FpWnZQniLGaYH4Uq+u9kROYunor/ScH/68PObnlsM/BSukBhNT0lgGEbvms2l
3FT0W9T4/9m2A8XnEHKOQ5sZNp7wQQbqBqoDmpdSBTqY+FIQrz+0srJ7tiGiybhJ
cKm1lgHShfuv4+Pe0QNgg/UwyhNv8j7tf7VYqSWiMqULbrHPXk2yyHQfT5UtrnlL
c106eoI8o6OMViGbKbHWJlRe65zhO4iV2tVjWq61UpvGK4PjLKH/XKZ2lDbUNnO+
eTHjWf3he9SpgdoO6CyK+h9+c9o6BgHGpDlo5Lgl5nL2xXmD1RRQQR+kHRKliuLf
prMc4d9vXxAx4PHqe4XrMg
-> ssh-ed25519 /vwQcQ bApaXrSD43O8sNpxyg+VjR/HvDLLk600yJjXuFUKHTU
lCy9D1Yx0nuTlaX0Uh/0ZqKbCgRBAKSqCytmu+GTA8Y
-> ssh-ed25519 0R97PA 2AL2O7dV8YzAUwc27TRWF4YtST4MChprpPBG75NX2Q0
oBPbVy5JngLoHrQG4FdQSv8RcXw0yJ/vWQHsA6N8JCI
-> ssh-ed25519 JGx7Ng C7gFRz4NMrLzAPfCI5EY5CpUvQ/u4V59NbKZYJj4LD8
SxM40YJcPX/iL4szqs7M6VZJyaNmj2xUcunoyouXfgU
-> ssh-ed25519 bUjjig hy0Tj8gXPuwpq3sBHOQ8JXAz0xg/s3doqOfbC2C7i3g
5KVwYkZp3XkCprFHhKJu+WUAgAKrFpga6BOwMS218w4
-> ssh-ed25519 DqHxWQ mzemsdxZ9mmQUHb3K0CCN4nbgaWWC/XfMFclVf5VH3k
H4zzq3ra6WAupZh1WTvdxqu5U9MaKdHQZ26fqUwHXTs
-> ssh-ed25519 IxxZqA UKjyIDwJSWOG6M9jNvQOL+fDEpnTuIpCVUaLe1o7YWg
DHBp7hyl9ViLeM4EKIrqGTtO/jrBofBA1qkog1OnSfY
-> ssh-ed25519 /fsvPA QIkPRMMVzTkX5GEsFxSnNGeICn7gCguPHVK1FLlbFU8
YK+pz/tmNYV1XRU5JC1dDIOonq5D86J9X3hmJgJTlcg
-> ssh-ed25519 tDqJRg I4b5qLm6/c7kZD14FFgv/Y1lpAnMl+hSAurzNcjRHmA
Q6A+6M9I1atpMyaE+rIXt68Xco9sCX1lySDnNmwxnpw
-> ssh-ed25519 9pVK7Q sBP87Q+34Pgx2/uIOcvcu3Amf78Clj9BZfQ4FhjVAEg
7TMI1cmEBJm1uDoXlE18lPmOAV+cJKuXtNnRxWOmf4Y
-> ssh-ed25519 /BRpBQ bGI32xEyyM1hJ4pQV1VOgjJYkOu5HIzNGpBgZJGPLic
CmJf02BnchNgyy5uUEPO4GLn+XZ08PuVyrBqKir5/Xg
-> ssh-ed25519 t0vvHQ RpEDX65fLny4bm2vUvvV8cSvFS5vRCL3LyZVBw392j8
NWQd/7kUHKEi919cOOOYHGGn9FdoyKMOhHjBu84/Z4A
-> ssh-ed25519 E6cGqw ItjYI/zA8VklrSAsp+X4CkVGj/wBf6Bga722fwKEoCU
+DXH2k8vW+xdJwg+VEaC3re9ikAwGcIzc00a1OpW0MA
-> ssh-ed25519 EEPmeQ xeSzsHR8qA+qwFhQP83S3ANg484KbkppW+51fpP05VE
oC5xLk0nstn0zzT8jAfC+fZc7FLIR43QjEGxBHXy7eM
-> ssh-ed25519 /x+F2Q 7YNTNvaZsXhQVz70ZLNrTthtLByqyTmz0i4jMtdasR4
6lCNttcesatKVzFBAI8BCHU1KKE01vJVAiSMhkg+M2U
-> ssh-ed25519 +MNHsw K++mpX4PIlHN4om/zVJXmmMd+oV7GZEXO4FVT5vT2AQ
YEU316rCwxr+XS0TU2k9PurHF05S36rXJkaaLMqxW38
-> ssh-ed25519 rHotTw VeSoOZpNUWekWyzY8cQdrggg5CQffYZMwdenHoCETE0
dWTaT+PUd/U93VDaIwck/mo0hMYaV+S7H5EE8vL+nUo
-> ssh-ed25519 NaIdrw AEvxg0Ef0mcakpx+FY6MyniVHrseG6XLWCkU4JYeXn0
iSRU4r/LdQppgn9VCUQ9WZoyVGHI81AcaAz6oTCl3v8
-> ssh-ed25519 +mFdtQ keWGRyoODhSW0cSazXshktZAIP5NUOpKJ2kwVu4ffic
mm1aPpst94ZGnnMl7PxbgPPD0s4BkIR3g3YT2bhyIDA
-> ssh-ed25519 0IVRbA iEzMhoRhacu7KEbZC5AwGhIM4LPqZkTU6uiIVwm5wEg
dbxRMrEpLMXOECfCvGgBgZvn3pGX9+DxRzSjZANJbP4
-> ssh-ed25519 IY5FSQ BUmBe3r7emA3bUEvUpNanyLzxVmAjZyHWVGSQStvdgo
V7W+sevmsGDBrOsyWM3CRSiZrW0gPyV5v/IrfqcdbFw
-> ssh-ed25519 VQSaNw KqPjcuCZvM/Ao54AYHJHlZ9tLoUstwzsAESqlS/g12M
6nVO0c0g+ULE0A1POGFaylpLR+HwRSnfkdXl0vR0FQw
-> %Oq`'8n+-grease HV" C5b[8N
ncBsUWVkkJ4UvIaxFWwN8SXvMUrk1J5pCAeRg2e1bHp75RkGd6apUWdg
--- IpyGgm4d6PctYg3NCJ1FTHR9RSVh4dX+ERhj75xRH/4
wM?8¥<38>£N˜wV¾ç(ɧ<C389>ÞÓã‚]ǨO

2
modules/nixos/dgn-notify/secrets.nix
View file

@ -4,5 +4,5 @@
{
mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos";
ntfy_sh-systemd_passwd.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos";
ntfy-sh-systemd_passwd.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos";
}

2
modules/nixos/ntfy-sh/default.nix
View file

@ -11,6 +11,7 @@
let
inherit (lib)
getExe'
mapAttrsToList
mkEnableOption
mkIf
@ -38,6 +39,7 @@ let
inherit acl_file;
user_db = settings.auth-file;
ntfy = getExe' config.services.ntfy-sh.package "ntfy";
name = "ntfy-acl";
src = ./ntfy-acl.py;

6
modules/nixos/ntfy-sh/ntfy-acl.py
View file

@ -9,7 +9,7 @@ import subprocess
def ntfy(*args: str, env=None):
subprocess.run(["ntfy"] + list(args), env=env).check_returncode()
subprocess.run(["@ntfy@"] + list(args), env=env).check_returncode()
def create_user(u: str, role: str, passwordFile: str, hashedPassword: str):
@ -62,7 +62,7 @@ with open("@acl_file@") as acl_fp:
# Connect to the db to recover the list of current users
with sqlite3.connect("@user_db@") as con:
c = con.cursor()
existing_users: set[str] = set(c.execute("SELECT user FROM user")) - {"*"}
existing_users: set[str] = set(map(lambda e: e[0], c.execute("SELECT user FROM user"))) - {"*"}
wanted_users: set[str] = set(acl_data["users"].keys())
@ -82,7 +82,7 @@ for user in existing_users & wanted_users:
ntfy("access", "--reset")
for rule in acl_data["access"]:
ntfy("access", rule["user"], rule["topic"], rule["permission"])
ntfy("access", rule["username"], rule["topic"], rule["permission"])
# Write the new ACL file path
with open("/var/lib/ntfy-sh/.acl-path", "w") as f: