feat(nimbolus): init a http terraform backend

feat(systemd-notify): allow multiple failure scripts
refactor(systemd-notify): take it from nix-modules
2025-06-17 17:26:53 +02:00 · 2025-06-17 17:11:56 +02:00 · 2025-06-17 17:11:56 +02:00
3 changed files with 59 additions and 13 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -39,6 +39,7 @@
      "extranix"
      "forgejo-multiuser-nix-runners"
      "openbao"
+      "systemd-notify"
    ])
    ++ [
      "${sources.agenix}/modules/age.nix"
@ -52,7 +53,6 @@
        "services/forgejo-nix-runners"
        "services/nginx-sni"
        "services/reaction"
-        "services/systemd-notify"
        "services/victorialogs"
        "services/victoriametrics"
      ]
--- a/modules/nixos/dgn-notify/default.nix
+++ b/modules/nixos/dgn-notify/default.nix
@ -54,19 +54,16 @@ in
    };

    services.systemd-notify = {
-      enable = true;
-      command = builtins.toString (
-        pkgs.writeShellScript "sendmail" ''
-          ${pkgs.msmtp}/bin/sendmail -i -t <<ERRMAIL
-          To: admins+monitoring@dgnum.eu, ${emails}
-          Subject: [$HOSTNAME] Systemd failure: $1
-          Content-Transfer-Encoding: 8bit
-          Content-Type: text/plain; charset=UTF-8
+      mail = pkgs.writeShellScript "sendmail" ''
+        ${pkgs.msmtp}/bin/sendmail -i -t <<ERRMAIL
+        To: admins+monitoring@dgnum.eu, ${emails}
+        Subject: [$HOSTNAME] Systemd failure: $1
+        Content-Transfer-Encoding: 8bit
+        Content-Type: text/plain; charset=UTF-8

-          $(systemctl status --full "$1")
-          ERRMAIL
-        ''
-      );
+        $(systemctl status --full "$1")
+        ERRMAIL
+      '';
    };
    age-secrets.sources = [ ./. ];
  };
--- a/modules/nixos/systemd-notify.nix
+++ b/modules/nixos/systemd-notify.nix
@ -0,0 +1,49 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ config, lib, ... }:
+
+let
+  inherit (lib)
+    getExe
+    mapAttrs'
+    mapAttrsToList
+    mkOption
+    mkForce
+    nameValuePair
+    ;
+  inherit (lib.types) attrsOf package submodule;
+
+  cfg = config.services.systemd-notify;
+in
+
+{
+  options.services.systemd-notify = mkOption {
+    type = attrsOf package;
+    description = ''
+      Commands to execute when a systemd unit fails.
+      Attrs keys will be the unit name and attrs value is the command that
+      will be run with the name of the failed unit as an argument.
+    '';
+    default = { };
+  };
+
+  options.systemd.services = mkOption {
+    type = attrsOf (submodule {
+      config.onFailure = mapAttrsToList (name: _: "${name}@%n.service") cfg;
+    });
+  };
+
+  config.systemd.services = mapAttrs' (
+    name: script:
+    nameValuePair "${name}@" {
+      description = "Run ${name} script on service failures.";
+      onFailure = mkForce [ ]; # Avoid recursive failures
+      serviceConfig = {
+        ExecStart = "${getExe script} %i";
+        Type = "oneshot";
+      };
+    }
+  ) cfg;
+}
Author	SHA1	Message	Date
catvayor	a7def32a75	feat(nimbolus): init a http terraform backend Some checks failed Build all the nodes / compute01 (pull_request) Successful in 1m52s Details Build all the nodes / storage01 (pull_request) Successful in 1m35s Details Build all the nodes / krz01 (pull_request) Successful in 1m51s Details Build all the nodes / Jaccess04 (push) Successful in 49s Details Build all the nodes / Jaccess01 (push) Successful in 49s Details Run pre-commit on all files / pre-commit (push) Successful in 53s Details Build all the nodes / ap01 (push) Successful in 1m15s Details Build all the nodes / hypervisor01 (push) Successful in 1m23s Details Build all the nodes / hypervisor03 (push) Successful in 1m29s Details Build all the nodes / cof02 (push) Successful in 1m33s Details Build all the nodes / build01 (push) Successful in 1m34s Details Build all the nodes / hypervisor02 (push) Successful in 1m33s Details Build all the nodes / bridge01 (push) Successful in 1m44s Details Build all the nodes / geo01 (push) Successful in 1m44s Details Build all the nodes / netcore01 (push) Successful in 31s Details Build all the nodes / netcore02 (push) Successful in 34s Details Build all the nodes / compute01 (push) Successful in 1m57s Details Build the shell / build-shell (push) Successful in 26s Details Build all the nodes / geo02 (push) Successful in 2m4s Details Build all the nodes / iso (push) Successful in 1m19s Details Build all the nodes / lab-router01 (push) Successful in 58s Details Build all the nodes / tower01 (push) Successful in 57s Details Build all the nodes / web02 (push) Successful in 55s Details Build all the nodes / vault01 (push) Successful in 1m9s Details Build all the nodes / zulip01 (push) Successful in 58s Details Build all the nodes / web03 (push) Successful in 1m2s Details Build all the nodes / rescue01 (push) Successful in 1m19s Details Build all the nodes / web01 (push) Successful in 1m26s Details Build all the nodes / krz01 (push) Successful in 6m19s Details Build all the nodes / storage01 (push) Has been cancelled Details	2025-06-17 17:26:53 +02:00
catvayor	d6300e6e19	feat(systemd-notify): allow multiple failure scripts All checks were successful Build all the nodes / zulip01 (pull_request) Successful in 57s Details Build all the nodes / web01 (pull_request) Successful in 1m13s Details Build all the nodes / storage01 (pull_request) Successful in 1m38s Details Build all the nodes / Jaccess04 (push) Successful in 24s Details Build all the nodes / Jaccess01 (push) Successful in 28s Details Run pre-commit on all files / pre-commit (push) Successful in 30s Details Build all the nodes / ap01 (push) Successful in 43s Details Build all the nodes / bridge01 (push) Successful in 48s Details Build all the nodes / netcore01 (push) Successful in 25s Details Build all the nodes / hypervisor01 (push) Successful in 52s Details Build all the nodes / geo01 (push) Successful in 57s Details Build all the nodes / cof02 (push) Successful in 1m1s Details Build all the nodes / hypervisor03 (push) Successful in 1m0s Details Build all the nodes / hypervisor02 (push) Successful in 1m1s Details Build all the nodes / geo02 (push) Successful in 1m2s Details Build all the nodes / build01 (push) Successful in 1m4s Details Build all the nodes / netcore02 (push) Successful in 22s Details Build all the nodes / iso (push) Successful in 1m4s Details Build all the nodes / lab-router01 (push) Successful in 55s Details Build all the nodes / compute01 (push) Successful in 1m20s Details Build all the nodes / krz01 (push) Successful in 1m36s Details Build all the nodes / tower01 (push) Successful in 47s Details Build the shell / build-shell (push) Successful in 21s Details Build all the nodes / vault01 (push) Successful in 56s Details Build all the nodes / web02 (push) Successful in 51s Details Build all the nodes / rescue01 (push) Successful in 1m10s Details Build all the nodes / web03 (push) Successful in 54s Details Build all the nodes / zulip01 (push) Successful in 46s Details Build all the nodes / web01 (push) Successful in 1m8s Details Build all the nodes / storage01 (push) Successful in 1m35s Details	2025-06-17 17:11:56 +02:00
catvayor	c1afcb7768	refactor(systemd-notify): take it from nix-modules	2025-06-17 17:11:56 +02:00