diff --git a/hosts/meta01.nixpkgs.lahfa.xyz/default.nix b/hosts/meta01.nixpkgs.lahfa.xyz/default.nix index 00cc652..a465f0f 100755 --- a/hosts/meta01.nixpkgs.lahfa.xyz/default.nix +++ b/hosts/meta01.nixpkgs.lahfa.xyz/default.nix @@ -25,7 +25,12 @@ bagel.services.loki.enable = true; bagel.services.grafana.enable = true; bagel.services.grapevine.enable = true; - bagel.services.hookshot.enable = true; + bagel.services.hookshot = { + enable = true; + admins = [ + "@k900:0upti.me" + ]; + }; i18n.defaultLocale = "fr_FR.UTF-8"; diff --git a/services/matrix/hookshot.nix b/services/matrix/hookshot.nix index cca239a..7d3111f 100644 --- a/services/matrix/hookshot.nix +++ b/services/matrix/hookshot.nix @@ -6,7 +6,7 @@ }: let cfg = config.bagel.services.hookshot; - inherit (lib) mkEnableOption mkIf mkOption; + inherit (lib) mkEnableOption mkIf mkOption types; keyPath = "/var/lib/matrix-hookshot/key.pem"; in { @@ -16,6 +16,10 @@ in description = "Settings"; type = (pkgs.formats.yaml { }).type; }; + admins = mkOption { + description = "List of admin MXIDs"; + type = types.listOf types.str; + }; }; config = mkIf cfg.enable { @@ -55,6 +59,19 @@ in enabled = true; urlPrefix = "https://alerts.forkos.org/webhook"; }; + permissions = map (mxid: { + actor = mxid; + services = [{ + service = "*"; + level = "admin"; + }]; + }) cfg.admins; + }; + + services.nginx.virtualHosts."alerts.forkos.org" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:9994"; }; }; } diff --git a/terraform/gandi.nix b/terraform/gandi.nix index 52c3640..5289b4d 100644 --- a/terraform/gandi.nix +++ b/terraform/gandi.nix @@ -67,6 +67,7 @@ in (record "loki" 3600 "CNAME" ["meta01.infra"]) (record "mimir" 3600 "CNAME" ["meta01.infra"]) (record "matrix" 3600 "CNAME" ["meta01.infra"]) + (record "alerts" 3600 "CNAME" ["meta01.infra"]) ]; }; }