From 814d604ac82c8f87b033576c2f49ac0146395870 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 9 Jul 2024 12:10:17 +0300 Subject: [PATCH] Set up admins + DNS for hookshot --- hosts/meta01/default.nix | 7 ++++++- services/matrix/hookshot.nix | 19 ++++++++++++++++++- terraform/gandi.nix | 1 + 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/hosts/meta01/default.nix b/hosts/meta01/default.nix index 00cc652..a465f0f 100755 --- a/hosts/meta01/default.nix +++ b/hosts/meta01/default.nix @@ -25,7 +25,12 @@ bagel.services.loki.enable = true; bagel.services.grafana.enable = true; bagel.services.grapevine.enable = true; - bagel.services.hookshot.enable = true; + bagel.services.hookshot = { + enable = true; + admins = [ + "@k900:0upti.me" + ]; + }; i18n.defaultLocale = "fr_FR.UTF-8"; diff --git a/services/matrix/hookshot.nix b/services/matrix/hookshot.nix index cca239a..7d3111f 100644 --- a/services/matrix/hookshot.nix +++ b/services/matrix/hookshot.nix @@ -6,7 +6,7 @@ }: let cfg = config.bagel.services.hookshot; - inherit (lib) mkEnableOption mkIf mkOption; + inherit (lib) mkEnableOption mkIf mkOption types; keyPath = "/var/lib/matrix-hookshot/key.pem"; in { @@ -16,6 +16,10 @@ in description = "Settings"; type = (pkgs.formats.yaml { }).type; }; + admins = mkOption { + description = "List of admin MXIDs"; + type = types.listOf types.str; + }; }; config = mkIf cfg.enable { @@ -55,6 +59,19 @@ in enabled = true; urlPrefix = "https://alerts.forkos.org/webhook"; }; + permissions = map (mxid: { + actor = mxid; + services = [{ + service = "*"; + level = "admin"; + }]; + }) cfg.admins; + }; + + services.nginx.virtualHosts."alerts.forkos.org" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:9994"; }; }; } diff --git a/terraform/gandi.nix b/terraform/gandi.nix index 838e1ba..001479f 100644 --- a/terraform/gandi.nix +++ b/terraform/gandi.nix @@ -80,6 +80,7 @@ in (record "loki" 3600 "CNAME" ["meta01.infra.p"]) (record "mimir" 3600 "CNAME" ["meta01.infra.p"]) (record "matrix" 3600 "CNAME" ["meta01.infra.p"]) + (record "alerts" 3600 "CNAME" ["meta01.infra.p"]) (record "buildbot" 3600 "CNAME" ["buildbot.infra.p"]) (record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ])