Set up admins + DNS for hookshot

This commit is contained in:
Ilya K 2024-07-09 12:10:17 +03:00
parent ae4bc2550e
commit 814d604ac8
3 changed files with 25 additions and 2 deletions

View file

@ -25,7 +25,12 @@
bagel.services.loki.enable = true; bagel.services.loki.enable = true;
bagel.services.grafana.enable = true; bagel.services.grafana.enable = true;
bagel.services.grapevine.enable = true; bagel.services.grapevine.enable = true;
bagel.services.hookshot.enable = true; bagel.services.hookshot = {
enable = true;
admins = [
"@k900:0upti.me"
];
};
i18n.defaultLocale = "fr_FR.UTF-8"; i18n.defaultLocale = "fr_FR.UTF-8";

View file

@ -6,7 +6,7 @@
}: }:
let let
cfg = config.bagel.services.hookshot; cfg = config.bagel.services.hookshot;
inherit (lib) mkEnableOption mkIf mkOption; inherit (lib) mkEnableOption mkIf mkOption types;
keyPath = "/var/lib/matrix-hookshot/key.pem"; keyPath = "/var/lib/matrix-hookshot/key.pem";
in in
{ {
@ -16,6 +16,10 @@ in
description = "Settings"; description = "Settings";
type = (pkgs.formats.yaml { }).type; type = (pkgs.formats.yaml { }).type;
}; };
admins = mkOption {
description = "List of admin MXIDs";
type = types.listOf types.str;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -55,6 +59,19 @@ in
enabled = true; enabled = true;
urlPrefix = "https://alerts.forkos.org/webhook"; urlPrefix = "https://alerts.forkos.org/webhook";
}; };
permissions = map (mxid: {
actor = mxid;
services = [{
service = "*";
level = "admin";
}];
}) cfg.admins;
};
services.nginx.virtualHosts."alerts.forkos.org" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:9994";
}; };
}; };
} }

View file

@ -80,6 +80,7 @@ in
(record "loki" 3600 "CNAME" ["meta01.infra.p"]) (record "loki" 3600 "CNAME" ["meta01.infra.p"])
(record "mimir" 3600 "CNAME" ["meta01.infra.p"]) (record "mimir" 3600 "CNAME" ["meta01.infra.p"])
(record "matrix" 3600 "CNAME" ["meta01.infra.p"]) (record "matrix" 3600 "CNAME" ["meta01.infra.p"])
(record "alerts" 3600 "CNAME" ["meta01.infra.p"])
(record "buildbot" 3600 "CNAME" ["buildbot.infra.p"]) (record "buildbot" 3600 "CNAME" ["buildbot.infra.p"])
(record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ]) (record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ])