Set up admins + DNS for hookshot

2024-07-09 12:10:17 +03:00 · 2024-07-09 12:10:17 +03:00 · 9ad279a505
parent d2f3ca5624
commit 9ad279a505
3 changed files with 25 additions and 2 deletions
--- a/hosts/meta01/default.nix
+++ b/hosts/meta01/default.nix
@ -25,7 +25,12 @@
  bagel.services.loki.enable = true;
  bagel.services.grafana.enable = true;
  bagel.services.grapevine.enable = true;
-  bagel.services.hookshot.enable = true;
+  bagel.services.hookshot = {
+    enable = true;
+    admins = [
+      "@k900:0upti.me"
+    ];
+  };

  i18n.defaultLocale = "fr_FR.UTF-8";

--- a/services/matrix/hookshot.nix
+++ b/services/matrix/hookshot.nix
@ -6,7 +6,7 @@
 }:
 let
  cfg = config.bagel.services.hookshot;
-  inherit (lib) mkEnableOption mkIf mkOption;
+  inherit (lib) mkEnableOption mkIf mkOption types;
  keyPath = "/var/lib/matrix-hookshot/key.pem";
 in
 {
@ -16,6 +16,10 @@ in
      description = "Settings";
      type = (pkgs.formats.yaml { }).type;
    };
+    admins = mkOption {
+      description = "List of admin MXIDs";
+      type = types.listOf types.str;
+    };
  };

  config = mkIf cfg.enable {
@ -55,6 +59,19 @@ in
        enabled = true;
        urlPrefix = "https://alerts.forkos.org/webhook";
      };
+      permissions = map (mxid: {
+        actor = mxid;
+        services = [{
+          service = "*";
+          level = "admin";
+        }];
+      }) cfg.admins;
+    };
+
+    services.nginx.virtualHosts."alerts.forkos.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://127.0.0.1:9994";
    };
  };
 }
--- a/terraform/gandi.nix
+++ b/terraform/gandi.nix
@ -81,6 +81,7 @@ in
      (record "loki" 3600 "CNAME" ["meta01.infra.p"])
      (record "mimir" 3600 "CNAME" ["meta01.infra.p"])
      (record "matrix" 3600 "CNAME" ["meta01.infra.p"])
+      (record "alerts" 3600 "CNAME" ["meta01.infra.p"])
      (record "buildbot" 3600 "CNAME" ["buildbot.infra.p"])
      (record "b" 3600 "CNAME" ["public01.infra.p"])