diff --git a/README.md b/README.md
index 64405c8..7ad439e 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,9 @@
specific service the machine provides.
+ `secrets`: Nix expressions that include information that is not meant to
be visible to everyone (e.g. accounts, password hashes, private
- information etc.)
+ information etc.) or secrets for services that don’t provide any other
+ (easy) way of specifying them and whose secrets leaking does not pose a
+ huge threat
* `modules`: Custom modules. Many are activated by default, since I want them
on all systems.
* `pkgs`: My nixpkgs overlay
diff --git a/machines/fuuko/secrets/go-neb-alertmanager.nix b/machines/fuuko/secrets/go-neb-alertmanager.nix
new file mode 100644
index 0000000..457963d
Binary files /dev/null and b/machines/fuuko/secrets/go-neb-alertmanager.nix differ
diff --git a/machines/fuuko/services/matrix/default.nix b/machines/fuuko/services/matrix/default.nix
index 7dc8c59..423117f 100644
--- a/machines/fuuko/services/matrix/default.nix
+++ b/machines/fuuko/services/matrix/default.nix
@@ -2,5 +2,6 @@
imports = [
./synapse.nix
./mautrix-whatsapp.nix
+ ./go-neb.nix
];
}
diff --git a/machines/fuuko/services/matrix/go-neb.nix b/machines/fuuko/services/matrix/go-neb.nix
new file mode 100644
index 0000000..f455eb5
--- /dev/null
+++ b/machines/fuuko/services/matrix/go-neb.nix
@@ -0,0 +1,56 @@
+{ config, ... }:
+let
+ synapseCfg = config.services.matrix-synapse;
+in
+{
+ services.go-neb = rec {
+ enable = true;
+ bindAddress = "127.0.0.1:8010";
+ baseUrl = "http://${bindAddress}";
+ config = {
+ clients = [
+ ({
+ UserID = "@alertmanager:${synapseCfg.server_name}";
+ HomeserverURL = synapseCfg.public_baseurl;
+ Sync = false;
+ AutoJoinRooms = false;
+ DisplayName = "Prometheus Alertmanager";
+ } // (import ../../secrets/go-neb-alertmanager.nix)) # AccessToken and DeviceID
+ ];
+ services = [
+ {
+ ID = "alertmanager_service";
+ Type = "alertmanager";
+ UserID = "@alertmanager:${synapseCfg.server_name}";
+ Config = {
+ webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";
+ rooms = {
+ "!ceigaGYfREXXSeLFiH:sbruder.de" = {
+ text_template = "{{ range .Alerts }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}";
+ html_template = ''
+ {{ range .Alerts }}
+ {{ $severity := index .Labels "severity" }}
+
+ {{ if eq .Status "firing" -}}
+ [firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}]
+ {{- else -}}
+ [resolved]
+ {{- end }}
+
+ {{ index .Labels "alertname" }}: {{ index .Annotations "description" }} source
+ {{ end }}
+ '';
+ msg_type = "m.text";
+ };
+ };
+ };
+ }
+ ];
+ };
+ };
+}
diff --git a/machines/fuuko/services/prometheus.nix b/machines/fuuko/services/prometheus.nix
index fb0d464..fc9d5a2 100644
--- a/machines/fuuko/services/prometheus.nix
+++ b/machines/fuuko/services/prometheus.nix
@@ -51,10 +51,13 @@ in
receivers = [
{
name = "matrix";
- webhook_configs = [
- # FIXME: Add correct URL
- { url = "http://matrix-alertmanager:3000/alerts"; }
- ];
+ webhook_configs = lib.singleton {
+ url = (lib.elemAt
+ (lib.filter
+ ({ ID, ... }: ID == "alertmanager_service")
+ config.services.go-neb.config.services)
+ 0).Config.webhook_url;
+ };
}
];
};