diff --git a/README.md b/README.md index 64405c8..7ad439e 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,9 @@ specific service the machine provides. + `secrets`: Nix expressions that include information that is not meant to be visible to everyone (e.g. accounts, password hashes, private - information etc.) + information etc.) or secrets for services that don’t provide any other + (easy) way of specifying them and whose secrets leaking does not pose a + huge threat * `modules`: Custom modules. Many are activated by default, since I want them on all systems. * `pkgs`: My nixpkgs overlay diff --git a/machines/fuuko/secrets/go-neb-alertmanager.nix b/machines/fuuko/secrets/go-neb-alertmanager.nix new file mode 100644 index 0000000..457963d Binary files /dev/null and b/machines/fuuko/secrets/go-neb-alertmanager.nix differ diff --git a/machines/fuuko/services/matrix/default.nix b/machines/fuuko/services/matrix/default.nix index 7dc8c59..423117f 100644 --- a/machines/fuuko/services/matrix/default.nix +++ b/machines/fuuko/services/matrix/default.nix @@ -2,5 +2,6 @@ imports = [ ./synapse.nix ./mautrix-whatsapp.nix + ./go-neb.nix ]; } diff --git a/machines/fuuko/services/matrix/go-neb.nix b/machines/fuuko/services/matrix/go-neb.nix new file mode 100644 index 0000000..f455eb5 --- /dev/null +++ b/machines/fuuko/services/matrix/go-neb.nix @@ -0,0 +1,56 @@ +{ config, ... }: +let + synapseCfg = config.services.matrix-synapse; +in +{ + services.go-neb = rec { + enable = true; + bindAddress = "127.0.0.1:8010"; + baseUrl = "http://${bindAddress}"; + config = { + clients = [ + ({ + UserID = "@alertmanager:${synapseCfg.server_name}"; + HomeserverURL = synapseCfg.public_baseurl; + Sync = false; + AutoJoinRooms = false; + DisplayName = "Prometheus Alertmanager"; + } // (import ../../secrets/go-neb-alertmanager.nix)) # AccessToken and DeviceID + ]; + services = [ + { + ID = "alertmanager_service"; + Type = "alertmanager"; + UserID = "@alertmanager:${synapseCfg.server_name}"; + Config = { + webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"; + rooms = { + "!ceigaGYfREXXSeLFiH:sbruder.de" = { + text_template = "{{ range .Alerts }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}"; + html_template = '' + {{ range .Alerts }} + {{ $severity := index .Labels "severity" }} + + {{ if eq .Status "firing" -}} + [firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}] + {{- else -}} + [resolved] + {{- end }} + + {{ index .Labels "alertname" }}: {{ index .Annotations "description" }} source
+ {{ end }} + ''; + msg_type = "m.text"; + }; + }; + }; + } + ]; + }; + }; +} diff --git a/machines/fuuko/services/prometheus.nix b/machines/fuuko/services/prometheus.nix index fb0d464..fc9d5a2 100644 --- a/machines/fuuko/services/prometheus.nix +++ b/machines/fuuko/services/prometheus.nix @@ -51,10 +51,13 @@ in receivers = [ { name = "matrix"; - webhook_configs = [ - # FIXME: Add correct URL - { url = "http://matrix-alertmanager:3000/alerts"; } - ]; + webhook_configs = lib.singleton { + url = (lib.elemAt + (lib.filter + ({ ID, ... }: ID == "alertmanager_service") + config.services.go-neb.config.services) + 0).Config.webhook_url; + }; } ]; };