nixos-config/machines/renge/services/matrix/go-neb.nix
Simon Bruder 10b8d432d5
Relicense
This applies the REUSE specification to the repository, so the licensing
information can be tracked for every file individually.
2024-01-13 14:39:22 +01:00

98 lines
3.4 KiB
Nix

# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, pkgs, ... }:
let
synapseCfg = config.services.matrix-synapse.settings;
in
{
sops.secrets = {
go-neb-overrides.sopsFile = ../../secrets.yaml;
};
users.users.go-neb = {
isSystemUser = true;
group = "go-neb";
};
users.groups.go-neb = { };
services.go-neb = rec {
enable = true;
bindAddress = "127.0.0.1:8010";
baseUrl = "http://${bindAddress}";
config = {
clients = [
{
UserID = "@alertmanager:${synapseCfg.server_name}";
HomeserverURL = synapseCfg.public_baseurl;
Sync = false;
AutoJoinRooms = false;
DisplayName = "Prometheus Alertmanager";
}
];
services = [
{
ID = "alertmanager_service";
Type = "alertmanager";
UserID = "@alertmanager:${synapseCfg.server_name}";
Config = {
webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";
rooms = {
"!ceigaGYfREXXSeLFiH:sbruder.de" = {
text_template = "{{ range .Alerts }}{{ if eq .Status \"firing\" }}@room {{ end }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}";
html_template = ''
{{ range .Alerts }}
{{- if eq .Status "firing" }}@room {{ end -}}
{{ $severity := index .Labels "severity" }}
<font{{ if eq .Status "firing" -}}
{{- if eq $severity "critical" }} color="red"
{{- else if eq $severity "warning" }} color="orange"
{{- end -}}
{{- else }} color="green"
{{- end }}>
<strong>{{ if eq .Status "firing" -}}
[firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}]
{{- else -}}
[resolved]
{{- end }}</strong>
</font>
{{ index .Labels "alertname" }}: {{ index .Annotations "description" }} <a href="{{ .GeneratorURL }}">source</a><br/>
{{ end }}
'';
msg_type = "m.text";
};
};
};
}
];
};
};
# Load AccessToken and DeviceID from secret
systemd.services.go-neb = {
serviceConfig = {
RuntimeDirectory = "go-neb";
RuntimeDirectoryMode = "0750";
DynamicUser = lib.mkForce false;
ExecStartPre =
let
baseConfig = pkgs.writeText "config-base.json" (builtins.toJSON config.services.go-neb.config);
in
[
"!${pkgs.coreutils}/bin/install -g go-neb ${config.sops.secrets.go-neb-overrides.path} /run/go-neb/config-overrides.json"
# needs to be run in a shell script for redirection to work
(pkgs.writeShellScript "merge-go-neb-config" ''
${pkgs.jq}/bin/jq \
--slurp \
'. | map(map_values(. | with_entries(.key = (.value.ID // .value.SessionID // .value.UserID)))) | .[0] * .[1] | with_entries(.value = [.value[]])' \
${baseConfig} \
/run/go-neb/config-overrides.json \
> /run/go-neb/config.json
'')
];
};
environment.CONFIG_FILE = lib.mkForce "/run/go-neb/config.json";
};
}