simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
nixos-config/machines/renge/services/matrix/go-neb.nix
Simon Bruder ebfa0ec16a
fuuko: Migrate matrix and monitoring to renge 
Sadly, they are so interconnected, that it is not easily possible to
migrate it in smaller steps. It should be refactored to make them more
modularised and independent of each other.
2022-03-25 21:49:08 +01:00

94 lines
3.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
synapseCfg = config.services.matrix-synapse;
in
{
sops.secrets = {
go-neb-overrides.sopsFile = ../../secrets.yaml;
};
users.users.go-neb = {
isSystemUser = true;
group = "go-neb";
};
users.groups.go-neb = { };
services.go-neb = rec {
enable = true;
bindAddress = "127.0.0.1:8010";
baseUrl = "http://${bindAddress}";
config = {
clients = [
{
UserID = "@alertmanager:${synapseCfg.server_name}";
HomeserverURL = synapseCfg.public_baseurl;
Sync = false;
AutoJoinRooms = false;
DisplayName = "Prometheus Alertmanager";
}
];
services = [
{
ID = "alertmanager_service";
Type = "alertmanager";
UserID = "@alertmanager:${synapseCfg.server_name}";
Config = {
webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";
rooms = {
"!ceigaGYfREXXSeLFiH:sbruder.de" = {
text_template = "{{ range .Alerts }}{{ if eq .Status \"firing\" }}@room {{ end }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}";
html_template = ''
{{ range .Alerts }}
{{- if eq .Status "firing" }}@room {{ end -}}
{{ $severity := index .Labels "severity" }}
<font{{ if eq .Status "firing" -}}
{{- if eq $severity "critical" }} color="red"
{{- else if eq $severity "warning" }} color="orange"
{{- end -}}
{{- else }} color="green"
{{- end }}>
<strong>{{ if eq .Status "firing" -}}
[firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}]
{{- else -}}
[resolved]
{{- end }}</strong>
</font>
{{ index .Labels "alertname" }}: {{ index .Annotations "description" }} <a href="{{ .GeneratorURL }}">source</a><br/>
{{ end }}
'';
msg_type = "m.text";
};
};
};
}
];
};
};
# Load AccessToken and DeviceID from secret
systemd.services.go-neb = {
serviceConfig = {
RuntimeDirectory = "go-neb";
RuntimeDirectoryMode = "0750";
DynamicUser = lib.mkForce false;
ExecStartPre =
let
baseConfig = pkgs.writeText "config-base.json" (builtins.toJSON config.services.go-neb.config);
in
[
"!${pkgs.coreutils}/bin/install -g go-neb ${config.sops.secrets.go-neb-overrides.path} /run/go-neb/config-overrides.json"
# needs to be run in a shell script for redirection to work
(pkgs.writeShellScript "merge-go-neb-config" ''
${pkgs.jq}/bin/jq \
--slurp \
'. | map(map_values(. | with_entries(.key = (.value.ID // .value.SessionID // .value.UserID)))) | .[0] * .[1] | with_entries(.value = [.value[]])' \
${baseConfig} \
/run/go-neb/config-overrides.json \
> /run/go-neb/config.json
'')
];
};
environment.CONFIG_FILE = lib.mkForce "/run/go-neb/config.json";
};
}
Reference in a new issue View git blame Copy permalink