Simon Bruder
f945341668
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
98 lines
3.4 KiB
Nix
98 lines
3.4 KiB
Nix
# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
synapseCfg = config.services.matrix-synapse.settings;
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
go-neb-overrides.sopsFile = ../../secrets.yaml;
|
|
};
|
|
|
|
users.users.go-neb = {
|
|
isSystemUser = true;
|
|
group = "go-neb";
|
|
};
|
|
users.groups.go-neb = { };
|
|
|
|
services.go-neb = rec {
|
|
enable = true;
|
|
bindAddress = "127.0.0.1:8010";
|
|
baseUrl = "http://${bindAddress}";
|
|
config = {
|
|
clients = [
|
|
{
|
|
UserID = "@alertmanager:${synapseCfg.server_name}";
|
|
HomeserverURL = synapseCfg.public_baseurl;
|
|
Sync = false;
|
|
AutoJoinRooms = false;
|
|
DisplayName = "Prometheus Alertmanager";
|
|
}
|
|
];
|
|
services = [
|
|
{
|
|
ID = "alertmanager_service";
|
|
Type = "alertmanager";
|
|
UserID = "@alertmanager:${synapseCfg.server_name}";
|
|
Config = {
|
|
webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";
|
|
rooms = {
|
|
"!ceigaGYfREXXSeLFiH:sbruder.de" = {
|
|
text_template = "{{ range .Alerts }}{{ if eq .Status \"firing\" }}@room {{ end }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}";
|
|
html_template = ''
|
|
{{ range .Alerts }}
|
|
{{- if eq .Status "firing" }}@room {{ end -}}
|
|
{{ $severity := index .Labels "severity" }}
|
|
<font{{ if eq .Status "firing" -}}
|
|
{{- if eq $severity "critical" }} color="red"
|
|
{{- else if eq $severity "warning" }} color="orange"
|
|
{{- end -}}
|
|
{{- else }} color="green"
|
|
{{- end }}>
|
|
<strong>{{ if eq .Status "firing" -}}
|
|
[firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}]
|
|
{{- else -}}
|
|
[resolved]
|
|
{{- end }}</strong>
|
|
</font>
|
|
{{ index .Labels "alertname" }}: {{ index .Annotations "description" }} <a href="{{ .GeneratorURL }}">source</a><br/>
|
|
{{ end }}
|
|
'';
|
|
msg_type = "m.text";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
# Load AccessToken and DeviceID from secret
|
|
systemd.services.go-neb = {
|
|
serviceConfig = {
|
|
RuntimeDirectory = "go-neb";
|
|
RuntimeDirectoryMode = "0750";
|
|
DynamicUser = lib.mkForce false;
|
|
ExecStartPre =
|
|
let
|
|
baseConfig = pkgs.writeText "config-base.json" (builtins.toJSON config.services.go-neb.config);
|
|
in
|
|
[
|
|
"!${pkgs.coreutils}/bin/install -g go-neb ${config.sops.secrets.go-neb-overrides.path} /run/go-neb/config-overrides.json"
|
|
# needs to be run in a shell script for redirection to work
|
|
(pkgs.writeShellScript "merge-go-neb-config" ''
|
|
${pkgs.jq}/bin/jq \
|
|
--slurp \
|
|
'. | map(map_values(. | with_entries(.key = (.value.ID // .value.SessionID // .value.UserID)))) | .[0] * .[1] | with_entries(.value = [.value[]])' \
|
|
${baseConfig} \
|
|
/run/go-neb/config-overrides.json \
|
|
> /run/go-neb/config.json
|
|
'')
|
|
];
|
|
};
|
|
environment.CONFIG_FILE = lib.mkForce "/run/go-neb/config.json";
|
|
};
|
|
}
|