diff --git a/agenix.nix b/agenix.nix index c8acf14..3b6ede3 100644 --- a/agenix.nix +++ b/agenix.nix @@ -10,4 +10,9 @@ in { "secrets/matrix-macaroon.age".publicKeys = [ server jet ]; "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ]; "secrets/mymx-webhook.age".publicKeys = [ server jet ]; + "secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ]; + "secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ]; + "secrets/noisebell-discord-token.age".publicKeys = [ server jet ]; + "secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ]; + "secrets/noisebell-rss-webhook-secret.age".publicKeys = [ server jet ]; } diff --git a/configuration.nix b/configuration.nix index cfcde9d..3c788b4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -11,6 +11,7 @@ ./modules/monitoring.nix ./modules/ntfy.nix ./modules/uptime-kuma.nix + ./modules/noisebell.nix # mymx module is imported via flake input in flake.nix ]; diff --git a/flake.lock b/flake.lock index e858673..a8f28c1 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,51 @@ "type": "github" } }, + "crane": { + "locked": { + "lastModified": 1773115265, + "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=", + "owner": "ipetkov", + "repo": "crane", + "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1773115265, + "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=", + "owner": "ipetkov", + "repo": "crane", + "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { + "locked": { + "lastModified": 1773115265, + "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=", + "owner": "ipetkov", + "repo": "crane", + "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -142,6 +187,54 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -157,12 +250,92 @@ "type": "github" } }, + "noisebell": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "noisebell-cache": "noisebell-cache", + "noisebell-discord": "noisebell-discord", + "noisebell-rss": "noisebell-rss" + }, + "locked": { + "dir": "remote", + "lastModified": 1773188969, + "narHash": "sha256-jJUjd8f8yw68DdN5UF4n51lYm0kpihkaDZZKuj9VmP4=", + "ref": "refs/heads/main", + "rev": "a74e5753fafcfe0a9f20ac2e2c625e458c4dc329", + "revCount": 29, + "type": "git", + "url": "https://git.extremist.software/jet/noisebell" + }, + "original": { + "dir": "remote", + "type": "git", + "url": "https://git.extremist.software/jet/noisebell" + } + }, + "noisebell-cache": { + "inputs": { + "crane": "crane", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "path": "./cache-service", + "type": "path" + }, + "original": { + "path": "./cache-service", + "type": "path" + }, + "parent": [ + "noisebell" + ] + }, + "noisebell-discord": { + "inputs": { + "crane": "crane_2", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "path": "./discord-bot", + "type": "path" + }, + "original": { + "path": "./discord-bot", + "type": "path" + }, + "parent": [ + "noisebell" + ] + }, + "noisebell-rss": { + "inputs": { + "crane": "crane_3", + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay_4" + }, + "locked": { + "path": "./rss-service", + "type": "path" + }, + "original": { + "path": "./rss-service", + "type": "path" + }, + "parent": [ + "noisebell" + ] + }, "root": { "inputs": { "agenix": "agenix", "disko": "disko", "mymx": "mymx", "nixpkgs": "nixpkgs", + "noisebell": "noisebell", "website": "website" } }, @@ -189,7 +362,73 @@ }, "rust-overlay_2": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "noisebell", + "noisebell-cache", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773115373, + "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "noisebell", + "noisebell-discord", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773115373, + "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { + "inputs": { + "nixpkgs": [ + "noisebell", + "noisebell-rss", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773115373, + "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_5": { + "inputs": { + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1772679930, @@ -241,7 +480,7 @@ "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay_5" }, "locked": { "lastModified": 1773113843, diff --git a/flake.nix b/flake.nix index 9d7fd01..4bc1c11 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,9 @@ website.url = "git+https://git.extremist.software/jet/website"; website.inputs.nixpkgs.follows = "nixpkgs"; + noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote"; + noisebell.inputs.nixpkgs.follows = "nixpkgs"; + agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; }; @@ -26,6 +29,7 @@ inputs.mymx.nixosModules.default inputs.website.nixosModules.default inputs.agenix.nixosModules.default + inputs.noisebell.nixosModules.default ./disk-config.nix ./configuration.nix diff --git a/modules/noisebell.nix b/modules/noisebell.nix new file mode 100644 index 0000000..5d575cb --- /dev/null +++ b/modules/noisebell.nix @@ -0,0 +1,62 @@ +{ config, ... }: + +{ + users.groups.noisebell = {}; + users.users.noisebell-cache.extraGroups = [ "noisebell" ]; + users.users.noisebell-discord.extraGroups = [ "noisebell" ]; + users.users.noisebell-rss.extraGroups = [ "noisebell" ]; + + age.secrets.noisebell-pi-api-key = { + file = ../secrets/noisebell-pi-api-key.age; + group = "noisebell"; + mode = "0440"; + }; + age.secrets.noisebell-inbound-api-key = { + file = ../secrets/noisebell-inbound-api-key.age; + group = "noisebell"; + mode = "0440"; + }; + age.secrets.noisebell-discord-token = { + file = ../secrets/noisebell-discord-token.age; + group = "noisebell"; + mode = "0440"; + }; + age.secrets.noisebell-discord-webhook-secret = { + file = ../secrets/noisebell-discord-webhook-secret.age; + group = "noisebell"; + mode = "0440"; + }; + age.secrets.noisebell-rss-webhook-secret = { + file = ../secrets/noisebell-rss-webhook-secret.age; + group = "noisebell"; + mode = "0440"; + }; + + services.noisebell-cache = { + enable = true; + port = 3003; + domain = "noisebell.extremist.software"; + piAddress = "http://noisebell:80"; + piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path; + inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path; + outboundWebhooks = [ + { url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; } + { url = "https://rss.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-rss-webhook-secret.path; } + ]; + }; + + services.noisebell-discord = { + enable = true; + port = 3004; + domain = "discord.noisebell.extremist.software"; + discordTokenFile = config.age.secrets.noisebell-discord-token.path; + channelId = "1034916379486322718"; + webhookSecretFile = config.age.secrets.noisebell-discord-webhook-secret.path; + }; + + services.noisebell-rss = { + enable = true; + domain = "rss.noisebell.extremist.software"; + webhookSecretFile = config.age.secrets.noisebell-rss-webhook-secret.path; + }; +} diff --git a/secrets/noisebell-discord-token.age b/secrets/noisebell-discord-token.age new file mode 100644 index 0000000..1aaf23a Binary files /dev/null and b/secrets/noisebell-discord-token.age differ diff --git a/secrets/noisebell-discord-webhook-secret.age b/secrets/noisebell-discord-webhook-secret.age new file mode 100644 index 0000000..362f450 --- /dev/null +++ b/secrets/noisebell-discord-webhook-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs +FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng +-> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU +0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0 +--- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY +Lѻb8v#_ӄp~&S}QF0N1S~7P6TuTM)(f0"NE; i \ No newline at end of file diff --git a/secrets/noisebell-inbound-api-key.age b/secrets/noisebell-inbound-api-key.age new file mode 100644 index 0000000..7d81c4b --- /dev/null +++ b/secrets/noisebell-inbound-api-key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY +xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY +-> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs +Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w +--- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks +Vgk8r*oZi[PѪ1ֶ #±vlr=Sk/02fakk3c \ No newline at end of file diff --git a/secrets/noisebell-pi-api-key.age b/secrets/noisebell-pi-api-key.age new file mode 100644 index 0000000..ebf6831 Binary files /dev/null and b/secrets/noisebell-pi-api-key.age differ diff --git a/secrets/noisebell-rss-webhook-secret.age b/secrets/noisebell-rss-webhook-secret.age new file mode 100644 index 0000000..240927f --- /dev/null +++ b/secrets/noisebell-rss-webhook-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uKftJg DBgu0g/eKqv1JQRVd6AiQ+RHJflWlSubF7bNWlt9On8 +cMUFq8ulscBd+bmhSXj5frIkJOgmYZnyNKnGt1Uj7AA +-> ssh-ed25519 Ziw7aw TnB6blUcqs6TLwYvcajWQEqVwd7SsRC4xxRzqAYXf24 +jKgj4MNtpfU4PVy1kaxHrFj1KqNzf5Jv8w+RXz26aFU +--- iJ99MLPpbGA8MDHeverizU7cMHyJG958dK+Cy6YqpH4 + pZ%8[A`uk?j/Z&=uI)`Hz^psSqVu`G).Q8aLz*; \ No newline at end of file