jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add noisebell module and all secrets

Browse source 
:wq
This commit is contained in:
Jet Pham 2026-03-10 17:45:31 -07:00
parent 188b752420
commit 5ecfb04abe
No known key found for this signature in database
10 changed files with 334 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
agenix.nix
View file

@ -10,4 +10,9 @@ in {
"secrets/matrix-macaroon.age".publicKeys = [ server jet ]; "secrets/matrix-macaroon.age".publicKeys = [ server jet ];
"secrets/ntfy-admin-hash.age".publicKeys = [ server jet ]; "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ];
"secrets/mymx-webhook.age".publicKeys = [ server jet ]; "secrets/mymx-webhook.age".publicKeys = [ server jet ];
"secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-token.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ];
"secrets/noisebell-rss-webhook-secret.age".publicKeys = [ server jet ];
} }

1
configuration.nix
View file

@ -11,6 +11,7 @@
./modules/monitoring.nix ./modules/monitoring.nix
./modules/ntfy.nix ./modules/ntfy.nix
./modules/uptime-kuma.nix ./modules/uptime-kuma.nix
./modules/noisebell.nix
# mymx module is imported via flake input in flake.nix # mymx module is imported via flake input in flake.nix
]; ];

243
flake.lock generated
View file

@ -23,6 +23,51 @@
"type": "github" "type": "github"
} }
}, },
"crane": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_3": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -142,6 +187,54 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1744536153, "lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@ -157,12 +250,92 @@
"type": "github" "type": "github"
} }
}, },
"noisebell": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"noisebell-cache": "noisebell-cache",
"noisebell-discord": "noisebell-discord",
"noisebell-rss": "noisebell-rss"
},
"locked": {
"dir": "remote",
"lastModified": 1773188969,
"narHash": "sha256-jJUjd8f8yw68DdN5UF4n51lYm0kpihkaDZZKuj9VmP4=",
"ref": "refs/heads/main",
"rev": "a74e5753fafcfe0a9f20ac2e2c625e458c4dc329",
"revCount": 29,
"type": "git",
"url": "https://git.extremist.software/jet/noisebell"
},
"original": {
"dir": "remote",
"type": "git",
"url": "https://git.extremist.software/jet/noisebell"
}
},
"noisebell-cache": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"path": "./cache-service",
"type": "path"
},
"original": {
"path": "./cache-service",
"type": "path"
},
"parent": [
"noisebell"
]
},
"noisebell-discord": {
"inputs": {
"crane": "crane_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"path": "./discord-bot",
"type": "path"
},
"original": {
"path": "./discord-bot",
"type": "path"
},
"parent": [
"noisebell"
]
},
"noisebell-rss": {
"inputs": {
"crane": "crane_3",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay_4"
},
"locked": {
"path": "./rss-service",
"type": "path"
},
"original": {
"path": "./rss-service",
"type": "path"
},
"parent": [
"noisebell"
]
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko", "disko": "disko",
"mymx": "mymx", "mymx": "mymx",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"noisebell": "noisebell",
"website": "website" "website": "website"
} }
}, },
@ -189,7 +362,73 @@
}, },
"rust-overlay_2": { "rust-overlay_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": [
"noisebell",
"noisebell-cache",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"noisebell",
"noisebell-discord",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"noisebell",
"noisebell-rss",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_5": {
"inputs": {
"nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1772679930, "lastModified": 1772679930,
@ -241,7 +480,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_5"
}, },
"locked": { "locked": {
"lastModified": 1773113843, "lastModified": 1773113843,

4
flake.nix
View file

@ -13,6 +13,9 @@
website.url = "git+https://git.extremist.software/jet/website"; website.url = "git+https://git.extremist.software/jet/website";
website.inputs.nixpkgs.follows = "nixpkgs"; website.inputs.nixpkgs.follows = "nixpkgs";
noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote";
noisebell.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -26,6 +29,7 @@
inputs.mymx.nixosModules.default inputs.mymx.nixosModules.default
inputs.website.nixosModules.default inputs.website.nixosModules.default
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.noisebell.nixosModules.default
./disk-config.nix ./disk-config.nix
./configuration.nix ./configuration.nix

62
modules/noisebell.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, ... }:
{
users.groups.noisebell = {};
users.users.noisebell-cache.extraGroups = [ "noisebell" ];
users.users.noisebell-discord.extraGroups = [ "noisebell" ];
users.users.noisebell-rss.extraGroups = [ "noisebell" ];
age.secrets.noisebell-pi-api-key = {
file = ../secrets/noisebell-pi-api-key.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-inbound-api-key = {
file = ../secrets/noisebell-inbound-api-key.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-discord-token = {
file = ../secrets/noisebell-discord-token.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-discord-webhook-secret = {
file = ../secrets/noisebell-discord-webhook-secret.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-rss-webhook-secret = {
file = ../secrets/noisebell-rss-webhook-secret.age;
group = "noisebell";
mode = "0440";
};
services.noisebell-cache = {
enable = true;
port = 3003;
domain = "noisebell.extremist.software";
piAddress = "http://noisebell:80";
piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path;
inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path;
outboundWebhooks = [
{ url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; }
{ url = "https://rss.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-rss-webhook-secret.path; }
];
};
services.noisebell-discord = {
enable = true;
port = 3004;
domain = "discord.noisebell.extremist.software";
discordTokenFile = config.age.secrets.noisebell-discord-token.path;
channelId = "1034916379486322718";
webhookSecretFile = config.age.secrets.noisebell-discord-webhook-secret.path;
};
services.noisebell-rss = {
enable = true;
domain = "rss.noisebell.extremist.software";
webhookSecretFile = config.age.secrets.noisebell-rss-webhook-secret.path;
};
}

BIN
secrets/noisebell-discord-token.age Normal file
View file

Binary file not shown.

7
secrets/noisebell-discord-webhook-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs
FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng
-> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU
0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0
--- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY
<EFBFBD>LÑ»b8v#_Ó„p~À&ÎS³}QF0NƒàÞ1§S~ªå7×Pþ6T¤îuîTªMë)ü§¢Ôï(fÀ0"ÇNƒ¶E¢«Þ; i

7
secrets/noisebell-inbound-api-key.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY
xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY
-> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs
Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w
--- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks
VgîãËk8årà®*÷Œo¡¡Zi[÷ÆâP<C3A2>ÎѪÿð¯1Ö¶õ ô#–±Òvlr=§Sk/02faÏkk˜3Éc

BIN
secrets/noisebell-pi-api-key.age Normal file
View file

Binary file not shown.

7
secrets/noisebell-rss-webhook-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg DBgu0g/eKqv1JQRVd6AiQ+RHJflWlSubF7bNWlt9On8
cMUFq8ulscBd+bmhSXj5frIkJOgmYZnyNKnGt1Uj7AA
-> ssh-ed25519 Ziw7aw TnB6blUcqs6TLwYvcajWQEqVwd7SsRC4xxRzqAYXf24
jKgj4MNtpfU4PVy1kaxHrFj1KqNzf5Jv8w+RXz26aFU
--- iJ99MLPpbGA8MDHeverizU7cMHyJG958dK+Cy6YqpH4
íö pŒZÜ%8[öAáž`ØíukúÁâ?j/ZíÅçù&ñ=uI)þ`Hz©^õp<C3B5>sSqVu¿<15>`G).µ®âQ8£aLz¾*ø”;