feat: add noisebell module and all secrets

:wq

agenix.nix

@@ -10,4 +10,9 @@ in {
   "secrets/matrix-macaroon.age".publicKeys = [ server jet ];
   "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ];
   "secrets/mymx-webhook.age".publicKeys = [ server jet ];
+  "secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ];
+  "secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ];
+  "secrets/noisebell-discord-token.age".publicKeys = [ server jet ];
+  "secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ];
+  "secrets/noisebell-rss-webhook-secret.age".publicKeys = [ server jet ];
 }

configuration.nix

@@ -11,6 +11,7 @@
     ./modules/monitoring.nix
     ./modules/ntfy.nix
     ./modules/uptime-kuma.nix
+    ./modules/noisebell.nix
     # mymx module is imported via flake input in flake.nix
   ];
 

flake.lock

@@ -23,6 +23,51 @@
         "type": "github"
       }
     },
+    "crane": {
+      "locked": {
+        "lastModified": 1773115265,
+        "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
+    "crane_2": {
+      "locked": {
+        "lastModified": 1773115265,
+        "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
+    "crane_3": {
+      "locked": {
+        "lastModified": 1773115265,
+        "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -142,6 +187,54 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1772963539,
+        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1772963539,
+        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1772963539,
+        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1744536153,
         "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -157,12 +250,92 @@
         "type": "github"
       }
     },
+    "noisebell": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "noisebell-cache": "noisebell-cache",
+        "noisebell-discord": "noisebell-discord",
+        "noisebell-rss": "noisebell-rss"
+      },
+      "locked": {
+        "dir": "remote",
+        "lastModified": 1773188969,
+        "narHash": "sha256-jJUjd8f8yw68DdN5UF4n51lYm0kpihkaDZZKuj9VmP4=",
+        "ref": "refs/heads/main",
+        "rev": "a74e5753fafcfe0a9f20ac2e2c625e458c4dc329",
+        "revCount": 29,
+        "type": "git",
+        "url": "https://git.extremist.software/jet/noisebell"
+      },
+      "original": {
+        "dir": "remote",
+        "type": "git",
+        "url": "https://git.extremist.software/jet/noisebell"
+      }
+    },
+    "noisebell-cache": {
+      "inputs": {
+        "crane": "crane",
+        "nixpkgs": "nixpkgs_2",
+        "rust-overlay": "rust-overlay_2"
+      },
+      "locked": {
+        "path": "./cache-service",
+        "type": "path"
+      },
+      "original": {
+        "path": "./cache-service",
+        "type": "path"
+      },
+      "parent": [
+        "noisebell"
+      ]
+    },
+    "noisebell-discord": {
+      "inputs": {
+        "crane": "crane_2",
+        "nixpkgs": "nixpkgs_3",
+        "rust-overlay": "rust-overlay_3"
+      },
+      "locked": {
+        "path": "./discord-bot",
+        "type": "path"
+      },
+      "original": {
+        "path": "./discord-bot",
+        "type": "path"
+      },
+      "parent": [
+        "noisebell"
+      ]
+    },
+    "noisebell-rss": {
+      "inputs": {
+        "crane": "crane_3",
+        "nixpkgs": "nixpkgs_4",
+        "rust-overlay": "rust-overlay_4"
+      },
+      "locked": {
+        "path": "./rss-service",
+        "type": "path"
+      },
+      "original": {
+        "path": "./rss-service",
+        "type": "path"
+      },
+      "parent": [
+        "noisebell"
+      ]
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
         "disko": "disko",
         "mymx": "mymx",
         "nixpkgs": "nixpkgs",
+        "noisebell": "noisebell",
         "website": "website"
       }
     },
@@ -189,7 +362,73 @@
     },
     "rust-overlay_2": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
+          "noisebell",
+          "noisebell-cache",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773115373,
+        "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_3": {
+      "inputs": {
+        "nixpkgs": [
+          "noisebell",
+          "noisebell-discord",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773115373,
+        "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_4": {
+      "inputs": {
+        "nixpkgs": [
+          "noisebell",
+          "noisebell-rss",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773115373,
+        "narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_5": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1772679930,
@@ -241,7 +480,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "rust-overlay": "rust-overlay_2"
+        "rust-overlay": "rust-overlay_5"
       },
       "locked": {
         "lastModified": 1773113843,

flake.nix

@@ -13,6 +13,9 @@
     website.url = "git+https://git.extremist.software/jet/website";
     website.inputs.nixpkgs.follows = "nixpkgs";
 
+    noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote";
+    noisebell.inputs.nixpkgs.follows = "nixpkgs";
+
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
   };
@@ -26,6 +29,7 @@
         inputs.mymx.nixosModules.default
         inputs.website.nixosModules.default
         inputs.agenix.nixosModules.default
+        inputs.noisebell.nixosModules.default
 
         ./disk-config.nix
         ./configuration.nix

modules/noisebell.nix

@@ -0,0 +1,62 @@
+{ config, ... }:
+
+{
+  users.groups.noisebell = {};
+  users.users.noisebell-cache.extraGroups = [ "noisebell" ];
+  users.users.noisebell-discord.extraGroups = [ "noisebell" ];
+  users.users.noisebell-rss.extraGroups = [ "noisebell" ];
+
+  age.secrets.noisebell-pi-api-key = {
+    file = ../secrets/noisebell-pi-api-key.age;
+    group = "noisebell";
+    mode = "0440";
+  };
+  age.secrets.noisebell-inbound-api-key = {
+    file = ../secrets/noisebell-inbound-api-key.age;
+    group = "noisebell";
+    mode = "0440";
+  };
+  age.secrets.noisebell-discord-token = {
+    file = ../secrets/noisebell-discord-token.age;
+    group = "noisebell";
+    mode = "0440";
+  };
+  age.secrets.noisebell-discord-webhook-secret = {
+    file = ../secrets/noisebell-discord-webhook-secret.age;
+    group = "noisebell";
+    mode = "0440";
+  };
+  age.secrets.noisebell-rss-webhook-secret = {
+    file = ../secrets/noisebell-rss-webhook-secret.age;
+    group = "noisebell";
+    mode = "0440";
+  };
+
+  services.noisebell-cache = {
+    enable = true;
+    port = 3003;
+    domain = "noisebell.extremist.software";
+    piAddress = "http://noisebell:80";
+    piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path;
+    inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path;
+    outboundWebhooks = [
+      { url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; }
+      { url = "https://rss.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-rss-webhook-secret.path; }
+    ];
+  };
+
+  services.noisebell-discord = {
+    enable = true;
+    port = 3004;
+    domain = "discord.noisebell.extremist.software";
+    discordTokenFile = config.age.secrets.noisebell-discord-token.path;
+    channelId = "1034916379486322718";
+    webhookSecretFile = config.age.secrets.noisebell-discord-webhook-secret.path;
+  };
+
+  services.noisebell-rss = {
+    enable = true;
+    domain = "rss.noisebell.extremist.software";
+    webhookSecretFile = config.age.secrets.noisebell-rss-webhook-secret.path;
+  };
+}

secrets/noisebell-discord-webhook-secret.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs
+FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng
+-> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU
+0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0
+--- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY
+”<EFBFBD>LÑ»b8v#_Ó„p~À&ÎS³}QF0NƒàÞ1§S~ªå7×Pþ6T¤îuîTªMë)ü§¢Ôï(fÀ0"ÇNƒ¶E¢«Þ;
i

secrets/noisebell-inbound-api-key.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY
+xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY
+-> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs
+Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w
+--- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks
+VgîãËk8årà®*÷Œo¡¡Zi…[÷ÆâP<C3A2>ÎѪÿð¯1Ö¶õ
ô#–±Ò‘vlr‹=§Sk/02faÏkk˜3Éc

secrets/noisebell-rss-webhook-secret.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 uKftJg DBgu0g/eKqv1JQRVd6AiQ+RHJflWlSubF7bNWlt9On8
+cMUFq8ulscBd+bmhSXj5frIkJOgmYZnyNKnGt1Uj7AA
+-> ssh-ed25519 Ziw7aw TnB6blUcqs6TLwYvcajWQEqVwd7SsRC4xxRzqAYXf24
+jKgj4MNtpfU4PVy1kaxHrFj1KqNzf5Jv8w+RXz26aFU
+--- iJ99MLPpbGA8MDHeverizU7cMHyJG958dK+Cy6YqpH4
+íöpŒZÜ%8[öAáž`ØíukúÁâ?j/ZíÅçù&ñ=uI)þ`Hz©^õp<C3B5>sSqVu¿<15>‰`G).µ®âQ8£aLz¾*ø”;