jet/noisebell
jet/noisebell
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add remote, with rss, cache, discord, and zulip

Browse source
This commit is contained in:
Jet Pham 2026-03-09 23:08:01 -07:00
parent 50ec63a474
commit 83baab68e0
No known key found for this signature in database
32 changed files with 6615 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

107
pi/README.md
View file

@ -6,11 +6,63 @@ Runs on NixOS with Tailscale for networking and agenix for secrets.
## Setup
### 1. Hardware config
### 1. Bootstrap
Replace `hardware-configuration.nix` with the output of `nixos-generate-config --show-hardware-config` on your Pi (or use an appropriate hardware module like `sd-card/sd-image-aarch64.nix`).
Build the SD image, flash it, and boot the Pi:
### 2. SSH key
```sh
nix build .#nixosConfigurations.bootstrap.config.system.build.sdImage
dd if=result/sd-image/*.img of=/dev/sdX bs=4M status=progress
```
Insert the SD card into the Pi and power it on. It will connect to the Noisebridge WiFi network automatically.
### 2. Find the Pi
Once booted, find the Pi on the network:
```sh
# Scan the local subnet
nmap -sn 192.168.1.0/24
# Or check ARP table
arp -a
# Or check your router's DHCP leases
```
### 3. Get SSH host key
Grab the Pi's ed25519 host key and put it in `secrets/secrets.nix`:
```sh
ssh-keyscan <pi-ip> | grep ed25519
```
```nix
# secrets/secrets.nix
let
pi = "ssh-ed25519 AAAA..."; # paste the key here
in
{
"api-key.age".publicKeys = [ pi ];
"inbound-api-key.age".publicKeys = [ pi ];
"tailscale-auth-key.age".publicKeys = [ pi ];
}
```
### 4. Secrets
Create the encrypted secret files:
```sh
cd secrets
agenix -e api-key.age # paste API key for the cache endpoint
agenix -e inbound-api-key.age # paste API key that the cache uses to poll the Pi
agenix -e tailscale-auth-key.age # paste Tailscale auth key
```
### 5. Add SSH key
Add your SSH public key to `configuration.nix`:
@ -20,26 +72,9 @@ users.users.root.openssh.authorizedKeys.keys = [
];
```
### 3. Secrets
Get your Pi's SSH host public key and put it in `secrets/secrets.nix`:
### 6. Deploy
```sh
ssh-keyscan <pi-ip> | grep ed25519
```
Then create the encrypted secret files:
```sh
cd secrets
agenix -e endpoint-url.age # paste webhook URL
agenix -e tailscale-auth-key.age # paste Tailscale auth key
```
### 4. Deploy
```sh
nix build .#nixosConfigurations.pi.config.system.build.toplevel
nixos-rebuild switch --flake .#pi --target-host root@noisebell
```
@ -49,6 +84,9 @@ Options under `services.noisebell` in `flake.nix`:
| Option | Default | Description |
|---|---|---|
| `endpointUrl` | — | Webhook endpoint URL to POST state changes to |
| `apiKeyFile` | — | Path to file containing outbound API key (agenix secret) |
| `inboundApiKeyFile` | — | Path to file containing inbound API key for GET endpoint auth (agenix secret) |
| `gpioPin` | 17 | GPIO pin to monitor |
| `debounceSecs` | 5 | Debounce delay |
| `port` | 8080 | HTTP status port |
@ -58,6 +96,7 @@ Options under `services.noisebell` in `flake.nix`:
| `bindAddress` | `0.0.0.0` | Address to bind the HTTP server to |
| `activeLow` | `true` | Whether low GPIO level means open (depends on wiring) |
| `restartDelaySecs` | 5 | Seconds before systemd restarts on failure |
| `watchdogSecs` | 30 | Watchdog timeout — service is restarted if unresponsive |
## API
@ -67,4 +106,28 @@ Options under `services.noisebell` in `flake.nix`:
{"status": "open", "timestamp": 1710000000}
```
State changes (and initial state on startup) are POSTed to the configured endpoint in the same format.
`GET /info` — system health and GPIO config:
```json
{
"uptime_secs": 3600,
"started_at": 1710000000,
"cpu_temp_celsius": 42.3,
"memory_available_kb": 350000,
"memory_total_kb": 512000,
"disk_total_bytes": 16000000000,
"disk_available_bytes": 12000000000,
"load_average": [0.01, 0.05, 0.10],
"nixos_version": "24.11.20240308.9dcb002",
"commit": "c6e726c",
"gpio": {
"pin": 17,
"active_low": true,
"pull": "up",
"open_level": "low",
"current_raw_level": "low"
}
}
```
State changes (and initial state on startup) are POSTed to the configured endpoint in the same format as `GET /`, with an `Authorization: Bearer <api-key>` header.

23
pi/bootstrap.nix Normal file
View file

@ -0,0 +1,23 @@
{ modulesPath, ... }:
{
imports = [ "${modulesPath}/installer/sd-card/sd-image-aarch64.nix" ];
hardware.enableRedistributableFirmware = true;
networking.hostName = "noisebell";
networking.wireless = {
enable = true;
networks = {
"Noisebridge" = {
psk = "noisebridge";
};
};
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
];
}

8
pi/configuration.nix
View file

@ -6,13 +6,17 @@
networking.hostName = "noisebell";
# Decrypted at runtime by agenix
age.secrets.endpoint-url.file = ./secrets/endpoint-url.age;
age.secrets.tailscale-auth-key.file = ./secrets/tailscale-auth-key.age;
age.secrets.api-key.file = ./secrets/api-key.age;
age.secrets.inbound-api-key.file = ./secrets/inbound-api-key.age;
services.noisebell = {
enable = true;
port = 80;
endpointUrlFile = config.age.secrets.endpoint-url.path;
endpointUrl = "https://noisebell.extremist.software/webhook";
apiKeyFile = config.age.secrets.api-key.path;
inboundApiKeyFile = config.age.secrets.inbound-api-key.path;
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

33
pi/flake.nix
View file

@ -38,9 +38,19 @@
description = "HTTP port for the status endpoint.";
};
endpointUrlFile = lib.mkOption {
endpointUrl = lib.mkOption {
type = lib.types.str;
description = "Webhook endpoint URL to POST state changes to.";
};
apiKeyFile = lib.mkOption {
type = lib.types.path;
description = "Path to a file containing the endpoint URL (e.g. an agenix secret).";
description = "Path to a file containing the outbound API key for the cache endpoint.";
};
inboundApiKeyFile = lib.mkOption {
type = lib.types.path;
description = "Path to a file containing the inbound API key for authenticating GET requests.";
};
retryAttempts = lib.mkOption {
@ -78,6 +88,12 @@
default = 5;
description = "Seconds to wait before systemd restarts the service on failure.";
};
watchdogSecs = lib.mkOption {
type = lib.types.ints.positive;
default = 30;
description = "Watchdog timeout in seconds. The service is restarted if it fails to notify systemd within this interval.";
};
};
config = lib.mkIf cfg.enable {
@ -109,17 +125,23 @@
NOISEBELL_RETRY_ATTEMPTS = toString cfg.retryAttempts;
NOISEBELL_RETRY_BASE_DELAY_SECS = toString cfg.retryBaseDelaySecs;
NOISEBELL_HTTP_TIMEOUT_SECS = toString cfg.httpTimeoutSecs;
NOISEBELL_ENDPOINT_URL = cfg.endpointUrl;
NOISEBELL_BIND_ADDRESS = cfg.bindAddress;
NOISEBELL_ACTIVE_LOW = if cfg.activeLow then "true" else "false";
NOISEBELL_COMMIT = self.shortRev or "dirty";
RUST_LOG = "info";
};
script = ''
export NOISEBELL_ENDPOINT_URL="$(cat ${cfg.endpointUrlFile})"
export NOISEBELL_API_KEY="$(cat ${cfg.apiKeyFile})"
export NOISEBELL_INBOUND_API_KEY="$(cat ${cfg.inboundApiKeyFile})"
exec ${bin}
'';
serviceConfig = {
Type = "notify";
NotifyAccess = "all";
WatchdogSec = cfg.watchdogSecs;
Restart = "on-failure";
RestartSec = cfg.restartDelaySecs;
User = "noisebell";
@ -153,5 +175,10 @@
./hardware-configuration.nix
];
};
nixosConfigurations.bootstrap = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ ./bootstrap.nix ];
};
};
}

4
pi/pi-service/Cargo.toml
View file

@ -6,10 +6,12 @@ edition = "2021"
[dependencies]
anyhow = "1.0"
axum = "0.8"
libc = "0.2"
reqwest = { version = "0.12", features = ["json"] }
rppal = "0.22"
sd-notify = "0.4"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "sync", "signal"] }
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "sync", "signal", "time"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

195
pi/pi-service/src/main.rs
View file

@ -3,7 +3,10 @@ use std::sync::Arc;
use std::time::{Duration, SystemTime, UNIX_EPOCH};
use anyhow::{Context, Result};
use axum::{extract::State, routing::get, Json, Router};
use axum::extract::State;
use axum::http::{HeaderMap, StatusCode};
use axum::routing::get;
use axum::{Json, Router};
use rppal::gpio::{Gpio, Level, Trigger};
use serde::Serialize;
use tracing::{error, info, warn};
@ -11,6 +14,19 @@ use tracing::{error, info, warn};
struct AppState {
is_open: AtomicBool,
last_changed: AtomicU64,
started_at: u64,
gpio_pin: u8,
active_low: bool,
commit: String,
inbound_api_key: String,
}
fn validate_bearer(headers: &HeaderMap, expected: &str) -> bool {
headers
.get("authorization")
.and_then(|v| v.to_str().ok())
.map(|v| v.strip_prefix("Bearer ").unwrap_or("") == expected)
.unwrap_or(false)
}
#[derive(Serialize)]
@ -19,6 +35,30 @@ struct StatusResponse {
timestamp: u64,
}
#[derive(Serialize)]
struct GpioInfo {
pin: u8,
active_low: bool,
pull: &'static str,
open_level: &'static str,
current_raw_level: &'static str,
}
#[derive(Serialize)]
struct InfoResponse {
uptime_secs: u64,
started_at: u64,
cpu_temp_celsius: Option<f64>,
memory_available_kb: Option<u64>,
memory_total_kb: Option<u64>,
disk_total_bytes: Option<u64>,
disk_available_bytes: Option<u64>,
load_average: Option<[f64; 3]>,
nixos_version: Option<String>,
commit: String,
gpio: GpioInfo,
}
fn unix_timestamp() -> u64 {
SystemTime::now()
.duration_since(UNIX_EPOCH)
@ -34,11 +74,102 @@ fn status_str(is_open: bool) -> &'static str {
}
}
async fn get_status(State(state): State<Arc<AppState>>) -> Json<StatusResponse> {
Json(StatusResponse {
fn read_cpu_temp() -> Option<f64> {
std::fs::read_to_string("/sys/class/thermal/thermal_zone0/temp")
.ok()
.and_then(|s| s.trim().parse::<f64>().ok())
.map(|m| m / 1000.0)
}
fn read_meminfo_field(contents: &str, field: &str) -> Option<u64> {
contents
.lines()
.find(|l| l.starts_with(field))
.and_then(|l| l.split_whitespace().nth(1))
.and_then(|v| v.parse().ok())
}
fn read_disk_usage() -> Option<(u64, u64)> {
let path = std::ffi::CString::new("/").ok()?;
let mut stat: libc::statvfs = unsafe { std::mem::zeroed() };
let ret = unsafe { libc::statvfs(path.as_ptr(), &mut stat) };
if ret != 0 {
return None;
}
let block_size = stat.f_frsize as u64;
Some((
stat.f_blocks * block_size,
stat.f_bavail * block_size,
))
}
fn read_load_average() -> Option<[f64; 3]> {
let contents = std::fs::read_to_string("/proc/loadavg").ok()?;
let mut parts = contents.split_whitespace();
Some([
parts.next()?.parse().ok()?,
parts.next()?.parse().ok()?,
parts.next()?.parse().ok()?,
])
}
fn read_nixos_version() -> Option<String> {
std::fs::read_to_string("/run/current-system/nixos-version")
.ok()
.map(|s| s.trim().to_string())
}
async fn get_status(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
) -> Result<Json<StatusResponse>, StatusCode> {
if !validate_bearer(&headers, &state.inbound_api_key) {
return Err(StatusCode::UNAUTHORIZED);
}
Ok(Json(StatusResponse {
status: status_str(state.is_open.load(Ordering::Relaxed)),
timestamp: state.last_changed.load(Ordering::Relaxed),
})
}))
}
async fn get_info(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
) -> Result<Json<InfoResponse>, StatusCode> {
if !validate_bearer(&headers, &state.inbound_api_key) {
return Err(StatusCode::UNAUTHORIZED);
}
let meminfo = std::fs::read_to_string("/proc/meminfo").ok();
let disk = read_disk_usage();
let is_open = state.is_open.load(Ordering::Relaxed);
let raw_level = match (state.active_low, is_open) {
(true, true) | (false, false) => "low",
_ => "high",
};
Ok(Json(InfoResponse {
uptime_secs: unix_timestamp() - state.started_at,
started_at: state.started_at,
cpu_temp_celsius: read_cpu_temp(),
memory_available_kb: meminfo
.as_deref()
.and_then(|m| read_meminfo_field(m, "MemAvailable:")),
memory_total_kb: meminfo
.as_deref()
.and_then(|m| read_meminfo_field(m, "MemTotal:")),
disk_total_bytes: disk.map(|(total, _)| total),
disk_available_bytes: disk.map(|(_, avail)| avail),
load_average: read_load_average(),
nixos_version: read_nixos_version(),
commit: state.commit.clone(),
gpio: GpioInfo {
pin: state.gpio_pin,
active_low: state.active_low,
pull: if state.active_low { "up" } else { "down" },
open_level: if state.active_low { "low" } else { "high" },
current_raw_level: raw_level,
},
}))
}
#[tokio::main]
@ -65,6 +196,9 @@ async fn main() -> Result<()> {
let endpoint_url =
std::env::var("NOISEBELL_ENDPOINT_URL").context("NOISEBELL_ENDPOINT_URL is required")?;
let api_key =
std::env::var("NOISEBELL_API_KEY").context("NOISEBELL_API_KEY is required")?;
let retry_attempts: u32 = std::env::var("NOISEBELL_RETRY_ATTEMPTS")
.unwrap_or_else(|_| "3".into())
.parse()
@ -80,13 +214,17 @@ async fn main() -> Result<()> {
.parse()
.context("NOISEBELL_HTTP_TIMEOUT_SECS must be a valid u64")?;
let bind_address = std::env::var("NOISEBELL_BIND_ADDRESS").unwrap_or_else(|_| "0.0.0.0".into());
let bind_address =
std::env::var("NOISEBELL_BIND_ADDRESS").unwrap_or_else(|_| "0.0.0.0".into());
let active_low: bool = std::env::var("NOISEBELL_ACTIVE_LOW")
.unwrap_or_else(|_| "true".into())
.parse()
.context("NOISEBELL_ACTIVE_LOW must be true or false")?;
let inbound_api_key = std::env::var("NOISEBELL_INBOUND_API_KEY")
.context("NOISEBELL_INBOUND_API_KEY is required")?;
info!(gpio_pin, debounce_secs, port, %endpoint_url, "starting noisebell");
let gpio = Gpio::new().context("failed to initialize GPIO")?;
@ -101,9 +239,18 @@ async fn main() -> Result<()> {
let open_level = if active_low { Level::Low } else { Level::High };
let initial_open = pin.read() == open_level;
let now = unix_timestamp();
let commit =
std::env::var("NOISEBELL_COMMIT").unwrap_or_else(|_| "unknown".into());
let state = Arc::new(AppState {
is_open: AtomicBool::new(initial_open),
last_changed: AtomicU64::new(unix_timestamp()),
last_changed: AtomicU64::new(now),
started_at: now,
gpio_pin,
active_low,
commit,
inbound_api_key,
});
info!(initial_status = status_str(initial_open), "GPIO initialized");
@ -111,7 +258,7 @@ async fn main() -> Result<()> {
let (tx, mut rx) = tokio::sync::mpsc::unbounded_channel::<(bool, u64)>();
// Sync initial state with the cache on startup
let _ = tx.send((initial_open, unix_timestamp()));
let _ = tx.send((initial_open, now));
let state_for_interrupt = state.clone();
// pin must live for the entire program — rppal runs interrupts on a background
@ -130,7 +277,9 @@ async fn main() -> Result<()> {
let was_open = state_for_interrupt.is_open.swap(new_open, Ordering::Relaxed);
if was_open != new_open {
let timestamp = unix_timestamp();
state_for_interrupt.last_changed.store(timestamp, Ordering::Relaxed);
state_for_interrupt
.last_changed
.store(timestamp, Ordering::Relaxed);
let _ = tx.send((new_open, timestamp));
}
},
@ -150,7 +299,12 @@ async fn main() -> Result<()> {
let payload = serde_json::json!({ "status": status, "timestamp": timestamp });
for attempt in 0..=retry_attempts {
let result = client.post(&endpoint_url).json(&payload).send().await;
let result = client
.post(&endpoint_url)
.bearer_auth(&api_key)
.json(&payload)
.send()
.await;
match result {
Ok(resp) if resp.status().is_success() => break,
_ => {
@ -175,6 +329,7 @@ async fn main() -> Result<()> {
let app = Router::new()
.route("/", get(get_status))
.route("/info", get(get_info))
.with_state(state);
let listener = tokio::net::TcpListener::bind((&*bind_address, port))
@ -183,9 +338,27 @@ async fn main() -> Result<()> {
info!(port, "listening");
let shutdown = tokio::signal::ctrl_c();
// Start watchdog task if systemd watchdog is enabled
if let Ok(usec_str) = std::env::var("WATCHDOG_USEC") {
if let Ok(usec) = usec_str.parse::<u64>() {
let period = Duration::from_micros(usec / 2);
tokio::spawn(async move {
loop {
sd_notify::notify(false, &[sd_notify::NotifyState::Watchdog]).ok();
tokio::time::sleep(period).await;
}
});
}
}
sd_notify::notify(false, &[sd_notify::NotifyState::Ready]).ok();
let mut sigterm = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())
.context("failed to register SIGTERM handler")?;
axum::serve(listener, app)
.with_graceful_shutdown(async { shutdown.await.ok(); })
.with_graceful_shutdown(async move {
sigterm.recv().await;
})
.await
.context("server error")?;

3
pi/secrets/secrets.nix
View file

@ -2,6 +2,7 @@ let
pi = "ssh-ed25519 AAAA..."; # Pi's SSH host public key
in
{
"endpoint-url.age".publicKeys = [ pi ];
"api-key.age".publicKeys = [ pi ];
"inbound-api-key.age".publicKeys = [ pi ];
"tailscale-auth-key.age".publicKeys = [ pi ];
}

1688
remote/cache-service/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

15
remote/cache-service/Cargo.toml Normal file
View file

@ -0,0 +1,15 @@
[package]
name = "noisebell-cache"
version = "0.1.0"
edition = "2021"
[dependencies]
anyhow = "1.0"
axum = "0.8"
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
rusqlite = { version = "0.33", features = ["bundled"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "sync", "signal", "time"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

64
remote/cache-service/flake.lock generated Normal file
View file

@ -0,0 +1,64 @@
{
"nodes": {
"crane": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

45
remote/cache-service/flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "Noisebell - cache service";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
crane.url = "github:ipetkov/crane";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, crane, rust-overlay }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
overlays = [ rust-overlay.overlays.default ];
};
rustToolchain = pkgs.rust-bin.stable.latest.default;
craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
src = craneLib.cleanCargoSource ./.;
commonArgs = {
inherit src;
strictDeps = true;
doCheck = false;
};
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
noisebell-cache = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
in
{
packages.${system}.default = noisebell-cache;
devShells.${system}.default = craneLib.devShell {
packages = [ pkgs.rust-analyzer ];
};
};
}

1
remote/cache-service/result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/w4n48lrfqm5vhpyzjfcc9yxhmjr801xh-noisebell-cache-0.1.0

116
remote/cache-service/src/api.rs Normal file
View file

@ -0,0 +1,116 @@
use std::sync::Arc;
use axum::extract::{Query, State};
use axum::http::{HeaderMap, StatusCode};
use axum::Json;
use tokio::sync::Mutex;
use tracing::{error, info};
use crate::db;
use crate::types::{DoorStatus, InboundWebhook, OutboundPayload, WebhookTarget};
use crate::webhook;
pub struct AppState {
pub db: Arc<Mutex<rusqlite::Connection>>,
pub client: reqwest::Client,
pub inbound_api_key: String,
pub webhooks: Vec<WebhookTarget>,
pub retry_attempts: u32,
pub retry_base_delay_secs: u64,
}
fn unix_now() -> u64 {
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs()
}
fn validate_bearer(headers: &HeaderMap, expected: &str) -> bool {
headers
.get("authorization")
.and_then(|v| v.to_str().ok())
.map(|v| v.strip_prefix("Bearer ").unwrap_or("") == expected)
.unwrap_or(false)
}
pub async fn post_webhook(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
Json(body): Json<InboundWebhook>,
) -> StatusCode {
if !validate_bearer(&headers, &state.inbound_api_key) {
return StatusCode::UNAUTHORIZED;
}
let Some(status) = DoorStatus::from_str(&body.status) else {
return StatusCode::BAD_REQUEST;
};
let now = unix_now();
{
let conn = state.db.lock().await;
if let Err(e) = db::update_state(&conn, status, body.timestamp, now) {
error!(error = %e, "failed to update state from webhook");
return StatusCode::INTERNAL_SERVER_ERROR;
}
}
info!(status = status.as_str(), timestamp = body.timestamp, "state updated via webhook");
webhook::forward(
&state.client,
&state.webhooks,
&OutboundPayload {
status: status.as_str().to_string(),
timestamp: body.timestamp,
},
state.retry_attempts,
state.retry_base_delay_secs,
)
.await;
StatusCode::OK
}
pub async fn get_status(State(state): State<Arc<AppState>>) -> Result<Json<serde_json::Value>, StatusCode> {
let conn = state.db.lock().await;
match db::get_status(&conn) {
Ok(status) => Ok(Json(serde_json::to_value(status).unwrap())),
Err(e) => {
error!(error = %e, "failed to get status");
Err(StatusCode::INTERNAL_SERVER_ERROR)
}
}
}
pub async fn get_info(State(state): State<Arc<AppState>>) -> Result<Json<serde_json::Value>, StatusCode> {
let conn = state.db.lock().await;
match db::get_pi_info(&conn) {
Ok(info) => Ok(Json(info)),
Err(e) => {
error!(error = %e, "failed to get pi info");
Err(StatusCode::INTERNAL_SERVER_ERROR)
}
}
}
#[derive(serde::Deserialize)]
pub struct HistoryQuery {
pub limit: Option<u32>,
}
pub async fn get_history(
State(state): State<Arc<AppState>>,
Query(query): Query<HistoryQuery>,
) -> Result<Json<Vec<crate::types::HistoryEntry>>, StatusCode> {
let limit = query.limit.unwrap_or(50);
let conn = state.db.lock().await;
match db::get_history(&conn, limit) {
Ok(entries) => Ok(Json(entries)),
Err(e) => {
error!(error = %e, "failed to get history");
Err(StatusCode::INTERNAL_SERVER_ERROR)
}
}
}

131
remote/cache-service/src/db.rs Normal file
View file

@ -0,0 +1,131 @@
use anyhow::{Context, Result};
use rusqlite::Connection;
use crate::types::{DoorStatus, HistoryEntry, StatusResponse};
pub fn init(path: &str) -> Result<Connection> {
let conn = Connection::open(path).context("failed to open SQLite database")?;
conn.execute_batch(
"
CREATE TABLE IF NOT EXISTS current_state (
id INTEGER PRIMARY KEY CHECK (id = 1),
status TEXT,
timestamp INTEGER,
last_seen INTEGER
);
CREATE TABLE IF NOT EXISTS state_log (
id INTEGER PRIMARY KEY AUTOINCREMENT,
status TEXT NOT NULL,
timestamp INTEGER NOT NULL,
recorded_at INTEGER NOT NULL
);
CREATE TABLE IF NOT EXISTS pi_info (
id INTEGER PRIMARY KEY CHECK (id = 1),
data TEXT NOT NULL,
fetched_at INTEGER NOT NULL
);
INSERT OR IGNORE INTO current_state (id, status, timestamp, last_seen) VALUES (1, NULL, NULL, NULL);
INSERT OR IGNORE INTO pi_info (id, data, fetched_at) VALUES (1, '{}', 0);
",
)
.context("failed to initialize database schema")?;
Ok(conn)
}
pub fn get_status(conn: &Connection) -> Result<StatusResponse> {
let (status, timestamp, last_seen) = conn.query_row(
"SELECT status, timestamp, last_seen FROM current_state WHERE id = 1",
[],
|row| {
Ok((
row.get::<_, Option<String>>(0)?,
row.get::<_, Option<u64>>(1)?,
row.get::<_, Option<u64>>(2)?,
))
},
)?;
Ok(StatusResponse {
status: status.unwrap_or_else(|| "offline".to_string()),
timestamp,
last_seen,
})
}
pub fn update_state(conn: &Connection, status: DoorStatus, timestamp: u64, now: u64) -> Result<()> {
let status_str = status.as_str();
conn.execute(
"UPDATE current_state SET status = ?1, timestamp = ?2, last_seen = ?3 WHERE id = 1",
rusqlite::params![status_str, timestamp, now],
)?;
conn.execute(
"INSERT INTO state_log (status, timestamp, recorded_at) VALUES (?1, ?2, ?3)",
rusqlite::params![status_str, timestamp, now],
)?;
Ok(())
}
pub fn update_last_seen(conn: &Connection, now: u64) -> Result<()> {
conn.execute(
"UPDATE current_state SET last_seen = ?1 WHERE id = 1",
rusqlite::params![now],
)?;
Ok(())
}
pub fn mark_offline(conn: &Connection, now: u64) -> Result<()> {
conn.execute(
"UPDATE current_state SET status = NULL WHERE id = 1",
[],
)?;
conn.execute(
"INSERT INTO state_log (status, timestamp, recorded_at) VALUES ('offline', ?1, ?1)",
rusqlite::params![now],
)?;
Ok(())
}
pub fn get_current_status_str(conn: &Connection) -> Result<Option<String>> {
let status = conn.query_row(
"SELECT status FROM current_state WHERE id = 1",
[],
|row| row.get::<_, Option<String>>(0),
)?;
Ok(status)
}
pub fn get_history(conn: &Connection, limit: u32) -> Result<Vec<HistoryEntry>> {
let mut stmt = conn.prepare(
"SELECT status, timestamp, recorded_at FROM state_log ORDER BY id DESC LIMIT ?1",
)?;
let entries = stmt
.query_map(rusqlite::params![limit], |row| {
Ok(HistoryEntry {
status: row.get(0)?,
timestamp: row.get(1)?,
recorded_at: row.get(2)?,
})
})?
.collect::<Result<Vec<_>, _>>()?;
Ok(entries)
}
pub fn get_pi_info(conn: &Connection) -> Result<serde_json::Value> {
let data: String = conn.query_row(
"SELECT data FROM pi_info WHERE id = 1",
[],
|row| row.get(0),
)?;
Ok(serde_json::from_str(&data).unwrap_or(serde_json::json!({})))
}
pub fn update_pi_info(conn: &Connection, data: &serde_json::Value, now: u64) -> Result<()> {
let json = serde_json::to_string(data)?;
conn.execute(
"INSERT OR REPLACE INTO pi_info (id, data, fetched_at) VALUES (1, ?1, ?2)",
rusqlite::params![json, now],
)?;
Ok(())
}

149
remote/cache-service/src/main.rs Normal file
View file

@ -0,0 +1,149 @@
use std::sync::Arc;
use std::time::Duration;
use anyhow::{Context, Result};
use axum::routing::{get, post};
use axum::Router;
use tokio::sync::Mutex;
use tracing::info;
mod api;
mod db;
mod poller;
mod types;
mod webhook;
use types::WebhookTarget;
#[tokio::main]
async fn main() -> Result<()> {
tracing_subscriber::fmt()
.with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
.init();
let port: u16 = std::env::var("NOISEBELL_CACHE_PORT")
.unwrap_or_else(|_| "3000".into())
.parse()
.context("NOISEBELL_CACHE_PORT must be a valid u16")?;
let pi_address = std::env::var("NOISEBELL_CACHE_PI_ADDRESS")
.context("NOISEBELL_CACHE_PI_ADDRESS is required")?;
let pi_api_key = std::env::var("NOISEBELL_CACHE_PI_API_KEY")
.context("NOISEBELL_CACHE_PI_API_KEY is required")?;
let inbound_api_key = std::env::var("NOISEBELL_CACHE_INBOUND_API_KEY")
.context("NOISEBELL_CACHE_INBOUND_API_KEY is required")?;
let data_dir =
std::env::var("NOISEBELL_CACHE_DATA_DIR").unwrap_or_else(|_| "/var/lib/noisebell-cache".into());
let status_poll_interval_secs: u64 = std::env::var("NOISEBELL_CACHE_STATUS_POLL_INTERVAL_SECS")
.unwrap_or_else(|_| "60".into())
.parse()
.context("NOISEBELL_CACHE_STATUS_POLL_INTERVAL_SECS must be a valid u64")?;
let info_poll_interval_secs: u64 = std::env::var("NOISEBELL_CACHE_INFO_POLL_INTERVAL_SECS")
.unwrap_or_else(|_| "300".into())
.parse()
.context("NOISEBELL_CACHE_INFO_POLL_INTERVAL_SECS must be a valid u64")?;
let offline_threshold: u32 = std::env::var("NOISEBELL_CACHE_OFFLINE_THRESHOLD")
.unwrap_or_else(|_| "3".into())
.parse()
.context("NOISEBELL_CACHE_OFFLINE_THRESHOLD must be a valid u32")?;
let retry_attempts: u32 = std::env::var("NOISEBELL_CACHE_RETRY_ATTEMPTS")
.unwrap_or_else(|_| "3".into())
.parse()
.context("NOISEBELL_CACHE_RETRY_ATTEMPTS must be a valid u32")?;
let retry_base_delay_secs: u64 = std::env::var("NOISEBELL_CACHE_RETRY_BASE_DELAY_SECS")
.unwrap_or_else(|_| "1".into())
.parse()
.context("NOISEBELL_CACHE_RETRY_BASE_DELAY_SECS must be a valid u64")?;
let http_timeout_secs: u64 = std::env::var("NOISEBELL_CACHE_HTTP_TIMEOUT_SECS")
.unwrap_or_else(|_| "10".into())
.parse()
.context("NOISEBELL_CACHE_HTTP_TIMEOUT_SECS must be a valid u64")?;
// Parse outbound webhooks from NOISEBELL_CACHE_WEBHOOK_<n>_URL and _SECRET env vars
let mut webhooks = Vec::new();
for i in 0.. {
let url_key = format!("NOISEBELL_CACHE_WEBHOOK_{i}_URL");
match std::env::var(&url_key) {
Ok(url) => {
let secret_key = format!("NOISEBELL_CACHE_WEBHOOK_{i}_SECRET");
let secret = std::env::var(&secret_key).ok();
webhooks.push(WebhookTarget { url, secret });
}
Err(_) => break,
}
}
info!(
port,
%pi_address,
webhook_count = webhooks.len(),
"starting noisebell-cache"
);
let db_path = format!("{data_dir}/noisebell.db");
let conn = db::init(&db_path)?;
let db = Arc::new(Mutex::new(conn));
let client = reqwest::Client::builder()
.timeout(Duration::from_secs(http_timeout_secs))
.build()
.context("failed to build HTTP client")?;
let poller_config = Arc::new(poller::PollerConfig {
pi_address,
pi_api_key,
status_poll_interval: Duration::from_secs(status_poll_interval_secs),
info_poll_interval: Duration::from_secs(info_poll_interval_secs),
offline_threshold,
retry_attempts,
retry_base_delay_secs,
http_timeout_secs,
webhooks: webhooks.clone(),
});
poller::spawn_status_poller(poller_config.clone(), db.clone(), client.clone());
poller::spawn_info_poller(poller_config, db.clone(), client.clone());
let app_state = Arc::new(api::AppState {
db,
client,
inbound_api_key,
webhooks,
retry_attempts,
retry_base_delay_secs,
});
let app = Router::new()
.route("/webhook", post(api::post_webhook))
.route("/status", get(api::get_status))
.route("/info", get(api::get_info))
.route("/history", get(api::get_history))
.with_state(app_state);
let listener = tokio::net::TcpListener::bind(("0.0.0.0", port))
.await
.context(format!("failed to bind to 0.0.0.0:{port}"))?;
info!(port, "listening");
let mut sigterm = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())
.context("failed to register SIGTERM handler")?;
axum::serve(listener, app)
.with_graceful_shutdown(async move {
sigterm.recv().await;
})
.await
.context("server error")?;
info!("shutdown complete");
Ok(())
}

174
remote/cache-service/src/poller.rs Normal file
View file

@ -0,0 +1,174 @@
use std::sync::Arc;
use std::time::Duration;
use tokio::sync::Mutex;
use tracing::{error, info, warn};
use crate::db;
use crate::types::{DoorStatus, OutboundPayload, WebhookTarget};
use crate::webhook;
pub struct PollerConfig {
pub pi_address: String,
pub pi_api_key: String,
pub status_poll_interval: Duration,
pub info_poll_interval: Duration,
pub offline_threshold: u32,
pub retry_attempts: u32,
pub retry_base_delay_secs: u64,
pub http_timeout_secs: u64,
pub webhooks: Vec<WebhookTarget>,
}
fn unix_now() -> u64 {
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs()
}
pub fn spawn_status_poller(
config: Arc<PollerConfig>,
db: Arc<Mutex<rusqlite::Connection>>,
client: reqwest::Client,
) {
tokio::spawn(async move {
let mut consecutive_failures: u32 = 0;
let mut was_offline = false;
loop {
tokio::time::sleep(config.status_poll_interval).await;
let result = client
.get(format!("{}/", config.pi_address))
.bearer_auth(&config.pi_api_key)
.send()
.await;
match result {
Ok(resp) if resp.status().is_success() => {
consecutive_failures = 0;
if was_offline {
info!("Pi is back online");
was_offline = false;
}
let now = unix_now();
if let Ok(body) = resp.json::<serde_json::Value>().await {
let conn = db.lock().await;
if let Err(e) = db::update_last_seen(&conn, now) {
error!(error = %e, "failed to update last_seen");
}
// Update state if it differs from current
if let Some(status_str) = body.get("status").and_then(|s| s.as_str()) {
if let Some(status) = DoorStatus::from_str(status_str) {
let current = db::get_current_status_str(&conn);
let changed = match &current {
Ok(Some(s)) => s != status.as_str(),
Ok(None) => true, // was offline
Err(_) => true,
};
if changed {
let timestamp = body
.get("timestamp")
.and_then(|t| t.as_u64())
.unwrap_or(now);
if let Err(e) = db::update_state(&conn, status, timestamp, now) {
error!(error = %e, "failed to update state from poll");
} else {
info!(status = status.as_str(), "state updated from poll");
drop(conn);
webhook::forward(
&client,
&config.webhooks,
&OutboundPayload {
status: status.as_str().to_string(),
timestamp,
},
config.retry_attempts,
config.retry_base_delay_secs,
)
.await;
}
}
}
}
}
}
_ => {
consecutive_failures += 1;
let err_msg = match &result {
Ok(resp) => format!("HTTP {}", resp.status()),
Err(e) => e.to_string(),
};
warn!(
error = %err_msg,
consecutive_failures,
"status poll failed"
);
if consecutive_failures >= config.offline_threshold && !was_offline {
was_offline = true;
let now = unix_now();
let conn = db.lock().await;
if let Err(e) = db::mark_offline(&conn, now) {
error!(error = %e, "failed to mark Pi offline");
} else {
info!("Pi marked offline after {} consecutive failures", consecutive_failures);
drop(conn);
webhook::forward(
&client,
&config.webhooks,
&OutboundPayload {
status: "offline".to_string(),
timestamp: now,
},
config.retry_attempts,
config.retry_base_delay_secs,
)
.await;
}
}
}
}
}
});
}
pub fn spawn_info_poller(
config: Arc<PollerConfig>,
db: Arc<Mutex<rusqlite::Connection>>,
client: reqwest::Client,
) {
tokio::spawn(async move {
loop {
tokio::time::sleep(config.info_poll_interval).await;
let result = client
.get(format!("{}/info", config.pi_address))
.bearer_auth(&config.pi_api_key)
.send()
.await;
match result {
Ok(resp) if resp.status().is_success() => {
if let Ok(data) = resp.json::<serde_json::Value>().await {
let now = unix_now();
let conn = db.lock().await;
if let Err(e) = db::update_pi_info(&conn, &data, now) {
error!(error = %e, "failed to update pi_info");
}
}
}
_ => {
let err_msg = match &result {
Ok(resp) => format!("HTTP {}", resp.status()),
Err(e) => e.to_string(),
};
warn!(error = %err_msg, "info poll failed");
}
}
}
});
}

57
remote/cache-service/src/types.rs Normal file
View file

@ -0,0 +1,57 @@
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum DoorStatus {
Open,
Closed,
}
impl DoorStatus {
pub fn as_str(self) -> &'static str {
match self {
DoorStatus::Open => "open",
DoorStatus::Closed => "closed",
}
}
pub fn from_str(s: &str) -> Option<Self> {
match s {
"open" => Some(DoorStatus::Open),
"closed" => Some(DoorStatus::Closed),
_ => None,
}
}
}
#[derive(Debug, Clone, Serialize)]
pub struct StatusResponse {
pub status: String, // "open", "closed", or "offline"
pub timestamp: Option<u64>,
pub last_seen: Option<u64>,
}
#[derive(Debug, Deserialize)]
pub struct InboundWebhook {
pub status: String,
pub timestamp: u64,
}
#[derive(Debug, Clone, Serialize)]
pub struct OutboundPayload {
pub status: String,
pub timestamp: u64,
}
#[derive(Debug, Clone, Serialize)]
pub struct HistoryEntry {
pub status: String,
pub timestamp: u64,
pub recorded_at: u64,
}
#[derive(Debug, Clone)]
pub struct WebhookTarget {
pub url: String,
pub secret: Option<String>,
}

53
remote/cache-service/src/webhook.rs Normal file
View file

@ -0,0 +1,53 @@
use std::time::Duration;
use tracing::{error, info, warn};
use crate::types::{OutboundPayload, WebhookTarget};
pub async fn forward(
client: &reqwest::Client,
targets: &[WebhookTarget],
payload: &OutboundPayload,
retry_attempts: u32,
retry_base_delay_secs: u64,
) {
for target in targets {
let payload = payload.clone();
let client = client.clone();
let url = target.url.clone();
let secret = target.secret.clone();
let retry_attempts = retry_attempts;
let retry_base_delay_secs = retry_base_delay_secs;
tokio::spawn(async move {
info!(url = %url, status = %payload.status, "forwarding to outbound webhook");
for attempt in 0..=retry_attempts {
let mut req = client.post(&url).json(&payload);
if let Some(ref secret) = secret {
req = req.bearer_auth(secret);
}
match req.send().await {
Ok(resp) if resp.status().is_success() => {
info!(url = %url, "outbound webhook delivered");
return;
}
result => {
let err_msg = match &result {
Ok(resp) => format!("HTTP {}", resp.status()),
Err(e) => e.to_string(),
};
if attempt == retry_attempts {
error!(url = %url, error = %err_msg, "outbound webhook failed after {} attempts", retry_attempts + 1);
} else {
let delay = Duration::from_secs(retry_base_delay_secs * 2u64.pow(attempt));
warn!(url = %url, error = %err_msg, attempt = attempt + 1, "outbound webhook failed, retrying in {:?}", delay);
tokio::time::sleep(delay).await;
}
}
}
}
});
}
}

57
remote/configuration.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
networking.hostName = "noisebell-remote";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
services.openssh.enable = true;
services.caddy.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
# Add your SSH public key here
];
# ── Secrets ───────────────────────────────────────────────────────────
age.secrets.pi-api-key.file = ./secrets/pi-api-key.age;
age.secrets.pi-inbound-api-key.file = ./secrets/pi-inbound-api-key.age;
age.secrets.discord-token.file = ./secrets/discord-token.age;
age.secrets.discord-webhook-secret.file = ./secrets/discord-webhook-secret.age;
age.secrets.rss-webhook-secret.file = ./secrets/rss-webhook-secret.age;
# ── Cache ─────────────────────────────────────────────────────────────
services.noisebell-cache = {
enable = true;
domain = "noisebell.extremist.software";
piAddress = "http://noisebell:80";
inboundApiKeyFile = config.age.secrets.pi-api-key.path;
piApiKeyFile = config.age.secrets.pi-inbound-api-key.path;
outboundWebhooks = [
{ url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.discord-webhook-secret.path; }
{ url = "https://rss.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.rss-webhook-secret.path; }
];
};
# ── Discord ───────────────────────────────────────────────────────────
services.noisebell-discord = {
enable = true;
domain = "discord.noisebell.extremist.software";
discordTokenFile = config.age.secrets.discord-token.path;
channelId = "000000000000000000"; # Replace with actual channel ID
webhookSecretFile = config.age.secrets.discord-webhook-secret.path;
};
# ── RSS ───────────────────────────────────────────────────────────────
services.noisebell-rss = {
enable = true;
domain = "rss.noisebell.extremist.software";
webhookSecretFile = config.age.secrets.rss-webhook-secret.path;
};
}

2092
remote/discord-bot/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

14
remote/discord-bot/Cargo.toml Normal file
View file

@ -0,0 +1,14 @@
[package]
name = "noisebell-discord"
version = "0.1.0"
edition = "2021"
[dependencies]
anyhow = "1.0"
axum = "0.8"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
serenity = { version = "0.12", default-features = false, features = ["client", "gateway", "model", "rustls_backend"] }
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "sync", "signal"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

64
remote/discord-bot/flake.lock generated Normal file
View file

@ -0,0 +1,64 @@
{
"nodes": {
"crane": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

45
remote/discord-bot/flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "Noisebell - Discord bot";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
crane.url = "github:ipetkov/crane";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, crane, rust-overlay }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
overlays = [ rust-overlay.overlays.default ];
};
rustToolchain = pkgs.rust-bin.stable.latest.default;
craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
src = craneLib.cleanCargoSource ./.;
commonArgs = {
inherit src;
strictDeps = true;
doCheck = false;
};
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
noisebell-discord = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
in
{
packages.${system}.default = noisebell-discord;
devShells.${system}.default = craneLib.devShell {
packages = [ pkgs.rust-analyzer ];
};
};
}

1
remote/discord-bot/result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/jnkl079ljh32p7m9jxnan8wis1sp2bm9-noisebell-discord-0.1.0

142
remote/discord-bot/src/main.rs Normal file
View file

@ -0,0 +1,142 @@
use std::sync::Arc;
use anyhow::{Context, Result};
use axum::extract::State;
use axum::http::{HeaderMap, StatusCode};
use axum::routing::post;
use axum::{Json, Router};
use serde::Deserialize;
use serenity::all::{ChannelId, Colour, CreateEmbed, CreateMessage, GatewayIntents, Http};
use tracing::{error, info};
#[derive(Deserialize)]
struct WebhookPayload {
status: String,
timestamp: u64,
}
struct AppState {
http: Arc<Http>,
channel_id: ChannelId,
webhook_secret: String,
}
fn validate_bearer(headers: &HeaderMap, expected: &str) -> bool {
headers
.get("authorization")
.and_then(|v| v.to_str().ok())
.map(|v| v.strip_prefix("Bearer ").unwrap_or("") == expected)
.unwrap_or(false)
}
fn build_embed(status: &str, timestamp: u64) -> CreateEmbed {
let (colour, title, description) = match status {
"open" => (Colour::from_rgb(87, 242, 135), "Door is open", "The door at Noisebridge is open."),
"closed" => (Colour::from_rgb(237, 66, 69), "Door is closed", "The door at Noisebridge is closed."),
_ => (Colour::from_rgb(153, 170, 181), "Pi is offline", "The Noisebridge Pi is offline."),
};
CreateEmbed::new()
.title(title)
.description(description)
.colour(colour)
.timestamp(serenity::model::Timestamp::from_unix_timestamp(timestamp as i64).unwrap_or_else(|_| serenity::model::Timestamp::now()))
}
async fn post_webhook(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
Json(body): Json<WebhookPayload>,
) -> StatusCode {
if !validate_bearer(&headers, &state.webhook_secret) {
return StatusCode::UNAUTHORIZED;
}
info!(status = %body.status, timestamp = body.timestamp, "received webhook");
let embed = build_embed(&body.status, body.timestamp);
let message = CreateMessage::new().embed(embed);
match state.channel_id.send_message(&state.http, message).await {
Ok(_) => {
info!(status = %body.status, "embed sent to Discord");
StatusCode::OK
}
Err(e) => {
error!(error = %e, "failed to send embed to Discord");
StatusCode::INTERNAL_SERVER_ERROR
}
}
}
struct Handler;
impl serenity::all::EventHandler for Handler {}
#[tokio::main]
async fn main() -> Result<()> {
tracing_subscriber::fmt()
.with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
.init();
let discord_token = std::env::var("NOISEBELL_DISCORD_TOKEN")
.context("NOISEBELL_DISCORD_TOKEN is required")?;
let channel_id: u64 = std::env::var("NOISEBELL_DISCORD_CHANNEL_ID")
.context("NOISEBELL_DISCORD_CHANNEL_ID is required")?
.parse()
.context("NOISEBELL_DISCORD_CHANNEL_ID must be a valid u64")?;
let webhook_secret = std::env::var("NOISEBELL_DISCORD_WEBHOOK_SECRET")
.context("NOISEBELL_DISCORD_WEBHOOK_SECRET is required")?;
let port: u16 = std::env::var("NOISEBELL_DISCORD_PORT")
.unwrap_or_else(|_| "3001".into())
.parse()
.context("NOISEBELL_DISCORD_PORT must be a valid u16")?;
info!(port, channel_id, "starting noisebell-discord");
let intents = GatewayIntents::empty();
let mut client = serenity::Client::builder(&discord_token, intents)
.event_handler(Handler)
.await
.context("failed to create Discord client")?;
let http = client.http.clone();
let app_state = Arc::new(AppState {
http,
channel_id: ChannelId::new(channel_id),
webhook_secret,
});
let app = Router::new()
.route("/webhook", post(post_webhook))
.with_state(app_state);
let listener = tokio::net::TcpListener::bind(("0.0.0.0", port))
.await
.context(format!("failed to bind to 0.0.0.0:{port}"))?;
info!(port, "webhook listener ready");
let mut sigterm = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())
.context("failed to register SIGTERM handler")?;
tokio::select! {
result = client.start() => {
if let Err(e) = result {
error!(error = %e, "Discord client error");
}
}
result = axum::serve(listener, app).with_graceful_shutdown(async move { sigterm.recv().await; }) => {
if let Err(e) = result {
error!(error = %e, "HTTP server error");
}
}
}
info!("shutdown complete");
Ok(())
}

242
remote/flake.nix Normal file
View file

@ -0,0 +1,242 @@
{
description = "NixOS configuration for noisebell remote services";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
noisebell-cache.url = "path:./cache-service";
noisebell-discord.url = "path:./discord-bot";
noisebell-rss.url = "path:./rss-service";
};
outputs = { self, nixpkgs, agenix, noisebell-cache, noisebell-discord, noisebell-rss }:
let
# ── Cache module ──────────────────────────────────────────────────
cacheModule = { config, lib, pkgs, ... }:
let cfg = config.services.noisebell-cache; in
{
options.services.noisebell-cache = {
enable = lib.mkEnableOption "noisebell cache service";
domain = lib.mkOption { type = lib.types.str; };
piAddress = lib.mkOption { type = lib.types.str; };
piApiKeyFile = lib.mkOption { type = lib.types.path; description = "Path to agenix secret for authenticating to Pi GET endpoints."; };
inboundApiKeyFile = lib.mkOption { type = lib.types.path; };
port = lib.mkOption { type = lib.types.port; default = 3000; };
statusPollIntervalSecs = lib.mkOption { type = lib.types.ints.positive; default = 60; };
infoPollIntervalSecs = lib.mkOption { type = lib.types.ints.positive; default = 300; };
offlineThreshold = lib.mkOption { type = lib.types.ints.positive; default = 3; };
retryAttempts = lib.mkOption { type = lib.types.ints.unsigned; default = 3; };
retryBaseDelaySecs = lib.mkOption { type = lib.types.ints.positive; default = 1; };
httpTimeoutSecs = lib.mkOption { type = lib.types.ints.positive; default = 10; };
dataDir = lib.mkOption { type = lib.types.str; default = "/var/lib/noisebell-cache"; };
outboundWebhooks = lib.mkOption {
type = lib.types.listOf (lib.types.submodule {
options = {
url = lib.mkOption { type = lib.types.str; };
secretFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; };
};
});
default = [];
};
};
config = lib.mkIf cfg.enable {
users.users.noisebell-cache = { isSystemUser = true; group = "noisebell-cache"; };
users.groups.noisebell-cache = {};
services.caddy.virtualHosts."${cfg.domain}".extraConfig = ''
reverse_proxy localhost:${toString cfg.port}
'';
systemd.services.noisebell-cache = let
bin = "${noisebell-cache.packages.x86_64-linux.default}/bin/noisebell-cache";
webhookExports = lib.concatImapStringsSep "\n" (i: wh:
let idx = toString (i - 1); in
''export NOISEBELL_CACHE_WEBHOOK_${idx}_URL="${wh.url}"'' +
lib.optionalString (wh.secretFile != null)
''\nexport NOISEBELL_CACHE_WEBHOOK_${idx}_SECRET="$(cat ${wh.secretFile})"''
) cfg.outboundWebhooks;
in {
description = "Noisebell cache service";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
environment = {
NOISEBELL_CACHE_PORT = toString cfg.port;
NOISEBELL_CACHE_PI_ADDRESS = cfg.piAddress;
NOISEBELL_CACHE_DATA_DIR = cfg.dataDir;
NOISEBELL_CACHE_STATUS_POLL_INTERVAL_SECS = toString cfg.statusPollIntervalSecs;
NOISEBELL_CACHE_INFO_POLL_INTERVAL_SECS = toString cfg.infoPollIntervalSecs;
NOISEBELL_CACHE_OFFLINE_THRESHOLD = toString cfg.offlineThreshold;
NOISEBELL_CACHE_RETRY_ATTEMPTS = toString cfg.retryAttempts;
NOISEBELL_CACHE_RETRY_BASE_DELAY_SECS = toString cfg.retryBaseDelaySecs;
NOISEBELL_CACHE_HTTP_TIMEOUT_SECS = toString cfg.httpTimeoutSecs;
RUST_LOG = "info";
};
script = ''
export NOISEBELL_CACHE_INBOUND_API_KEY="$(cat ${cfg.inboundApiKeyFile})"
export NOISEBELL_CACHE_PI_API_KEY="$(cat ${cfg.piApiKeyFile})"
${webhookExports}
exec ${bin}
'';
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = 5;
User = "noisebell-cache";
Group = "noisebell-cache";
StateDirectory = "noisebell-cache";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
ReadWritePaths = [ cfg.dataDir ];
};
};
};
};
# ── Discord module ────────────────────────────────────────────────
discordModule = { config, lib, pkgs, ... }:
let cfg = config.services.noisebell-discord; in
{
options.services.noisebell-discord = {
enable = lib.mkEnableOption "noisebell Discord bot";
domain = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; default = 3001; };
discordTokenFile = lib.mkOption { type = lib.types.path; };
channelId = lib.mkOption { type = lib.types.str; };
webhookSecretFile = lib.mkOption { type = lib.types.path; };
};
config = lib.mkIf cfg.enable {
users.users.noisebell-discord = { isSystemUser = true; group = "noisebell-discord"; };
users.groups.noisebell-discord = {};
services.caddy.virtualHosts."${cfg.domain}".extraConfig = ''
reverse_proxy localhost:${toString cfg.port}
'';
systemd.services.noisebell-discord = let
bin = "${noisebell-discord.packages.x86_64-linux.default}/bin/noisebell-discord";
in {
description = "Noisebell Discord bot";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
environment = {
NOISEBELL_DISCORD_PORT = toString cfg.port;
NOISEBELL_DISCORD_CHANNEL_ID = cfg.channelId;
RUST_LOG = "info";
};
script = ''
export NOISEBELL_DISCORD_TOKEN="$(cat ${cfg.discordTokenFile})"
export NOISEBELL_DISCORD_WEBHOOK_SECRET="$(cat ${cfg.webhookSecretFile})"
exec ${bin}
'';
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = 5;
User = "noisebell-discord";
Group = "noisebell-discord";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
};
};
};
};
# ── RSS module ────────────────────────────────────────────────────
rssModule = { config, lib, pkgs, ... }:
let cfg = config.services.noisebell-rss; in
{
options.services.noisebell-rss = {
enable = lib.mkEnableOption "noisebell RSS/Atom feed";
domain = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; default = 3002; };
webhookSecretFile = lib.mkOption { type = lib.types.path; };
dataDir = lib.mkOption { type = lib.types.str; default = "/var/lib/noisebell-rss"; };
};
config = lib.mkIf cfg.enable {
users.users.noisebell-rss = { isSystemUser = true; group = "noisebell-rss"; };
users.groups.noisebell-rss = {};
services.caddy.virtualHosts."${cfg.domain}".extraConfig = ''
reverse_proxy localhost:${toString cfg.port}
'';
systemd.services.noisebell-rss = let
bin = "${noisebell-rss.packages.x86_64-linux.default}/bin/noisebell-rss";
in {
description = "Noisebell RSS/Atom feed";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
environment = {
NOISEBELL_RSS_PORT = toString cfg.port;
NOISEBELL_RSS_DATA_DIR = cfg.dataDir;
NOISEBELL_RSS_SITE_URL = "https://${cfg.domain}";
RUST_LOG = "info";
};
script = ''
export NOISEBELL_RSS_WEBHOOK_SECRET="$(cat ${cfg.webhookSecretFile})"
exec ${bin}
'';
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = 5;
User = "noisebell-rss";
Group = "noisebell-rss";
StateDirectory = "noisebell-rss";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
ReadWritePaths = [ cfg.dataDir ];
};
};
};
};
in
{
nixosModules = {
cache = cacheModule;
discord = discordModule;
rss = rssModule;
};
nixosConfigurations.remote = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
agenix.nixosModules.default
cacheModule
discordModule
rssModule
./configuration.nix
./hardware-configuration.nix
];
};
};
}

13
remote/hardware-configuration.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.devices = [ "/dev/sda" ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
}

813
remote/rss-service/Cargo.lock generated Normal file
View file

@ -0,0 +1,813 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "aho-corasick"
version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
dependencies = [
"memchr",
]
[[package]]
name = "anyhow"
version = "1.0.102"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
[[package]]
name = "atomic-waker"
version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "axum"
version = "0.8.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
dependencies = [
"axum-core",
"bytes",
"form_urlencoded",
"futures-util",
"http",
"http-body",
"http-body-util",
"hyper",
"hyper-util",
"itoa",
"matchit",
"memchr",
"mime",
"percent-encoding",
"pin-project-lite",
"serde_core",
"serde_json",
"serde_path_to_error",
"serde_urlencoded",
"sync_wrapper",
"tokio",
"tower",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "axum-core"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1"
dependencies = [
"bytes",
"futures-core",
"http",
"http-body",
"http-body-util",
"mime",
"pin-project-lite",
"sync_wrapper",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "bitflags"
version = "2.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af"
[[package]]
name = "bytes"
version = "1.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
[[package]]
name = "cc"
version = "1.2.56"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2"
dependencies = [
"find-msvc-tools",
"shlex",
]
[[package]]
name = "cfg-if"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "deranged"
version = "0.5.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
dependencies = [
"powerfmt",
]
[[package]]
name = "errno"
version = "0.3.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
dependencies = [
"libc",
"windows-sys",
]
[[package]]
name = "fallible-iterator"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649"
[[package]]
name = "fallible-streaming-iterator"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a"
[[package]]
name = "find-msvc-tools"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
[[package]]
name = "foldhash"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
[[package]]
name = "form_urlencoded"
version = "1.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
dependencies = [
"percent-encoding",
]
[[package]]
name = "futures-channel"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
dependencies = [
"futures-core",
]
[[package]]
name = "futures-core"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
[[package]]
name = "futures-task"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
[[package]]
name = "futures-util"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
dependencies = [
"futures-core",
"futures-task",
"pin-project-lite",
"slab",
]
[[package]]
name = "hashbrown"
version = "0.15.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
dependencies = [
"foldhash",
]
[[package]]
name = "hashlink"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1"
dependencies = [
"hashbrown",
]
[[package]]
name = "http"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a"
dependencies = [
"bytes",
"itoa",
]
[[package]]
name = "http-body"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
dependencies = [
"bytes",
"http",
]
[[package]]
name = "http-body-util"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
dependencies = [
"bytes",
"futures-core",
"http",
"http-body",
"pin-project-lite",
]
[[package]]
name = "httparse"
version = "1.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
[[package]]
name = "httpdate"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
[[package]]
name = "hyper"
version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
dependencies = [
"atomic-waker",
"bytes",
"futures-channel",
"futures-core",
"http",
"http-body",
"httparse",
"httpdate",
"itoa",
"pin-project-lite",
"pin-utils",
"smallvec",
"tokio",
]
[[package]]
name = "hyper-util"
version = "0.1.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
dependencies = [
"bytes",
"http",
"http-body",
"hyper",
"pin-project-lite",
"tokio",
"tower-service",
]
[[package]]
name = "itoa"
version = "1.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
[[package]]
name = "lazy_static"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
[[package]]
name = "libc"
version = "0.2.183"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d"
[[package]]
name = "libsqlite3-sys"
version = "0.31.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ad8935b44e7c13394a179a438e0cebba0fe08fe01b54f152e29a93b5cf993fd4"
dependencies = [
"cc",
"pkg-config",
"vcpkg",
]
[[package]]
name = "log"
version = "0.4.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
[[package]]
name = "matchers"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
dependencies = [
"regex-automata",
]
[[package]]
name = "matchit"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
[[package]]
name = "memchr"
version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
[[package]]
name = "mime"
version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
[[package]]
name = "mio"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc"
dependencies = [
"libc",
"wasi",
"windows-sys",
]
[[package]]
name = "noisebell-rss"
version = "0.1.0"
dependencies = [
"anyhow",
"axum",
"rusqlite",
"serde",
"serde_json",
"time",
"tokio",
"tracing",
"tracing-subscriber",
]
[[package]]
name = "nu-ansi-term"
version = "0.50.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
dependencies = [
"windows-sys",
]
[[package]]
name = "num-conv"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
[[package]]
name = "once_cell"
version = "1.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
[[package]]
name = "percent-encoding"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
[[package]]
name = "pin-project-lite"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"
[[package]]
name = "pin-utils"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "pkg-config"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
[[package]]
name = "powerfmt"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
[[package]]
name = "proc-macro2"
version = "1.0.106"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
dependencies = [
"proc-macro2",
]
[[package]]
name = "regex-automata"
version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.8.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
[[package]]
name = "rusqlite"
version = "0.33.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c6d5e5acb6f6129fe3f7ba0a7fc77bca1942cb568535e18e7bc40262baf3110"
dependencies = [
"bitflags",
"fallible-iterator",
"fallible-streaming-iterator",
"hashlink",
"libsqlite3-sys",
"smallvec",
]
[[package]]
name = "ryu"
version = "1.0.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
[[package]]
name = "serde"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
dependencies = [
"serde_core",
"serde_derive",
]
[[package]]
name = "serde_core"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "serde_json"
version = "1.0.149"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
dependencies = [
"itoa",
"memchr",
"serde",
"serde_core",
"zmij",
]
[[package]]
name = "serde_path_to_error"
version = "0.1.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
dependencies = [
"itoa",
"serde",
"serde_core",
]
[[package]]
name = "serde_urlencoded"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
dependencies = [
"form_urlencoded",
"itoa",
"ryu",
"serde",
]
[[package]]
name = "sharded-slab"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
dependencies = [
"lazy_static",
]
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "signal-hook-registry"
version = "1.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
dependencies = [
"errno",
"libc",
]
[[package]]
name = "slab"
version = "0.4.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
[[package]]
name = "smallvec"
version = "1.15.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
[[package]]
name = "socket2"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
dependencies = [
"libc",
"windows-sys",
]
[[package]]
name = "syn"
version = "2.0.117"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "sync_wrapper"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
[[package]]
name = "thread_local"
version = "1.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185"
dependencies = [
"cfg-if",
]
[[package]]
name = "time"
version = "0.3.47"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
dependencies = [
"deranged",
"itoa",
"num-conv",
"powerfmt",
"serde_core",
"time-core",
"time-macros",
]
[[package]]
name = "time-core"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
[[package]]
name = "time-macros"
version = "0.2.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
dependencies = [
"num-conv",
"time-core",
]
[[package]]
name = "tokio"
version = "1.50.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d"
dependencies = [
"libc",
"mio",
"pin-project-lite",
"signal-hook-registry",
"socket2",
"tokio-macros",
"windows-sys",
]
[[package]]
name = "tokio-macros"
version = "2.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tower"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
dependencies = [
"futures-core",
"futures-util",
"pin-project-lite",
"sync_wrapper",
"tokio",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "tower-layer"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
[[package]]
name = "tower-service"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
[[package]]
name = "tracing"
version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
dependencies = [
"log",
"pin-project-lite",
"tracing-attributes",
"tracing-core",
]
[[package]]
name = "tracing-attributes"
version = "0.1.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tracing-core"
version = "0.1.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
dependencies = [
"once_cell",
"valuable",
]
[[package]]
name = "tracing-log"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
dependencies = [
"log",
"once_cell",
"tracing-core",
]
[[package]]
name = "tracing-subscriber"
version = "0.3.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
dependencies = [
"matchers",
"nu-ansi-term",
"once_cell",
"regex-automata",
"sharded-slab",
"smallvec",
"thread_local",
"tracing",
"tracing-core",
"tracing-log",
]
[[package]]
name = "unicode-ident"
version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
[[package]]
name = "valuable"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]]
name = "wasi"
version = "0.11.1+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
[[package]]
name = "windows-link"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]]
name = "windows-sys"
version = "0.61.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
dependencies = [
"windows-link",
]
[[package]]
name = "zmij"
version = "1.0.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"

15
remote/rss-service/Cargo.toml Normal file
View file

@ -0,0 +1,15 @@
[package]
name = "noisebell-rss"
version = "0.1.0"
edition = "2021"
[dependencies]
anyhow = "1.0"
axum = "0.8"
rusqlite = { version = "0.33", features = ["bundled"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
time = { version = "0.3", features = ["formatting"] }
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "sync", "signal"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

45
remote/rss-service/flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "Noisebell - RSS/Atom feed service";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
crane.url = "github:ipetkov/crane";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, crane, rust-overlay }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
overlays = [ rust-overlay.overlays.default ];
};
rustToolchain = pkgs.rust-bin.stable.latest.default;
craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
src = craneLib.cleanCargoSource ./.;
commonArgs = {
inherit src;
strictDeps = true;
doCheck = false;
};
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
noisebell-rss = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
in
{
packages.${system}.default = noisebell-rss;
devShells.${system}.default = craneLib.devShell {
packages = [ pkgs.rust-analyzer ];
};
};
}

236
remote/rss-service/src/main.rs Normal file
View file

@ -0,0 +1,236 @@
use std::sync::Arc;
use anyhow::{Context, Result};
use axum::extract::{Query, State};
use axum::http::{HeaderMap, StatusCode, header};
use axum::response::IntoResponse;
use axum::routing::{get, post};
use axum::{Json, Router};
use rusqlite::Connection;
use serde::Deserialize;
use tokio::sync::Mutex;
use tracing::{error, info};
struct AppState {
db: Arc<Mutex<Connection>>,
webhook_secret: String,
site_url: String,
}
#[derive(Deserialize)]
struct WebhookPayload {
status: String,
timestamp: u64,
}
#[derive(Deserialize)]
struct FeedQuery {
limit: Option<u32>,
}
fn unix_to_rfc3339(ts: u64) -> String {
let dt = time::OffsetDateTime::from_unix_timestamp(ts as i64).unwrap_or(time::OffsetDateTime::UNIX_EPOCH);
dt.format(&time::format_description::well_known::Rfc3339).unwrap_or_else(|_| "1970-01-01T00:00:00Z".to_string())
}
fn status_description(status: &str) -> &str {
match status {
"open" => "The door at Noisebridge is open.",
"closed" => "The door at Noisebridge is closed.",
"offline" => "The Noisebridge Pi is offline.",
_ => "Unknown status.",
}
}
fn status_title(status: &str) -> &str {
match status {
"open" => "Door is open",
"closed" => "Door is closed",
"offline" => "Pi is offline",
_ => "Unknown",
}
}
fn validate_bearer(headers: &HeaderMap, expected: &str) -> bool {
headers
.get("authorization")
.and_then(|v| v.to_str().ok())
.map(|v| v.strip_prefix("Bearer ").unwrap_or("") == expected)
.unwrap_or(false)
}
fn init_db(path: &str) -> Result<Connection> {
let conn = Connection::open(path).context("failed to open SQLite database")?;
conn.execute_batch(
"CREATE TABLE IF NOT EXISTS events (
id INTEGER PRIMARY KEY AUTOINCREMENT,
status TEXT NOT NULL,
timestamp INTEGER NOT NULL,
received_at INTEGER NOT NULL
);",
)
.context("failed to initialize database schema")?;
Ok(conn)
}
fn unix_now() -> u64 {
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs()
}
async fn post_webhook(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
Json(body): Json<WebhookPayload>,
) -> StatusCode {
if !validate_bearer(&headers, &state.webhook_secret) {
return StatusCode::UNAUTHORIZED;
}
let now = unix_now();
let conn = state.db.lock().await;
match conn.execute(
"INSERT INTO events (status, timestamp, received_at) VALUES (?1, ?2, ?3)",
rusqlite::params![body.status, body.timestamp, now],
) {
Ok(_) => {
info!(status = %body.status, timestamp = body.timestamp, "event recorded");
StatusCode::OK
}
Err(e) => {
error!(error = %e, "failed to insert event");
StatusCode::INTERNAL_SERVER_ERROR
}
}
}
async fn get_feed(
State(state): State<Arc<AppState>>,
Query(query): Query<FeedQuery>,
) -> impl IntoResponse {
let limit = query.limit.unwrap_or(50);
let conn = state.db.lock().await;
let mut stmt = match conn.prepare(
"SELECT status, timestamp FROM events ORDER BY id DESC LIMIT ?1",
) {
Ok(s) => s,
Err(e) => {
error!(error = %e, "failed to prepare query");
return (StatusCode::INTERNAL_SERVER_ERROR, "internal error").into_response();
}
};
let entries: Vec<(String, u64)> = match stmt
.query_map(rusqlite::params![limit], |row| {
Ok((row.get::<_, String>(0)?, row.get::<_, u64>(1)?))
}) {
Ok(rows) => rows.filter_map(|r| r.ok()).collect(),
Err(e) => {
error!(error = %e, "failed to query events");
return (StatusCode::INTERNAL_SERVER_ERROR, "internal error").into_response();
}
};
let updated = entries
.first()
.map(|(_, ts)| unix_to_rfc3339(*ts))
.unwrap_or_else(|| unix_to_rfc3339(unix_now()));
let mut xml = format!(
r#"<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Noisebell Door Status</title>
<link href="{site_url}/feed" rel="self"/>
<link href="{site_url}" rel="alternate"/>
<id>urn:noisebell:door-status</id>
<updated>{updated}</updated>
"#,
site_url = state.site_url,
updated = updated,
);
for (status, timestamp) in &entries {
let ts_rfc = unix_to_rfc3339(*timestamp);
xml.push_str(&format!(
r#" <entry>
<title>{title}</title>
<id>urn:noisebell:event:{timestamp}</id>
<updated>{ts}</updated>
<content type="text">{description}</content>
</entry>
"#,
title = status_title(status),
timestamp = timestamp,
ts = ts_rfc,
description = status_description(status),
));
}
xml.push_str("</feed>\n");
(
StatusCode::OK,
[(header::CONTENT_TYPE, "application/atom+xml; charset=utf-8")],
xml,
)
.into_response()
}
#[tokio::main]
async fn main() -> Result<()> {
tracing_subscriber::fmt()
.with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
.init();
let port: u16 = std::env::var("NOISEBELL_RSS_PORT")
.unwrap_or_else(|_| "3002".into())
.parse()
.context("NOISEBELL_RSS_PORT must be a valid u16")?;
let webhook_secret = std::env::var("NOISEBELL_RSS_WEBHOOK_SECRET")
.context("NOISEBELL_RSS_WEBHOOK_SECRET is required")?;
let data_dir =
std::env::var("NOISEBELL_RSS_DATA_DIR").unwrap_or_else(|_| "/var/lib/noisebell-rss".into());
let site_url = std::env::var("NOISEBELL_RSS_SITE_URL")
.unwrap_or_else(|_| format!("https://rss.noisebell.extremist.software"));
info!(port, "starting noisebell-rss");
let db_path = format!("{data_dir}/rss.db");
let conn = init_db(&db_path)?;
let db = Arc::new(Mutex::new(conn));
let app_state = Arc::new(AppState {
db,
webhook_secret,
site_url,
});
let app = Router::new()
.route("/webhook", post(post_webhook))
.route("/feed", get(get_feed))
.with_state(app_state);
let listener = tokio::net::TcpListener::bind(("0.0.0.0", port))
.await
.context(format!("failed to bind to 0.0.0.0:{port}"))?;
info!(port, "listening");
let mut sigterm = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())
.context("failed to register SIGTERM handler")?;
axum::serve(listener, app)
.with_graceful_shutdown(async move {
sigterm.recv().await;
})
.await
.context("server error")?;
info!("shutdown complete");
Ok(())
}

10
remote/secrets/secrets.nix Normal file
View file

@ -0,0 +1,10 @@
let
remote = "ssh-ed25519 AAAA..."; # Remote server's SSH host public key
in
{
"pi-api-key.age".publicKeys = [ remote ];
"pi-inbound-api-key.age".publicKeys = [ remote ];
"discord-token.age".publicKeys = [ remote ];
"discord-webhook-secret.age".publicKeys = [ remote ];
"rss-webhook-secret.age".publicKeys = [ remote ];
}