| .. | ||
| cache-service | ||
| discord-bot | ||
| noisebell-common | ||
| hosted-module.nix | ||
| README.md | ||
Remote Services
Cargo workspace with the server-side pieces of Noisebell. Runs on any Linux box.
| Service | Port | What it does |
|---|---|---|
cache-service/ |
3000 | Polls the Pi, stores the latest state in SQLite, fans out webhooks |
discord-bot/ |
3001 | Posts door status to a Discord channel |
noisebell-common/ |
— | Shared types and helpers |
See each service's README for configuration and API docs.
Building
cargo build --release
Or with Nix:
nix build .#noisebell-cache
nix build .#noisebell-discord
NixOS deployment
The flake exports a NixOS module for the hosted remote machine. It imports agenix, declares the Noisebell secrets from secrets/*.age, and wires the cache and Discord services together with sensible defaults. Each service runs as a hardened systemd unit behind Caddy.
{
inputs.noisebell.url = "git+https://git.extremist.software/jet/noisebell";
outputs = { self, nixpkgs, noisebell, ... }: {
nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
noisebell.nixosModules.default
({ ... }: {
services.noisebell-cache = {
enable = true;
domain = "cache.noisebell.example.com";
piAddress = "http://noisebell-pi:80";
};
services.noisebell-discord = {
enable = true;
domain = "discord.noisebell.example.com";
channelId = "123456789012345678";
};
})
];
};
};
}
nixosModules.default handles these secrets automatically:
| Secret file | Deployed on | Used for |
|---|---|---|
secrets/pi-to-cache-key.age |
Pi + remote | Pi authenticates to cache /webhook |
secrets/cache-to-pi-key.age |
Pi + remote | cache authenticates to Pi GET endpoints |
secrets/discord-webhook-secret.age |
remote | cache authenticates to Discord bot /webhook |
secrets/discord-token.age |
remote | Discord bot login |
When extremist-software builds a system using the Noisebell flake input, Nix uses the checked-out flake source for that input. The module points agenix at encrypted files inside that Noisebell source tree, such as ${inputs.noisebell}/secrets/discord-token.age. At activation time agenix decrypts them locally on the target host into runtime paths like /run/agenix/noisebell-discord-token. The service modules then read those local decrypted files when systemd starts them.