summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/shack/prometheus/irc-hooks.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-04-16 11:53:14 +0200
committermakefu <github@syntax-fehler.de>2023-04-16 11:53:14 +0200
commitd8de7ad7063d6a2028e8dc40771f89af216fbfaf (patch)
treea68a91ac8607a9b9709d5f5109214c8f31468c3f /krebs/2configs/shack/prometheus/irc-hooks.nix
parent6e44c39fe0946d29436766c49ee73de6c69191c8 (diff)
k shack/alerting: prepare irc-alerts for binaergewitter
Diffstat (limited to 'krebs/2configs/shack/prometheus/irc-hooks.nix')
-rw-r--r--krebs/2configs/shack/prometheus/irc-hooks.nix59
1 files changed, 59 insertions, 0 deletions
diff --git a/krebs/2configs/shack/prometheus/irc-hooks.nix b/krebs/2configs/shack/prometheus/irc-hooks.nix
new file mode 100644
index 000000000..07bb2423b
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/irc-hooks.nix
@@ -0,0 +1,59 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
+ irc-alerts = pkgs.writers.writePython3 "irc-alerts" {
+ flakeIgnore = [ "E501" ];
+ } (builtins.readFile ./irc-alerts.py);
+ endpoints = {
+ binaergewitter = {
+ url = "irc+tls://puyak-alerts@irc.libera.chat:6697/#binaergewitter-alerts";
+ port = 9223;
+ };
+ };
+in
+{
+ systemd.sockets =
+ lib.mapAttrs'
+ (name: opts:
+ lib.nameValuePair "irc-alerts-${name}" {
+ description = "Receive http hook and send irc message for ${name}";
+ wantedBy = [ "sockets.target" ];
+ listenStreams = [ "[::]:${builtins.toString opts.port}" ];
+ }) endpoints;
+
+ systemd.services =
+ lib.mapAttrs'
+ (name: opts:
+ let
+ serviceName = "irc-alerts-${name}";
+ hasPassword = opts.passwordFile or null != null;
+ in
+ lib.nameValuePair serviceName {
+ description = "Receive http hook and send irc message for ${name}";
+ requires = [ "irc-alerts-${name}.socket" ];
+ serviceConfig =
+ {
+ Environment =
+ [
+ "IRC_URL=${opts.url}"
+ "DEBUG=y"
+ ]
+ ++ lib.optional hasPassword "IRC_PASSWORD_FILE=/run/${serviceName}/password";
+ DynamicUser = true;
+ User = serviceName;
+ ExecStart = irc-alerts;
+ }
+ // lib.optionalAttrs hasPassword {
+ PermissionsStartOnly = true;
+ ExecStartPre =
+ "${pkgs.coreutils}/bin/install -m400 "
+ + "-o ${serviceName} -g ${serviceName} "
+ + "${config.sops.secrets.prometheus-irc-password.path} "
+ + "/run/${serviceName}/password";
+ RuntimeDirectory = serviceName;
+ };
+ }) endpoints;
+}