Skip to content

Commit

Permalink
~
Browse files Browse the repository at this point in the history
  • Loading branch information
@oluceps
oluceps committed Mar 18, 2024
1 parent f9c2c27 commit 492e5cd
Show file tree
Hide file tree
Showing 8 changed files with 116 additions and 118 deletions.
61 changes: 31 additions & 30 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@
url = "github:oluceps/nyx";
};
factorio-manager = {
url = "github:asoul-rec/factorio-manager";
url = "github:asoul-rec/factorio-manager/x";
# url = "github:oluceps/nyx";
inputs.nixpkgs.follows = "nixpkgs";
};
Expand Down
36 changes: 36 additions & 0 deletions fn/alert.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import { Application, Router, RouterContext } from "https://deno.land/x/oak/mod.ts";

const router = new Router();

router
.post("/api/v2/alerts", async (ctx: RouterContext) => {
let body = await ctx.request.body;;
let alerts = await (await body).json();
for (const alert of alerts) {
if ((new Date() - new Date(alert.startsAt)) / 1000 > 300) {
continue;
}
let msg = '\n' + Array
.from(Object.entries(alert.labels), ([k, v]) => `${k}: ${v}`)
.join("\n");

console.log(msg);
await fetch(Deno.env.get("TOPIC"), {
method: "POST",
headers: {
"tags": "red_circle",
"prio": "high",
},
body: msg,
});

}
ctx.response.status = 200;
});

await new Application()
.use(router.routes())
.listen({
hostname: "127.0.0.1",
port: parseInt(Deno.env.get("PORT") as string),
});
7 changes: 3 additions & 4 deletions hosts/colour/spec.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,15 @@
]
(n: importService n)
) // {

juicity.instances = [{
name = "only";
credentials = [
"key:${config.age.secrets."nyaw.key".path}"
"cert:${config.age.secrets."nyaw.cert".path}"
];
serve = {
enable = true;
port = 23180;
};
serve = true;
openFirewall = 23180;
configFile = config.age.secrets.juic-san.path;
}];
hysteria.instances = [
Expand Down
17 changes: 3 additions & 14 deletions hosts/nodens/spec.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,21 +188,10 @@
"key:${config.age.secrets."nyaw.key".path}"
"cert:${config.age.secrets."nyaw.cert".path}"
];
serve = {
enable = true;
port = 23180;
};
serve = true;
openFirewall = 23180;
configFile = config.age.secrets.juic-san.path;
}
# {
# name = "onl1";
# serve = {
# enable = true;
# port = 23181;
# };
# configFile = config.age.secrets.juic-san.path;
# }
];
}];

hysteria.instances = [
{
Expand Down
11 changes: 7 additions & 4 deletions hosts/yidhra/spec.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,15 @@
]
(n: importService n)
) // {

juicity.instances = [{
name = "only";
serve = {
enable = true;
port = 23180;
};
credentials = [
"key:${config.age.secrets."nyaw.key".path}"
"cert:${config.age.secrets."nyaw.cert".path}"
];
serve = true;
openFirewall = 23180;
configFile = config.age.secrets.juic-san.path;
}];
rustypaste = {
Expand Down
60 changes: 34 additions & 26 deletions modules/juicity.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,29 +8,37 @@ let
cfg = config.services.juicity;
in
{
disabledModules = [ "services/networking/juicity.nix" ];
meta = {
maintainers = with lib.maintainers; [ oluceps ];
};

options.services.juicity = {
instances = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption { type = types.str; };
name = mkOption {
type = types.str;
description = "juicity instance name";
};
package = mkPackageOption pkgs "juicity" { };
credentials = mkOption { type = types.listOf types.str; default = [ ]; };
serve = mkOption {
type = types.submodule {
options = {
enable = mkEnableOption (lib.mdDoc "server");
port = mkOption { type = types.port; };
};
};
default = {
enable = false;
port = 0;
};
credentials = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Load extra credentials.
Could be written as systemd `LoadCredentials` format e.g.
`["key:/etc/juicity-key"]` and access in config with
`/run/credentials/juicity-$\{name}.service/key`
'';
};
openFirewall = mkOption {
type = with types; nullOr port;
default = null;
};
serve = mkEnableOption "Use `juicity-server` instead of `juicity-client`";
configFile = mkOption {
type = types.str;
default = "/none";
default = "/etc/juicity/server.json";
};
};
});
Expand All @@ -41,33 +49,33 @@ in
config =
mkIf (cfg.instances != [ ])
{

environment.systemPackages = lib.unique (lib.foldr
(s: acc: acc ++ [ s.package ]) [ ]
cfg.instances);


networking.firewall =
(lib.foldr
(s: acc: acc // {
allowedUDPPorts = mkIf s.serve.enable [ s.serve.port ];
})
{ }
cfg.instances);
networking.firewall.allowedUDPPorts =
lib.foldr
(s: acc: acc ++
(lib.optional (s.openFirewall != null) s.openFirewall)) [ ]
cfg.instances;

systemd.services = lib.foldr
(s: acc: acc // {
"juicity-${s.name}" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network.target" "nss-lookup.target" ];
description = "juicity daemon";
serviceConfig =
let binSuffix = if s.serve.enable then "server" else "client"; in {
let binSuffix = if s.serve then "server" else "client"; in {
Type = "simple";
DynamicUser = true;
ExecStart = "${s.package}/bin/juicity-${binSuffix} run -c $\{CREDENTIALS_DIRECTORY}/config";
LoadCredential = [ "config:${s.configFile}" ] ++ s.credentials;
AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW" ];
CapabilityBoundingSet = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW" ];
LimitNPROC = 512;
LimitNOFILE = "infinity";
Restart = "on-failure";
};
};
Expand Down
Loading

0 comments on commit 492e5cd

Please sign in to comment.