diff --git a/hosts/glyph/secrets/pushover-app-token.age b/hosts/glyph/secrets/pushover-app-token.age deleted file mode 100644 index cd56f42f..00000000 --- a/hosts/glyph/secrets/pushover-app-token.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rSr+rA DFhqDiFW44RqMF1tYITw+SRh1z9n2U86kDwmGE/LRiE -I/svO6AIKzxWEmTTiDfcermHSk+lX6r0Q9zKGm/Hj54 --> ssh-ed25519 3EWhnQ FvqdgY7RJ4dLrKPhq2b/Bq/etmyfiUHmN+AWjvKH6lE -Yuj7ChgnBlBIpkgVWBZ6LvobIvj39oGAbddp2c/muc4 ---- piuZZ76hH8VjCFW58QRXUAbVyPOjuvrMWtwIydOjxrM -^]Lcmʦ$O"5ѻ;Nib hc5l\̥ H'Yà6 \ No newline at end of file diff --git a/hosts/glyph/secrets/pushover-user-token.age b/hosts/glyph/secrets/pushover-user-token.age deleted file mode 100644 index b89c3cef..00000000 Binary files a/hosts/glyph/secrets/pushover-user-token.age and /dev/null differ diff --git a/hosts/glyph/secrets/slack-bot-token.age b/hosts/glyph/secrets/slack-bot-token.age new file mode 100644 index 00000000..3f0364b9 Binary files /dev/null and b/hosts/glyph/secrets/slack-bot-token.age differ diff --git a/hosts/glyph/services/default.nix b/hosts/glyph/services/default.nix index ac1081b7..36b674c9 100644 --- a/hosts/glyph/services/default.nix +++ b/hosts/glyph/services/default.nix @@ -13,6 +13,7 @@ ./jellyfin.nix ./loki.nix ./nfs.nix + ./ntfy.nix ./open-terminal.nix ./open-webui.nix ./prometheus.nix diff --git a/hosts/glyph/services/ntfy.nix b/hosts/glyph/services/ntfy.nix new file mode 100644 index 00000000..b7926807 --- /dev/null +++ b/hosts/glyph/services/ntfy.nix @@ -0,0 +1,70 @@ +{ + config, + pkgs, + ... +}: let + ntfyUrl = "http://127.0.0.1:2586"; + ntfyTopic = "notifications"; + slackChannel = "#updates"; + + ntfyToSlack = pkgs.writeShellScript "ntfy-to-slack" '' + SLACK_TOKEN=$(cat ${config.age.secrets.slack-bot-token.path}) + TITLE="''${NTFY_TITLE:-Homelab}" + ICON=":''${NTFY_TAGS%%,*}:" + + ${pkgs.curl}/bin/curl -s -X POST \ + "https://slack.com/api/chat.postMessage" \ + -H "Authorization: Bearer $SLACK_TOKEN" \ + -H "Content-Type: application/json" \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg channel "${slackChannel}" \ + --arg username "$TITLE" \ + --arg icon_emoji "$ICON" \ + --arg text "$NTFY_MESSAGE" \ + '{channel: $channel, username: $username, icon_emoji: $icon_emoji, text: $text}')" + ''; +in { + age.secrets.slack-bot-token = { + file = ./../secrets/slack-bot-token.age; + mode = "440"; + owner = config.services.ntfy-sh.user; + inherit (config.services.ntfy-sh) group; + }; + + services.ntfy-sh = { + enable = true; + settings = { + base-url = "http://glyph:2586"; + listen-http = "127.0.0.1:2586"; + }; + }; + + systemd.services.ntfy-slack-relay = { + description = "Forward ntfy notifications to Slack"; + after = ["ntfy-sh.service" "network.target"]; + requires = ["ntfy-sh.service"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + User = config.services.ntfy-sh.user; + Group = config.services.ntfy-sh.group; + Restart = "on-failure"; + RestartSec = "10s"; + }; + script = '' + set -o pipefail + ${pkgs.curl}/bin/curl -sN "${ntfyUrl}/${ntfyTopic}/json" | \ + while IFS= read -r event; do + event_type=$(${pkgs.jq}/bin/jq -r '.event // "message"' <<< "$event") + [ "$event_type" != "message" ] && continue + + NTFY_MESSAGE=$(${pkgs.jq}/bin/jq -r '.message // empty' <<< "$event") + NTFY_TITLE=$(${pkgs.jq}/bin/jq -r '.title // "Homelab"' <<< "$event") + NTFY_TAGS=$(${pkgs.jq}/bin/jq -r '.tags // [] | join(",")' <<< "$event") + [ -z "$NTFY_MESSAGE" ] && continue + + export NTFY_MESSAGE NTFY_TITLE NTFY_TAGS + ${ntfyToSlack} + done + ''; + }; +} diff --git a/hosts/glyph/services/torrents.nix b/hosts/glyph/services/torrents.nix index 8075ca12..0eec1197 100644 --- a/hosts/glyph/services/torrents.nix +++ b/hosts/glyph/services/torrents.nix @@ -4,20 +4,6 @@ pkgs-stable-24-05, ... }: { - age.secrets.pushover-user-token = { - file = ./../secrets/pushover-user-token.age; - mode = "550"; - owner = config.services.transmission.user; - inherit (config.services.transmission) group; - }; - - age.secrets.pushover-app-token = { - file = ./../secrets/pushover-app-token.age; - mode = "550"; - owner = config.services.transmission.user; - inherit (config.services.transmission) group; - }; - services.transmission = { enable = true; package = pkgs-stable-24-05.transmission_4; @@ -30,26 +16,11 @@ rpc-whitelist-enabled = false; script-torrent-done-enabled = true; script-torrent-done-filename = pkgs.writeShellScript "torrent-done.sh" '' - TOKEN_USER=$(cat ${config.age.secrets.pushover-user-token.path}); - TOKEN_APP=$(cat ${config.age.secrets.pushover-app-token.path}); - MESSAGE="$TR_TORRENT_NAME finished downloading."; - - PRIORITY=0; - SOUND="tugboat"; - TITLE="Download complete"; - - TIMESTAMP=$(date +%s); - - curl -s --form-string "token=$TOKEN_APP" \ - --form-string "user=$TOKEN_USER" \ - --form-string "timestamp=$TIMESTAMP" \ - --form-string "priority=$PRIORITY" \ - --form-string "sound=$SOUND" \ - --form-string "title=$TITLE" \ - --form-string "message=$MESSAGE" \ - --form-string "url=https://torrents.zx.dev" \ - --form-string "url_title=View torrents" \ - https://api.pushover.net/1/messages.json + curl -s \ + -H "Title: Transmission" \ + -H "Tags: transmissionic" \ + -d "*$TR_TORRENT_NAME* finished downloading. " \ + http://127.0.0.1:2586/notifications # Copy .mkv files to Unsorted for Jellyfin UNSORTED="/mnt/media/Unsorted" diff --git a/lib/secrets/glyph.nix b/lib/secrets/glyph.nix index a178af8c..f72fe182 100644 --- a/lib/secrets/glyph.nix +++ b/lib/secrets/glyph.nix @@ -2,8 +2,7 @@ let keys = with (import ../keys.nix); [glyph Rhizome]; in { "hosts/glyph/secrets/filebrowser-env.age".publicKeys = keys; - "hosts/glyph/secrets/pushover-app-token.age".publicKeys = keys; - "hosts/glyph/secrets/pushover-user-token.age".publicKeys = keys; + "hosts/glyph/secrets/slack-bot-token.age".publicKeys = keys; "hosts/glyph/secrets/kagi-api-key.age".publicKeys = keys; "hosts/glyph/secrets/context7-api-key.age".publicKeys = keys; "hosts/glyph/secrets/open-terminal-env.age".publicKeys = keys;