notify: initial add of notify module

2025-03-10 13:01:42 +01:00 · 2025-03-10 13:01:42 +01:00 · 46393fa8c8
commit 46393fa8c8
parent 1afb86677b
1 changed files with 86 additions and 0 deletions
--- a/machines/gerd/services/notify/default.nix
+++ b/machines/gerd/services/notify/default.nix
@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+let
+  svc_domain = "notify.${config.mine.shared.settings.domain}";
+  port = 5055;
+  ldap_user = "notification";
+
+  stateDirName = "notify";
+  stateDir = "/var/lib/${stateDirName}";
+in {
+  systemd.services.notifify = {
+    description = "notifications for members";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "networking.target" ];
+
+    environment = {
+      NOTIFIER_URL = "https://${svc_domain}";
+      NOTIFIER_PORT = builtins.toString port;
+
+      NOTIFIER_DATABASE_PATH = "${stateDir}/notify.db";
+
+      # NOTIFIER_MATRIX_BOT_TOKEN = "";
+      NOTIFIER_MATRIX_HOST = config.mine.shared.settings.matrix-synapse.domain;
+
+      NOTIFIER_PROXY_AUTH_USERNAME_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
+
+      NOTIFIER_MAIL_USERNAME = ldap_user;
+      # NOTIFIER_MAIL_PASSWORD = "";
+      NOTIFIER_MAIL_DOMAIN = config.mine.shared.settings.domain;
+      NOTIFIER_MAIL_HOST = config.mine.shared.settings.mail.domain;
+      NOTIFIER_MAIL_PORT = builtins.toString config.mine.shared.settings.mail.ports.submissions;
+    };
+
+    serviceConfig = {
+      EnvironmentFile = [ config.age.secrets.notify-env.path ];
+
+      StateDirectory = stateDirName;
+
+      DynamicUser = true;
+
+      ExecStart = let
+        pythonEnv = pkgs.python3.withPackages(ps: with ps; [ flask apprise mnemonic wtforms jq ]);
+      in "${pythonEnv}/bin/python ${./app.py}";
+      Restart = "always";
+    };
+  };
+
+  # setup notification user
+  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
+    "${ldap_user}" = llib.mkProvisionUserSystem ldap_user config.age.secrets.notify-ldap-pass.path;
+  });
+
+  # persistent files
+  environment.persistence.root.directories = [
+    { directory = "/var/lib/private/${stateDirName}"; mode = "0700"; }
+  ];
+
+  # nginx
+  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
+    forceSSL = true;
+    enableACME = true;
+    
+    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
+      proxyPass = "http://localhost:${builtins.toString port}";
+    };
+    locations."/notify".proxyPass = "http://localhost:${builtins.toString port}";
+  };
+
+  # metada
+  mine.shared.meta.notify = {
+    name = "Notification Service";
+    description = "This website you are looking at right now, which is our members website.";
+    url = "https://${svc_domain}";
+
+    package = {
+      name = "notify-website";
+      version = "v0.0.1";
+      meta = with lib; {
+        description = "Notification website for ${config.mine.shared.settings.domain}";
+        license = licenses.free;
+        homepage = "https://git.fricloud.dk/fricloud/server-configs/src/branch/main/machines/gerd/services/notify/app.py";
+        platforms = platforms.all;
+      };
+    };
+  };
+}