notify: initial add of notify module

2025-03-10 13:01:42 +01:00 · 2025-03-10 13:01:42 +01:00 · 46393fa8c8
commit 46393fa8c8
parent 1afb86677b
1 changed files with 86 additions and 0 deletions
--- a/machines/gerd/services/notify/default.nix
+++ b/machines/gerd/services/notify/default.nix
@ -0,0 +1,86 @@
 { config, lib, pkgs, ... }:
 let
  svc_domain = "notify.${config.mine.shared.settings.domain}";
  port = 5055;
  ldap_user = "notification";
  stateDirName = "notify";
  stateDir = "/var/lib/${stateDirName}";
 in {
  systemd.services.notifify = {
    description = "notifications for members";
    wantedBy = [ "multi-user.target" ];
    after = [ "networking.target" ];
    environment = {
      NOTIFIER_URL = "https://${svc_domain}";
      NOTIFIER_PORT = builtins.toString port;
      NOTIFIER_DATABASE_PATH = "${stateDir}/notify.db";
      # NOTIFIER_MATRIX_BOT_TOKEN = "";
      NOTIFIER_MATRIX_HOST = config.mine.shared.settings.matrix-synapse.domain;
      NOTIFIER_PROXY_AUTH_USERNAME_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
      NOTIFIER_MAIL_USERNAME = ldap_user;
      # NOTIFIER_MAIL_PASSWORD = "";
      NOTIFIER_MAIL_DOMAIN = config.mine.shared.settings.domain;
      NOTIFIER_MAIL_HOST = config.mine.shared.settings.mail.domain;
      NOTIFIER_MAIL_PORT = builtins.toString config.mine.shared.settings.mail.ports.submissions;
    };
    serviceConfig = {
      EnvironmentFile = [ config.age.secrets.notify-env.path ];
      StateDirectory = stateDirName;
      DynamicUser = true;
      ExecStart = let
        pythonEnv = pkgs.python3.withPackages(ps: with ps; [ flask apprise mnemonic wtforms jq ]);
      in "${pythonEnv}/bin/python ${./app.py}";
      Restart = "always";
    };
  };
  # setup notification user
  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
    "${ldap_user}" = llib.mkProvisionUserSystem ldap_user config.age.secrets.notify-ldap-pass.path;
  });
  # persistent files
  environment.persistence.root.directories = [
    { directory = "/var/lib/private/${stateDirName}"; mode = "0700"; }
  ];
  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
    locations."/notify".proxyPass = "http://localhost:${builtins.toString port}";
  };
  # metada
  mine.shared.meta.notify = {
    name = "Notification Service";
    description = "This website you are looking at right now, which is our members website.";
    url = "https://${svc_domain}";
    package = {
      name = "notify-website";
      version = "v0.0.1";
      meta = with lib; {
        description = "Notification website for ${config.mine.shared.settings.domain}";
        license = licenses.free;
        homepage = "https://git.fricloud.dk/fricloud/server-configs/src/branch/main/machines/gerd/services/notify/app.py";
        platforms = platforms.all;
      };
    };
  };
 }