mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git
synced 2024-11-25 21:41:27 +00:00
Updated webhook config
This commit is contained in:
parent
daae6cc6da
commit
7b39daf74e
285
webhook.nix
285
webhook.nix
|
@ -2,151 +2,209 @@
|
||||||
{
|
{
|
||||||
nixpkgs.overlays = [(self: super: {
|
nixpkgs.overlays = [(self: super: {
|
||||||
updateScript = pkgs.writeScriptBin "updateScript" ''
|
updateScript = pkgs.writeScriptBin "updateScript" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --upgrade
|
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --upgrade
|
||||||
'';
|
'';
|
||||||
|
|
||||||
rollbackScript = pkgs.writeScriptBin "rollbackScript" ''
|
rollbackScript = pkgs.writeScriptBin "rollbackScript" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --rollback
|
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --rollback
|
||||||
'';
|
'';
|
||||||
|
|
||||||
applyConfigScript = pkgs.writeScriptBin "applyConfigScript" ''
|
applyConfigScript = pkgs.writeScriptBin "applyConfigScript" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch
|
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch
|
||||||
'';
|
'';
|
||||||
|
|
||||||
setupConfigsScript = pkgs.writeScriptBin "setupConfigsScript" ''
|
setupConfigsScript = pkgs.writeScriptBin "setupConfigsScript" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
export DOMAIN=$1
|
export DOMAIN=$1
|
||||||
export USER=$2
|
export USER=$2
|
||||||
export PASSWORD=$3
|
export PASSWORD=$3
|
||||||
|
|
||||||
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/configuration.nix
|
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/configuration.nix
|
||||||
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/mailserver.nix
|
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/mailserver.nix
|
||||||
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/restic.nix
|
${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/restic.nix
|
||||||
|
|
||||||
sed -i '17s/.*/ fqdn = "'"$DOMAIN"'";/' mailserver.nix
|
#Mailserver
|
||||||
sed -i '18s/.*/ domains = [ "'"$DOMAIN"'" ];/' mailserver.nix
|
sed -i '17s/.*/ fqdn = "'"$DOMAIN"'";/' mailserver.nix
|
||||||
sed -i '23s/.*/\t"'"$USER"'@'"$DOMAIN"'" = {/' mailserver.nix
|
sed -i '18s/.*/ domains = [ "'"$DOMAIN"'" ];/' mailserver.nix
|
||||||
sed -i "24s,.*,\t\ hashedPassword = \"$PASSWORD\";," mailserver.nix
|
sed -i '23s/.*/\t"'"$USER"'@'"$DOMAIN"'" = {/' mailserver.nix
|
||||||
sed -i '33s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix
|
sed -i "24s,.*,\t\ hashedPassword = \"$PASSWORD\";," mailserver.nix
|
||||||
sed -i '50s/.*/\t "admin@'"$DOMAIN"'" = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
|
sed -i '33s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix
|
||||||
sed -i '72s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
|
sed -i '50s/.*/\t "admin@'"$DOMAIN"'" = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
|
||||||
|
sed -i '72s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
|
||||||
|
|
||||||
# System Configuration
|
# System Configuration
|
||||||
sed -i "16s,.*,\t\"$sshKey\"," configuration.nix
|
sed -i "16s,.*,\t\"$sshKey\"," configuration.nix
|
||||||
|
|
||||||
# Restic
|
# OpenConnect
|
||||||
#sed -i '14s/.*/\t\tEnvironment = [ "AWS_ACCESS_KEY_ID='"$AWS_TOKEN_ID"'" "AWS_SECRET_ACCESS_KEY='"$AWS_TOKEN"'" ];/' restic.nix
|
|
||||||
#sed -i "17s,.*,\t restic -r s3:s3.amazonaws.com/$AWS_BUCKET_NAME backup /var/vmail /var/vmail ," restic.nix
|
|
||||||
|
|
||||||
#FIXME: Give access to system environment
|
sed -i '25s/.*/server-cert = /etc/letsencrypt/live/$DOMAIN/cert.pem/' ocserv.nix
|
||||||
#cp configuration.nix /etc/nixos/configuration.nix
|
sed -i '26s/.*/server-key = /etc/letsencrypt/live/$DOMAIN/privkey.pem/' ocserv.nix
|
||||||
#cp mailserver.nix /etc/nixos/mailserver.nix
|
sed -i '28s/.*/default-domain = $DOMAIN/' ocserv.nix
|
||||||
#cp restic.nix /etc/nixos/restic.nix
|
sed -i '137s/.*/[vhost:$DOMAIN]/' ocserv.nix
|
||||||
|
sed -i '140s/.*/server-cert = /etc/letsencrypt/live/$DOMAIN/cert.pem/' ocserv.nix
|
||||||
|
sed -i '141s/.*/server-key = /etc/letsencrypt/live/$DOMAIN/privkey.pem/' ocserv.nix
|
||||||
|
sed -i '146s/.*/route = $machineip/255.255.255.255/' ocserv.nix
|
||||||
|
|
||||||
#rm configuration.nix
|
# ACME
|
||||||
#rm mailserver.nix
|
sed -i '8s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' acme.nix
|
||||||
#rm restic.nix
|
sed -i '9s/.*/ certs."'"$DOMAIN"'" = {/' acme.nix
|
||||||
|
|
||||||
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch
|
|
||||||
|
#FIXME: Give access to system environment
|
||||||
|
#cp configuration.nix /etc/nixos/configuration.nix
|
||||||
|
#cp mailserver.nix /etc/nixos/mailserver/mailserver.nix
|
||||||
|
#cp restic.nix /etc/nixos/backup/restic.nix
|
||||||
|
|
||||||
|
/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch
|
||||||
'';
|
'';
|
||||||
|
|
||||||
getDKIMScript = pkgs.writeScriptBin "getDKIMScript" ''
|
getDKIMScript = pkgs.writeScriptBin "getDKIMScript" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
|
'';
|
||||||
|
createUserScript = pkgs.writeScriptBin "createUserScript" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
export dkim=$( cat "$1".selector.txt )
|
${pkgs.shadow}/bin/useradd -m $1
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
createBackupScript = pkgs.writeScriptBin "createBackupScript" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
|
${pkgs.restic}/bin/restic -r /srv/restic-repo backup ~/work
|
||||||
|
'';
|
||||||
|
|
||||||
|
restoreBackupScript = pkgs.writeScriptBin "restoreBackupScript" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
|
||||||
|
${pkgs.restic}/bin/restic -r $1 restore $2 --target $3
|
||||||
|
'';
|
||||||
|
|
||||||
|
webhook-server = self.callPackage ../packages/webhook-server.nix {};
|
||||||
})];
|
})];
|
||||||
|
environment.etc."webhook_server.yml".text = ''
|
||||||
|
domain: "ilchub.net"
|
||||||
|
port: 8080
|
||||||
|
workers: 4
|
||||||
|
webhooks:
|
||||||
|
-
|
||||||
|
name: 'ls'
|
||||||
|
command: '${pkgs.applyConfigScript}/bin/applyConfigScript'
|
||||||
|
cwd: '/tmp'
|
||||||
|
'';
|
||||||
environment.etc."webhook.conf".text = ''
|
environment.etc."webhook.conf".text = ''
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"id": "update",
|
"id": "update",
|
||||||
"execute-command": "${pkgs.updateScript}/bin/updateScript",
|
"execute-command": "${pkgs.updateScript}/bin/updateScript",
|
||||||
"command-working-directory": "/tmp",
|
"command-working-directory": "/tmp",
|
||||||
"response-message": "Updating system..."
|
"response-message": "Updating system..."
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"id": "rollback",
|
"id": "rollback",
|
||||||
"execute-command": "${pkgs.rollbackScript}/bin/rollbackScript",
|
"execute-command": "${pkgs.rollbackScript}/bin/rollbackScript",
|
||||||
"command-working-directory": "/tmp"
|
"command-working-directory": "/tmp"
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"id": "apply",
|
"id": "apply",
|
||||||
"execute-command": "${pkgs.applyConfigScript}/bin/applyConfigScript",
|
"execute-command": "${pkgs.applyConfigScript}/bin/applyConfigScript",
|
||||||
"command-working-directory": "/tmp"
|
"command-working-directory": "/tmp"
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"id": "setupConfigs",
|
"id": "setupConfigs",
|
||||||
"execute-command": "${pkgs.setupConfigsScript}/bin/setupConfigsScript",
|
"execute-command": "${pkgs.setupConfigsScript}/bin/setupConfigsScript",
|
||||||
"command-working-directory": "/tmp",
|
"command-working-directory": "/tmp",
|
||||||
"pass-arguments-to-command":
|
"pass-arguments-to-command":
|
||||||
[
|
[
|
||||||
{
|
|
||||||
"source": "header",
|
|
||||||
"name": "X-Domain"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"source": "header",
|
|
||||||
"name": "X-User"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"source": "header",
|
|
||||||
"name": "X-Password"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"trigger-rule":
|
|
||||||
{
|
{
|
||||||
"and":
|
"source": "header",
|
||||||
[
|
"name": "X-Domain"
|
||||||
"match":
|
},
|
||||||
{
|
{
|
||||||
"type": "value",
|
"source": "header",
|
||||||
"value": "blahblah",
|
"name": "X-User"
|
||||||
"parameter":
|
},
|
||||||
{
|
{
|
||||||
"source": "header",
|
"source": "header",
|
||||||
"name": "X-Signature"
|
"name": "X-Password"
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
}
|
],
|
||||||
|
"trigger-rule":
|
||||||
{
|
{
|
||||||
"id": "getdkim",
|
"and":
|
||||||
"execute-command": "${getDKIMScript}/bin/getDKIMScript",
|
|
||||||
"command-working-directory": "/var/dkim",
|
|
||||||
"pass-arguments-to-command":
|
|
||||||
[
|
[
|
||||||
|
"match":
|
||||||
{
|
{
|
||||||
"source": "header",
|
"type": "value",
|
||||||
"name": "X-Domain"
|
"value": "eemioqu5ohgu9eif6ahzo0shaiqu0caezaj0feel0quahp5u",
|
||||||
}
|
"parameter":
|
||||||
],
|
{
|
||||||
"response-headers":
|
"source": "header",
|
||||||
[
|
"name": "X-Signature"
|
||||||
{
|
}
|
||||||
"name": "DKIM-Signature",
|
|
||||||
"value": "{{ getenv "dkim" }}"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
'';
|
|
||||||
|
{
|
||||||
|
"id": "getDKIM",
|
||||||
|
"execute-command": "${pkgs.getDKIMScript}/bin/getDKIMScript",
|
||||||
|
"command-working-directory": "/var/dkim",
|
||||||
|
"pass-arguments-to-command":
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"source": "header",
|
||||||
|
"name": "X-Domain"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"response-message": "Getting DKIM key",
|
||||||
|
"response-headers":
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "X-DKIM",
|
||||||
|
"value": "${config.environment.variables.dkim}"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
"id": "createUser",
|
||||||
|
"execute-command": "${pkgs.createUserScript}/bin/createUserScript",
|
||||||
|
"command-working-directory": "/tmp",
|
||||||
|
"pass-arguments-to-command":
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"source": "header",
|
||||||
|
"name": "X-User"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
"id": "restoreBackup",
|
||||||
|
"execute-command": "${pkgs.restoreBackupScript}/bin/restoreBackupScript",
|
||||||
|
"command-working-directory": "/tmp"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
'';
|
||||||
|
|
||||||
users.users.webhook = {
|
users.users.webhook = {
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
};
|
};
|
||||||
|
users.users.rswebhook = {
|
||||||
|
isNormalUser = false;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.webhook = {
|
systemd.services.webhook = {
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
|
@ -155,11 +213,26 @@
|
||||||
sudo
|
sudo
|
||||||
git
|
git
|
||||||
wget
|
wget
|
||||||
|
restic
|
||||||
|
shadow
|
||||||
];
|
];
|
||||||
enable = true;
|
enable = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "webhook";
|
User = "webhook";
|
||||||
ExecStart = "${pkgs.webhook}/bin/webhook -hooks /etc/webhook.conf -secure -cert /var/lib/acme/ilchub.net/fullchain.pem -key /var/lib/acme/ilchub.net/key.pem -verbose";
|
ExecStart = "${pkgs.webhook}/bin/webhook -hooks /etc/webhook.conf -verbose";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.webhook-server = {
|
||||||
|
path = with pkgs; [
|
||||||
|
man
|
||||||
|
config.nix.package.out
|
||||||
|
sudo
|
||||||
|
];
|
||||||
|
enable = true;
|
||||||
|
serviceConfig = {
|
||||||
|
User = "rswebhook";
|
||||||
|
ExecStart = "${pkgs.webhook-server}/bin/webhookserver";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue