harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixcfg/systems/x86_64-linux/mx/default.nix
Harald Hoyer 19e2743c3b feat(mx): add ntfy push notifications for disk alerts and service failures 
- Disk check scripts now send ntfy alerts in addition to email
- New ntfy-failure@ template service notifies on any systemd service failure
- Uses sops-managed token for ntfy authentication

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 16:31:39 +01:00

175 lines
4.2 KiB
Nix
Raw Blame History

{ pkgs, lib, config, ... }:
{
imports = [
# ./goaccess.nix
./acme.nix
./backup.nix
./coturn.nix
./forgejo.nix
./hardware-configuration.nix
./headscale.nix
./kicker.nix
./mailserver.nix
./network.nix
./nextcloud.nix
./nextcloud-claude-bot
./nginx.nix
./ntfy.nix
./postgresql.nix
./rspamd.nix
./rustdesk.nix
./users.nix
];
services.tailscale.enable = true;
metacfg = {
services.nginxBase.enable = true;
services.acmeBase.enable = true;
emailOnFailure.enable = true;
base.enable = true;
nix.enable = true;
podman.enable = true;
secureboot.enable = false;
tools = {
direnv.enable = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
};
system.autoUpgrade = {
enable = true;
dates = "04:00";
operation = "switch";
allowReboot = true;
flake = lib.mkForce "/root/nixcfg/.#mx";
};
systemd.services.nixos-upgrade = {
path = [ pkgs.git ];
preStart = ''
cd /root/nixcfg
git fetch origin
git reset --hard origin/HEAD
'';
};
nix.gc = {
dates = "daily";
options = "--delete-older-than 7d";
};
programs.git.config = {
safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
};
environment.systemPackages = with pkgs; [
age
apacheHttpd # for mkpasswd
efibootmgr
fgallery
git
htop
mdadm
rrsync
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
zola
];
sops.secrets.ntfy = {
sopsFile = ../../../.secrets/hetzner/ntfy.yaml;
};
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
services.openssh = {
enable = true;
hostKeys = [
{
path = "/var/lib/secrets/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/var/lib/secrets/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
systemd.services = {
check_boot = {
serviceConfig = {
Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin";
ExecStart = toString (
pkgs.writeShellScript "check_boot.sh" ''
CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
THRESHOLD=85
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
Your /boot partition remaining free space is critically low. Used: $CURRENT%
EOF
TOKEN=$(cat ${config.sops.secrets.ntfy.path})
${pkgs.curl}/bin/curl -s -H "Authorization: Bearer $TOKEN" \
-H "Title: /boot Disk Space Alert" \
-H "Priority: high" \
-d "Boot partition at $CURRENT%" \
http://127.0.0.1:2586/alerts
fi
''
);
};
wantedBy = [ "default.target" ];
};
check_root = {
serviceConfig = {
Type = "oneshot";
Environment = "PATH=/run/current-system/sw/bin";
ExecStart = toString (
pkgs.writeShellScript "check_root.sh" ''
CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
THRESHOLD=85
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
${pkgs.mailutils}/bin/mail -s '/ Disk Space Alert' harald << EOF
Your root partition remaining free space is critically low. Used: $CURRENT%
EOF
TOKEN=$(cat ${config.sops.secrets.ntfy.path})
${pkgs.curl}/bin/curl -s -H "Authorization: Bearer $TOKEN" \
-H "Title: / Disk Space Alert" \
-H "Priority: high" \
-d "Root partition at $CURRENT%" \
http://127.0.0.1:2586/alerts
fi
''
);
};
wantedBy = [ "default.target" ];
};
};
systemd.timers = {
check_boot = {
timerConfig = {
OnCalendar = "daily";
};
wantedBy = [ "timers.target" ];
};
check_root = {
timerConfig = {
OnCalendar = "daily";
};
wantedBy = [ "timers.target" ];
};
};
system.stateVersion = "23.05";
}
Reference in a new issue View git blame Copy permalink