diff --git a/webhook.nix b/webhook.nix deleted file mode 100644 index 2f9bb761..00000000 --- a/webhook.nix +++ /dev/null @@ -1,238 +0,0 @@ -{ pkgs, config, ... }: -{ - nixpkgs.overlays = [(self: super: { - updateScript = pkgs.writeScriptBin "updateScript" '' -#!${pkgs.stdenv.shell} - -/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --upgrade - ''; - - rollbackScript = pkgs.writeScriptBin "rollbackScript" '' -#!${pkgs.stdenv.shell} - -/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --rollback - ''; - - applyConfigScript = pkgs.writeScriptBin "applyConfigScript" '' -#!${pkgs.stdenv.shell} - -/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch - ''; - - setupConfigsScript = pkgs.writeScriptBin "setupConfigsScript" '' -#!${pkgs.stdenv.shell} -export DOMAIN=$1 -export USER=$2 -export PASSWORD=$3 - -${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/configuration.nix -${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/mailserver.nix -${pkgs.wget}/bin/wget https://bitbucket.org/ilchub/serverdata/raw/b297b4026794c5420da97d7d06a393a5bf7e0819/restic.nix - -#Mailserver -sed -i '17s/.*/ fqdn = "'"$DOMAIN"'";/' mailserver.nix -sed -i '18s/.*/ domains = [ "'"$DOMAIN"'" ];/' mailserver.nix -sed -i '23s/.*/\t"'"$USER"'@'"$DOMAIN"'" = {/' mailserver.nix -sed -i "24s,.*,\t\ hashedPassword = \"$PASSWORD\";," mailserver.nix -sed -i '33s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix -sed -i '50s/.*/\t "admin@'"$DOMAIN"'" = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix -sed -i '72s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix - -# System Configuration -sed -i "16s,.*,\t\"$sshKey\"," configuration.nix - -# OpenConnect - -sed -i '25s/.*/server-cert = /etc/letsencrypt/live/$DOMAIN/cert.pem/' ocserv.nix -sed -i '26s/.*/server-key = /etc/letsencrypt/live/$DOMAIN/privkey.pem/' ocserv.nix -sed -i '28s/.*/default-domain = $DOMAIN/' ocserv.nix -sed -i '137s/.*/[vhost:$DOMAIN]/' ocserv.nix -sed -i '140s/.*/server-cert = /etc/letsencrypt/live/$DOMAIN/cert.pem/' ocserv.nix -sed -i '141s/.*/server-key = /etc/letsencrypt/live/$DOMAIN/privkey.pem/' ocserv.nix -sed -i '146s/.*/route = $machineip/255.255.255.255/' ocserv.nix - -# ACME -sed -i '8s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' acme.nix -sed -i '9s/.*/ certs."'"$DOMAIN"'" = {/' acme.nix - - -#FIXME: Give access to system environment -#cp configuration.nix /etc/nixos/configuration.nix -#cp mailserver.nix /etc/nixos/mailserver/mailserver.nix -#cp restic.nix /etc/nixos/backup/restic.nix - -/run/wrappers/bin/sudo ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch - ''; - - getDKIMScript = pkgs.writeScriptBin "getDKIMScript" '' -#!${pkgs.stdenv.shell} - ''; - createUserScript = pkgs.writeScriptBin "createUserScript" '' -#!${pkgs.stdenv.shell} - -${pkgs.shadow}/bin/useradd -m $1 - ''; - - createBackupScript = pkgs.writeScriptBin "createBackupScript" '' -#!${pkgs.stdenv.shell} - -${pkgs.restic}/bin/restic -r /srv/restic-repo backup ~/work - ''; - - restoreBackupScript = pkgs.writeScriptBin "restoreBackupScript" '' -#!${pkgs.stdenv.shell} - -${pkgs.restic}/bin/restic -r $1 restore $2 --target $3 - ''; - - webhook-server = self.callPackage ../packages/webhook-server.nix {}; - })]; - environment.etc."webhook_server.yml".text = '' -domain: "ilchub.net" -port: 8080 -workers: 4 -webhooks: - - - name: 'ls' - command: '${pkgs.applyConfigScript}/bin/applyConfigScript' - cwd: '/tmp' - ''; - environment.etc."webhook.conf".text = '' -[ - { - "id": "update", - "execute-command": "${pkgs.updateScript}/bin/updateScript", - "command-working-directory": "/tmp", - "response-message": "Updating system..." - }, - - { - "id": "rollback", - "execute-command": "${pkgs.rollbackScript}/bin/rollbackScript", - "command-working-directory": "/tmp" - }, - - { - "id": "apply", - "execute-command": "${pkgs.applyConfigScript}/bin/applyConfigScript", - "command-working-directory": "/tmp" - }, - - { - "id": "setupConfigs", - "execute-command": "${pkgs.setupConfigsScript}/bin/setupConfigsScript", - "command-working-directory": "/tmp", - "pass-arguments-to-command": - [ - { - "source": "header", - "name": "X-Domain" - }, - { - "source": "header", - "name": "X-User" - }, - { - "source": "header", - "name": "X-Password" - } - ], - "trigger-rule": - { - "and": - [ - "match": - { - "type": "value", - "value": "eemioqu5ohgu9eif6ahzo0shaiqu0caezaj0feel0quahp5u", - "parameter": - { - "source": "header", - "name": "X-Signature" - } - } - ] - } - }, - - { - "id": "getDKIM", - "execute-command": "${pkgs.getDKIMScript}/bin/getDKIMScript", - "command-working-directory": "/var/dkim", - "pass-arguments-to-command": - [ - { - "source": "header", - "name": "X-Domain" - } - ], - "response-message": "Getting DKIM key", - "response-headers": - [ - { - "name": "X-DKIM", - "value": "${config.environment.variables.dkim}" - } - ] - }, - - { - "id": "createUser", - "execute-command": "${pkgs.createUserScript}/bin/createUserScript", - "command-working-directory": "/tmp", - "pass-arguments-to-command": - [ - { - "source": "header", - "name": "X-User" - } - ] - }, - - { - "id": "restoreBackup", - "execute-command": "${pkgs.restoreBackupScript}/bin/restoreBackupScript", - "command-working-directory": "/tmp" - } -] -''; - - users.users.webhook = { - isNormalUser = false; - extraGroups = [ "wheel" ]; - }; - users.users.rswebhook = { - isNormalUser = false; - extraGroups = [ "wheel" ]; - }; - - systemd.services.webhook = { - path = with pkgs; [ - man - config.nix.package.out - sudo - git - wget - restic - shadow - ]; - enable = true; - serviceConfig = { - User = "webhook"; - ExecStart = "${pkgs.webhook}/bin/webhook -hooks /etc/webhook.conf -verbose"; - }; - }; - - systemd.services.webhook-server = { - path = with pkgs; [ - man - config.nix.package.out - sudo - ]; - enable = true; - serviceConfig = { - User = "rswebhook"; - ExecStart = "${pkgs.webhook-server}/bin/webhookserver"; - }; - }; -}