From 3beb76e4110aa9baeae9104f527691d98221886d Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Sun, 27 Aug 2023 02:36:01 +0200 Subject: [PATCH] Add pvv-calendar-bot to bicep --- flake.lock | 23 ++++++++++ flake.nix | 7 +++- hosts/bicep/configuration.nix | 1 + hosts/bicep/services/calendar-bot.nix | 20 +++++++++ secrets/bicep/bicep.yaml | 60 +++++++++++++++++++++++++++ 5 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 hosts/bicep/services/calendar-bot.nix create mode 100644 secrets/bicep/bicep.yaml diff --git a/flake.lock b/flake.lock index 9b473b7..3d67204 100644 --- a/flake.lock +++ b/flake.lock @@ -65,10 +65,33 @@ "type": "github" } }, + "pvv-calendar-bot": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693093917, + "narHash": "sha256-Qz7bHN685zj5mcRnEfCwkCTUiLzy2EtXrREmlEKEf6w=", + "ref": "main", + "rev": "6f125fdb1fd23b5d634cf50235f16f8c5f03e5be", + "revCount": 8, + "type": "git", + "url": "https://git.pvv.ntnu.no/Drift/calendar-bot.git" + }, + "original": { + "ref": "main", + "rev": "6f125fdb1fd23b5d634cf50235f16f8c5f03e5be", + "type": "git", + "url": "https://git.pvv.ntnu.no/Drift/calendar-bot.git" + } + }, "root": { "inputs": { "matrix-next": "matrix-next", "nixpkgs": "nixpkgs", + "pvv-calendar-bot": "pvv-calendar-bot", "sops-nix": "sops-nix", "unstable": "unstable" } diff --git a/flake.nix b/flake.nix index 2ae469e..f788ca5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,10 +8,13 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Drift/calendar-bot.git?ref=main&rev=6f125fdb1fd23b5d634cf50235f16f8c5f03e5be"; + pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; + matrix-next.url = "github:dali99/nixos-matrix-modules"; }; - outputs = { self, nixpkgs, matrix-next, unstable, sops-nix, ... }@inputs: + outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, unstable, sops-nix, ... }@inputs: let systems = [ "x86_64-linux" @@ -40,6 +43,7 @@ (final: prev: { mx-puppet-discord = prev.mx-puppet-discord.override { nodejs_14 = final.nodejs_18; }; }) + pvv-calendar-bot.overlays.${system}.default ]; }; } @@ -55,6 +59,7 @@ sops-nix.nixosModules.sops matrix-next.nixosModules.synapse + pvv-calendar-bot.nixosModules.default ]; }; bekkalokk = stableNixosConfig "bekkalokk" { }; diff --git a/hosts/bicep/configuration.nix b/hosts/bicep/configuration.nix index bb5d6cc..28c18fb 100644 --- a/hosts/bicep/configuration.nix +++ b/hosts/bicep/configuration.nix @@ -12,6 +12,7 @@ ./services/mysql.nix ./services/postgres.nix ./services/mysql.nix + ./services/calendar-bot.nix ./services/matrix ]; diff --git a/hosts/bicep/services/calendar-bot.nix b/hosts/bicep/services/calendar-bot.nix new file mode 100644 index 0000000..42eabfc --- /dev/null +++ b/hosts/bicep/services/calendar-bot.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +{ + sops.secrets."calendar-bot/matrix_token" = { + sopsFile = ../../../secrets/bicep/bicep.yaml; + }; + + services.pvv-calendar-bot = { + enable = true; + settings = { + matrix = { + homeserver = "https://matrix.pvv.ntnu.no"; + user = "@bot_calendar:pvv.ntnu.no"; + channel = "!MCYRZwhWAeNqUhwkUx:feal.no"; + }; + secretsFile = config.sops.secrets."calendar-bot/matrix_token".path; + onCalendar = "0 9 * * *"; + }; + }; +} diff --git a/secrets/bicep/bicep.yaml b/secrets/bicep/bicep.yaml new file mode 100644 index 0000000..622c2b0 --- /dev/null +++ b/secrets/bicep/bicep.yaml @@ -0,0 +1,60 @@ +calendar-bot: + matrix_token: ENC[AES256_GCM,data:zJv9sw6pEzb9hxKT682wsD87HC9iejbps2wl2Z5QW1XZUSBHdcqyg1pxd+jFKTeKGQ==,iv:zDbvF1H98NsECjCtGXS+Y9HIhXowzz9HF9mltqnArog=,tag:/ftcOSQ13ElkVJBxYIMUGQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RFpLOEtUQ0ZLeUdmTGxl + VXlTOG82Ly8vdjdldnB0dGFzTkdxUHNML1VJCmxDWHhyMHYrbmtMVWVJYTdrWjVn + aE5qWWtHWSszYnNWc3l2VmFwUGl4R3MKLS0tIG9ocThFNm1pcUtMNHNlMlFsS2lx + MDhubWVxamxlSVk0dUtIWnhyUlBNM00KRunPljgLCHkwn4HCPGpkNbLitCIF7hYL + jRYVzu+Wddd13A4QfvHvAI7bJB5Zsv/xwmggVlICG1pky7gPNDwGcA== + -----END AGE ENCRYPTED FILE----- + - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvem5LODRyU0VlcElOS0tY + a1FaNHc0SDJLQ1llalBqQ2VEQjZpbUFyd0hNCldQNUpTdFZ5NTlxWU9icXN2Mm5a + S0JQOUkvdEZRK3NBOGpEZkJleTB1TXMKLS0tIHdVcFRETFlBVWI3TTZYZGJMMkcv + RkRXTTVURDRFNjFvci8zRVpqbkxVclEKW86hoVO0grt2x5YMt/YnmDI6J0QFKjZZ + Mnmd/Z1S6a+rajCy0GkeM+Q8AbBqBrNei2H5Xp1PlxNyicGib6+Ngg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bHNiY3ZCNHZsYlUrOHMy + OG55QjVmQVUxbXl0bkdNQ0FEais5Sng0ZkRBCm5KdmMvNmN6VmdsREZrbGd4ZFpM + VVpsQk43MlBxU042ZkE4L1hHK1R4RVEKLS0tIGttL01XcG1IUnBMbUVqKzJMK09o + QmVlRnJhSk4xYWFVbGVxdlFxSDlXSGMKJvjMDaX4Aa98gT+GPjGaKKdnG67jNG3C + nLsbxU4vNpFvjF4WI5vdvIQe5UGzoCYQZp3oHFnGq+Jp/hJ1HFF0GQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-27T00:13:50Z" + mac: ENC[AES256_GCM,data:u2TPEbDSlOR9SFVpGebiYMWKDtw3PYsljhMYB+No1YE4fXHWlGs4VjNfGZ43eiVmI9TM7f24flaAZ4tjFfjz14+kFg1kQ5VRkvanJP3h1TTAEPmZO3j28YlRiDOMZ387emDpyPox2jsIHBtQZnX+7DDw65KOWjG5uskOMHGRVEY=,iv:WpP9nYzCKzmynXvLCbbz5Aoy/cT/h8iklUZy6B00Tus=,tag:SnusNV0W6zfown4vWHIVhA==,type:str] + pgp: + - created_at: "2023-08-27T00:12:42Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA0av/duuklWYAQ//edQVXnTS4Xarwt14tF6yyhWM9/JFSVWW97lTO6xTNe5S + jNROmF/tHl29IPX0/QHXj/d4jMF/nteHdD53nD9s312CPOBv3SEwl4e7hfMf3rUN + 4YOahX9J4ryoB+ZleK5leoYSsWaVBDJfERMkYT9Ta/xv4EC5zHBTlZDpLRuS04eZ + W5MG57TKBC0oifPvhCuv22OURNUp9t/bysSuKgU1v0Czu6ozuVgw9AO8G+PstFpW + 7lyIMUNJQ7g3hiKDrrPPYcrKTeBbhxTINObe29nv00y0lycnfx3PxWrXpBoyv82y + xRgtalVvlYre1w6IFkqDFtpJD6N3zPFnPq4ZQ0nHN7A943Kxli5JnlkRH9Ak098K + PuykZ+V2X+qFNf4LS+Gnjx9wZKaLEChMaDhILUDKuUcwPIU5EiaaBOS1Y8NQ4Lha + pzyWzvpejV87Qvg2iog9UYLsK33GuxcFzYaklnknrI+9SotM7LRGQTVkVOwykh86 + 8d+Sake0J/1xjOcxUNbaYreTA3myyklVlvoybyNOdSzxGveEq3KvGgcORnQxYwe3 + QDoCdVNTmU5ELwDPALVMenDr7VixN085oJkYqZJ6v5E0K1Bhtrb6PItoC5Kea55s + zWP+0rYxFx884cqpf8/JuC1Jbs1DpljqMMW9aD6A0htzOwEyHzDKWxy7zxCJrgjS + XgFHIr6sG1geqUzIhw8NzUpdOkdlQ6YFKP3MsUfxIqPHWVQWt1+LLvA5BX/wXIe6 + kPTa9qXwmK7Hrh5TyPPEjrO16qT3UE0nvRAI0s79L6U+99xXfhKIXhg2OMSZCR8= + =xnr5 + -----END PGP MESSAGE----- + fp: F7D37890228A907440E1FD4846B9228E814A2AAC + unencrypted_suffix: _unencrypted + version: 3.7.3