2023-03-24 17:00:44 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
options.services.panoptikon = {
|
|
|
|
|
enable = lib.mkEnableOption "Generic command output / website watcher";
|
|
|
|
|
watchers = lib.mkOption {
|
|
|
|
|
type = lib.types.attrsOf (lib.types.submodule (watcher: {
|
|
|
|
|
options = {
|
|
|
|
|
script = lib.mkOption {
|
|
|
|
|
type = lib.types.path;
|
|
|
|
|
description = ''
|
|
|
|
|
A script whose stdout is to be watched.
|
|
|
|
|
'';
|
|
|
|
|
example = ''
|
|
|
|
|
pkgs.writers.writeDash "github-meta" '''
|
|
|
|
|
''${pkgs.curl}/bin/curl -sSL https://api.github.com/meta | ''${pkgs.jq}/bin/jq
|
|
|
|
|
'''
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
frequency = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
How often to run the script. See systemd.time(7) for more information about the format.
|
|
|
|
|
'';
|
|
|
|
|
example = "*:0/3";
|
|
|
|
|
default = "daily";
|
|
|
|
|
};
|
2024-03-17 21:42:01 +01:00
|
|
|
loadCredential = lib.mkOption {
|
|
|
|
|
type = lib.types.listOf lib.types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
This can be used to pass secrets to the systemd service without adding them to the nix store.
|
|
|
|
|
'';
|
|
|
|
|
default = [];
|
|
|
|
|
};
|
2023-03-24 17:00:44 +01:00
|
|
|
reporters = lib.mkOption {
|
|
|
|
|
type = lib.types.listOf lib.types.path;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of scripts that take the diff (if any) via stdin and report it (e.g. to IRC, Telegram or Prometheus). The name of the watcher will be in the $PANOPTIKON_WATCHER environment variable.
|
|
|
|
|
'';
|
|
|
|
|
example = ''
|
|
|
|
|
[
|
|
|
|
|
(pkgs.writers.writeDash "telegram-reporter" '''
|
|
|
|
|
''${pkgs.curl}/bin/curl -X POST https://api.telegram.org/bot''${TOKEN}/sendMessage \
|
|
|
|
|
-d chat_id=123456 \
|
|
|
|
|
-d text="$(cat)"
|
|
|
|
|
''')
|
|
|
|
|
(pkgs.writers.writeDash "notify" '''
|
|
|
|
|
''${pkgs.libnotify}/bin/notify-send "$PANOPTIKON_WATCHER has changed."
|
|
|
|
|
''')
|
|
|
|
|
]
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config = {};
|
|
|
|
|
}));
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = let
|
|
|
|
|
cfg = config.services.panoptikon;
|
|
|
|
|
in
|
|
|
|
|
lib.mkIf cfg.enable {
|
|
|
|
|
users.extraUsers.panoptikon = {
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
createHome = true;
|
|
|
|
|
home = "/var/lib/panoptikon";
|
|
|
|
|
group = "panoptikon";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.extraGroups.panoptikon = {};
|
|
|
|
|
|
2023-03-26 00:26:53 +01:00
|
|
|
systemd.timers = lib.attrsets.mapAttrs' (watcherName: _:
|
|
|
|
|
lib.nameValuePair "panoptikon-${watcherName}" {
|
2023-03-31 10:59:52 +02:00
|
|
|
timerConfig.RandomizedDelaySec = toString (60 * 60);
|
2023-03-26 00:26:53 +01:00
|
|
|
})
|
|
|
|
|
cfg.watchers;
|
|
|
|
|
|
2023-03-27 09:27:44 +02:00
|
|
|
systemd.services =
|
|
|
|
|
{
|
|
|
|
|
setup-panoptikon = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
User = "panoptikon";
|
|
|
|
|
Group = "panoptikon";
|
|
|
|
|
WorkingDirectory = "/var/lib/panoptikon";
|
|
|
|
|
Restart = "on-failure";
|
2024-02-05 10:20:03 +01:00
|
|
|
StartLimitBurst = 5;
|
|
|
|
|
RestartSec = 30;
|
2023-03-27 09:27:44 +02:00
|
|
|
};
|
|
|
|
|
script = ''
|
|
|
|
|
${pkgs.git}/bin/git init --quiet
|
|
|
|
|
${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
|
|
|
|
|
${pkgs.git}/bin/git config user.name Panoptikon
|
|
|
|
|
'';
|
2023-03-24 17:00:44 +01:00
|
|
|
};
|
2023-03-27 09:27:44 +02:00
|
|
|
}
|
|
|
|
|
// lib.attrsets.mapAttrs' (watcherName: watcherOptions:
|
|
|
|
|
lib.nameValuePair "panoptikon-${watcherName}" {
|
|
|
|
|
enable = true;
|
|
|
|
|
after = ["setup-panoptikon.service"];
|
|
|
|
|
startAt = watcherOptions.frequency;
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
User = "panoptikon";
|
|
|
|
|
Group = "panoptikon";
|
|
|
|
|
WorkingDirectory = "/var/lib/panoptikon";
|
2024-05-08 06:37:53 +02:00
|
|
|
RestartSec = toString (60 * 60);
|
2023-03-27 09:27:44 +02:00
|
|
|
Restart = "on-failure";
|
2024-03-17 21:42:01 +01:00
|
|
|
LoadCredential = watcherOptions.loadCredential;
|
2023-03-27 09:27:44 +02:00
|
|
|
};
|
|
|
|
|
unitConfig = {
|
|
|
|
|
StartLimitIntervalSec = "300";
|
|
|
|
|
StartLimitBurst = "5";
|
|
|
|
|
};
|
|
|
|
|
environment.PANOPTIKON_WATCHER = watcherName;
|
|
|
|
|
wants = ["network-online.target"];
|
|
|
|
|
script = ''
|
2023-03-30 19:13:25 +02:00
|
|
|
set -efu
|
2023-03-24 17:00:44 +01:00
|
|
|
|
2023-03-27 09:27:44 +02:00
|
|
|
${watcherOptions.script} > ${watcherName}
|
2023-03-24 17:00:44 +01:00
|
|
|
|
2024-05-08 06:37:53 +02:00
|
|
|
diff_output=$(${pkgs.diffutils}/bin/diff --new-file ${watcherName}.old ${watcherName})
|
|
|
|
|
|
|
|
|
|
if [ -n "$diff_output" ]; then
|
2023-03-27 09:27:44 +02:00
|
|
|
${lib.strings.concatMapStringsSep "\n" (reporter: ''
|
2024-05-08 06:37:53 +02:00
|
|
|
echo "$diff_output" | ${reporter}
|
|
|
|
|
'') watcherOptions.reporters}
|
2023-03-27 09:27:44 +02:00
|
|
|
:
|
|
|
|
|
fi
|
2023-07-15 22:33:35 +02:00
|
|
|
|
2024-05-08 06:37:53 +02:00
|
|
|
mv ${watcherName} ${watcherName}.old
|
2023-03-27 09:27:44 +02:00
|
|
|
'';
|
|
|
|
|
})
|
|
|
|
|
cfg.watchers;
|
2023-03-24 17:00:44 +01:00
|
|
|
};
|
|
|
|
|
}
|
