diff --git a/modules/panoptikon.nix b/modules/panoptikon.nix index 299287e..9c600b6 100644 --- a/modules/panoptikon.nix +++ b/modules/panoptikon.nix @@ -28,6 +28,13 @@ example = "*:0/3"; default = "daily"; }; + loadCredential = lib.mkOption { + type = lib.types.listOf lib.types.string; + description = '' + This can be used to pass secrets to the systemd service without adding them to the nix store. + ''; + default = []; + }; reporters = lib.mkOption { type = lib.types.listOf lib.types.path; description = '' @@ -104,6 +111,7 @@ WorkingDirectory = "/var/lib/panoptikon"; RestartSec = "60"; Restart = "on-failure"; + LoadCredential = watcherOptions.loadCredential; }; unitConfig = { StartLimitIntervalSec = "300"; diff --git a/systems/ful/panoptikon.nix b/systems/ful/panoptikon.nix index 32dab29..1d170a1 100644 --- a/systems/ful/panoptikon.nix +++ b/systems/ful/panoptikon.nix @@ -13,6 +13,17 @@ retiolumLink = true; }; + telegram-kmein = let + chatId = "-1001796440545"; + in + pkgs.writers.writeDash "telegram-fulltext" '' + export TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" + ${pkgs.curl}/bin/curl -X POST "https://api.telegram.org/bot''${TOKEN}/sendMessage" \ + -d chat_id=${chatId} \ + -d text="$(cat)" \ + | ${pkgs.jq}/bin/jq -e .ok + ''; + irc-kmein = panoptikon.kpaste-irc { messagePrefix = "$PANOPTIKON_WATCHER: "; target = "kmein"; @@ -20,6 +31,8 @@ retiolumLink = false; }; in { + age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age; + services.panoptikon = { enable = true; watchers = { @@ -38,6 +51,13 @@ in { script = panoptikon.url "http://lammla.info/index.php?reihe=30"; reporters = [irc-kmein]; }; + btc = { + script = panoptikon.url "https://eur.rate.sx/1BTC"; + reporters = [telegram-kmein]; + loadCredential = [ + "token:${config.age.secrets.telegram-token-kmein.path}" + ]; + }; kratylos = { script = panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS"; reporters = [irc-kmein];