titaniumtown/server-config
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:59f26390619d85e2fcec6b70f58ee0001eb20583
Branches Tags
titaniumtown:main
titaniumtown:final-before-unify
..
compare: titaniumtown:d234fa53d9abff32efc0ee9a20b74183276b72d9
Branches Tags
titaniumtown:main
titaniumtown:final-before-unify

2 Commits
59f2639061 ... d234fa53d9

Author SHA1 Message Date
Simon Gardling
d234fa53d9 ci: fix ntfy notifications with auth and readable secrets
All checks were successful
Build and Deploy / deploy (push) Successful in 2m18s
 2026-03-30 21:38:32 -04:00
Simon Gardling
ee3a24b5da ci: add server-public to /etc/hosts for self-deploy 2026-03-30 21:37:49 -04:00
3 changed files with 15 additions and 8 deletions
Expand all files Collapse all files

12
.gitea/workflows/deploy.yml
View File

@@ -36,8 +36,11 @@ jobs:
- name: Notify success - name: Notify success
if: success() if: success()
run: | run: |
TOPIC=$(cat /run/agenix/ntfy-alerts-topic | tr -d '[:space:]')
TOKEN=$(cat /run/agenix/ntfy-alerts-token | tr -d '[:space:]')
curl -sf -X POST \ curl -sf -X POST \
"https://ntfy.sigkill.computer/deployments" \ "https://ntfy.sigkill.computer/$TOPIC" \
-H "Authorization: Bearer $TOKEN" \
-H "Title: [muffin] Deploy succeeded" \ -H "Title: [muffin] Deploy succeeded" \
-H "Priority: default" \ -H "Priority: default" \
-H "Tags: white_check_mark" \ -H "Tags: white_check_mark" \
@@ -46,9 +49,12 @@ jobs:
- name: Notify failure - name: Notify failure
if: failure() if: failure()
run: | run: |
TOPIC=$(cat /run/agenix/ntfy-alerts-topic 2>/dev/null | tr -d '[:space:]')
TOKEN=$(cat /run/agenix/ntfy-alerts-token 2>/dev/null | tr -d '[:space:]')
curl -sf -X POST \ curl -sf -X POST \
"https://ntfy.sigkill.computer/deployments" \ "https://ntfy.sigkill.computer/$TOPIC" \
-H "Authorization: Bearer $TOKEN" \
-H "Title: [muffin] Deploy FAILED" \ -H "Title: [muffin] Deploy FAILED" \
-H "Priority: urgent" \ -H "Priority: urgent" \
-H "Tags: rotating_light" \ -H "Tags: rotating_light" \
-d "server-config deploy failed at commit ${GITHUB_SHA::8}" -d "server-config deploy failed at commit ${GITHUB_SHA::8}" || true

1
configuration.nix
View File

@@ -75,6 +75,7 @@
]; ];
# Hosts entries for CI/CD deploy targets # Hosts entries for CI/CD deploy targets
networking.hosts."192.168.1.50" = [ "server-public" ];
networking.hosts."192.168.1.223" = [ "desktop" ]; networking.hosts."192.168.1.223" = [ "desktop" ];
services.kmscon.enable = true; services.kmscon.enable = true;

10
modules/age-secrets.nix
View File

@@ -68,19 +68,19 @@
group = "root"; group = "root";
}; };
# ntfy-alerts secrets # ntfy-alerts secrets (group-readable for CI runner notifications)
ntfy-alerts-topic = { ntfy-alerts-topic = {
file = ../secrets/ntfy-alerts-topic.age; file = ../secrets/ntfy-alerts-topic.age;
mode = "0400"; mode = "0440";
owner = "root"; owner = "root";
group = "root"; group = "gitea-runner";
}; };
ntfy-alerts-token = { ntfy-alerts-token = {
file = ../secrets/ntfy-alerts-token.age; file = ../secrets/ntfy-alerts-token.age;
mode = "0400"; mode = "0440";
owner = "root"; owner = "root";
group = "root"; group = "gitea-runner";
}; };
# Firefox Sync server secrets (SYNC_MASTER_SECRET) # Firefox Sync server secrets (SYNC_MASTER_SECRET)