ntfy: added notifications when user logs in via SSH, also added notifications for qBittorrent and ytptube

2024-09-20 18:42:07 +07:00 · 2024-09-20 18:42:07 +07:00 · 1383b523bb
parent b786265aa6
commit 1383b523bb
3 changed files with 52 additions and 4 deletions
--- a/system/modules/openssh.nix
+++ b/system/modules/openssh.nix
@ -1,6 +1,7 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
  cfg = config.profile.openssh;
+  inherit (lib.meta) getExe;
 in
 {
  config = lib.mkIf cfg.enable {
@ -37,5 +38,23 @@ in
        overalljails = true; # Calculate the bantime based on all the violations
      };
    };
+
+    sops.secrets."ntfy/tokens/homeserver" = { sopsFile = ../../secrets/ntfy.yaml; };
+    sops.templates."ntfy-ssh-login.sh" = {
+      content = builtins.readFile (lib.meta.getExe (pkgs.writeShellScriptBin "ntfy-ssh-login.sh" /*sh*/ ''
+        if [ "$PAM_TYPE" == "open_session" ]; then
+            ${getExe pkgs.curl} -X POST \
+                -H "X-Priority: 4" \
+                -H "X-Tags: warning" \
+                -H "Authorization: Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}" \
+                -d "SSH login: $PAM_USER from $PAM_RHOST" \
+                https://ntfy.tigor.web.id/ssh
+        fi
+      ''));
+    };
+
+    security.pam.services.sshd.text = lib.mkDefault (lib.mkAfter ''
+      session optional pam_exec.so ${getExe pkgs.bash} ${config.sops.templates."ntfy-ssh-login.sh".path}
+    '');
  };
 }
--- a/system/podman/qbittorrent.nix
+++ b/system/podman/qbittorrent.nix
@ -63,7 +63,7 @@ in
            -H "X-Title: $1" \
            -H "X-Tags: white_check_mark,$2" \
            -d "Number of Files: $7, Size: $size" \
-            https://ntfy.tigor.web.id/qbittorrent
+            https://ntfy.tigor.web.id/qbittorrent?priority=4
        '');
        start-notify-script = pkgs.writeScriptBin "notify-start.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
          #!/bin/bash
--- a/system/podman/ytptube.nix
+++ b/system/podman/ytptube.nix
@ -17,14 +17,43 @@ let
  };
  webhook = builtins.readFile ((pkgs.formats.json { }).generate "webhooks.json" [
    {
-      name = "NTFY Webhook";
-      on = [ "added" "completed" "error" "not_live" ];
+      name = "NTFY Webhook Added";
+      on = [ "added" ];
+      request = {
+        url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20added.";
+        type = "json";
+        method = "POST";
+        headers = {
+          Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}'';
+          X-Tags = "rocket";
+        };
+      };
+    }
+    {
+      name = "NTFY Webhook Completed";
+      on = [ "completed" ];
      request = {
        url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20%7B%7B%20.status%20%7D%7D";
        type = "json";
        method = "POST";
        headers = {
          Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}'';
+          X-Tags = "heavy_check_mark";
+          X-Priority = "4";
+        };
+      };
+    }
+    {
+      name = "NTFY Webhook Error";
+      on = [ "error" ];
+      request = {
+        url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20%7B%7B%20.status%20%7D%7D";
+        type = "json";
+        method = "POST";
+        headers = {
+          Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}'';
+          X-Priority = "4";
+          X-Tags = "x";
        };
      };
    }