From 1383b523bb443de0ff4b57780e4553fb59081d83 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Fri, 20 Sep 2024 18:42:07 +0700 Subject: [PATCH] ntfy: added notifications when user logs in via SSH, also added notifications for qBittorrent and ytptube --- system/modules/openssh.nix | 21 ++++++++++++++++++++- system/podman/qbittorrent.nix | 2 +- system/podman/ytptube.nix | 33 +++++++++++++++++++++++++++++++-- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/system/modules/openssh.nix b/system/modules/openssh.nix index e477686..68a066c 100644 --- a/system/modules/openssh.nix +++ b/system/modules/openssh.nix @@ -1,6 +1,7 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.profile.openssh; + inherit (lib.meta) getExe; in { config = lib.mkIf cfg.enable { @@ -37,5 +38,23 @@ in overalljails = true; # Calculate the bantime based on all the violations }; }; + + sops.secrets."ntfy/tokens/homeserver" = { sopsFile = ../../secrets/ntfy.yaml; }; + sops.templates."ntfy-ssh-login.sh" = { + content = builtins.readFile (lib.meta.getExe (pkgs.writeShellScriptBin "ntfy-ssh-login.sh" /*sh*/ '' + if [ "$PAM_TYPE" == "open_session" ]; then + ${getExe pkgs.curl} -X POST \ + -H "X-Priority: 4" \ + -H "X-Tags: warning" \ + -H "Authorization: Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}" \ + -d "SSH login: $PAM_USER from $PAM_RHOST" \ + https://ntfy.tigor.web.id/ssh + fi + '')); + }; + + security.pam.services.sshd.text = lib.mkDefault (lib.mkAfter '' + session optional pam_exec.so ${getExe pkgs.bash} ${config.sops.templates."ntfy-ssh-login.sh".path} + ''); }; } diff --git a/system/podman/qbittorrent.nix b/system/podman/qbittorrent.nix index 59f8c9c..1ae63ff 100644 --- a/system/podman/qbittorrent.nix +++ b/system/podman/qbittorrent.nix @@ -63,7 +63,7 @@ in -H "X-Title: $1" \ -H "X-Tags: white_check_mark,$2" \ -d "Number of Files: $7, Size: $size" \ - https://ntfy.tigor.web.id/qbittorrent + https://ntfy.tigor.web.id/qbittorrent?priority=4 ''); start-notify-script = pkgs.writeScriptBin "notify-start.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ '' #!/bin/bash diff --git a/system/podman/ytptube.nix b/system/podman/ytptube.nix index 5d047c1..a639b8e 100644 --- a/system/podman/ytptube.nix +++ b/system/podman/ytptube.nix @@ -17,14 +17,43 @@ let }; webhook = builtins.readFile ((pkgs.formats.json { }).generate "webhooks.json" [ { - name = "NTFY Webhook"; - on = [ "added" "completed" "error" "not_live" ]; + name = "NTFY Webhook Added"; + on = [ "added" ]; + request = { + url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20added."; + type = "json"; + method = "POST"; + headers = { + Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}''; + X-Tags = "rocket"; + }; + }; + } + { + name = "NTFY Webhook Completed"; + on = [ "completed" ]; request = { url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20%7B%7B%20.status%20%7D%7D"; type = "json"; method = "POST"; headers = { Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}''; + X-Tags = "heavy_check_mark"; + X-Priority = "4"; + }; + }; + } + { + name = "NTFY Webhook Error"; + on = [ "error" ]; + request = { + url = "https://ntfy.tigor.web.id/ytptube?tpl=1&t=%7B%7B.title%7D%7D&m=%5B%7B%7B%20.folder%20%7D%7D%5D%20Download%20%7B%7B%20.status%20%7D%7D"; + type = "json"; + method = "POST"; + headers = { + Authorization = ''Bearer ${config.sops.placeholder."ntfy/tokens/homeserver"}''; + X-Priority = "4"; + X-Tags = "x"; }; }; }