maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Improve monitoring of matrix and email2matrix

Browse source
This commit is contained in:
Malte Brandy 2019-08-12 03:04:15 +02:00
parent 27a7985665
commit d916bbedd5
10 changed files with 139 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/hera/configuration.nix
View file

@ -17,13 +17,15 @@ in {
../../system/mathechor.de.nix
../../system/monitoring
../../system/blog.nix
../../system/email2matrix.nix
../../system/matrix-synapse.nix
../../system/coturn.nix
./web.nix
./borg.nix
./mail.nix
./boot.nix
./cloud.nix
./network.nix
./matrix.nix
./secret
];
m-0.monitoring = [{
@ -33,7 +35,7 @@ in {
nix.sshServe = {
enable = true;
keys = me.keys;
keys = me.keys ++ me.backupkeys;
protocol = "ssh-ng";
};

23
hosts/hera/mail.nix
View file

@ -57,10 +57,10 @@ in {
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
};
in ''
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
'';
in ''
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
'';
startAt = "19:58:00";
serviceConfig.Type = "oneshot";
};
@ -73,8 +73,10 @@ in {
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks =
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
services.postfix = {
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
};
mailserver = {
enable = true;
enableImapSsl = true;
@ -85,7 +87,14 @@ in {
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
extraVirtualAliases = config.m-0.private.lists;
extraVirtualAliases = config.m-0.private.lists // {
"weather-channel@maralorn.de" =
[ "weather@email2matrix.maralorn.de" ];
"subjects-channel@maralorn.de" =
[ "subjects@email2matrix.maralorn.de" ];
"monitoring-channel@maralorn.de" =
[ "monitoring@email2matrix.maralorn.de" ];
};
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de

BIN
hosts/hera/secret/default.nix
View file

Binary file not shown.

BIN
hosts/hera/secret/maralorn.sieve
View file

Binary file not shown.

53
pkgs/default.nix
View file

@ -69,32 +69,32 @@ in rec {
targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
multiPkgs = pkgs:
(with pkgs;
with xorg; [
file
freetype
libpng
mesa_drivers
zlib
libXi
libXcursor
libXrandr
libXrender
libXxf86vm
libXcomposite
libXext
libX11
libudev
libGLU_combined
mesa_noglu.osmesa
libdrm
libpulseaudio
alsaLib
openal
mpg123
libtxc_dxtn
gnutls
krb5Full
]);
with xorg; [
file
freetype
libpng
mesa_drivers
zlib
libXi
libXcursor
libXrandr
libXrender
libXxf86vm
libXcomposite
libXext
libX11
libudev
libGLU_combined
mesa_noglu.osmesa
libdrm
libpulseaudio
alsaLib
openal
mpg123
libtxc_dxtn
gnutls
krb5Full
]);
runScript = "${gw2wrapper}/bin/gw2wrapper";
};
cachix = import sources.cachix { };
@ -169,4 +169,5 @@ in rec {
};
foreign-home-pkgs = extra-system-pkgs;
eventd = pkgs.callPackage ./eventd { };
email2matrix = pkgs.callPackage ./email2matrix { };
}

12
pkgs/email2matrix/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ buildGoModule, fetchFromGitHub, ... }:
buildGoModule rec {
name = "email2matrix";
version = "782bcfdd67983ff27f0b9cec5c81cf1a20796ab0";
src = fetchFromGitHub {
owner = "devture";
repo = "email2matrix";
rev = version;
sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
};
modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
}

16
system/coturn.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, ... }: {
networking.firewall.allowedTCPPorts = [ 3478 ];
services = {
coturn = {
enable = true;
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
};
}

46
system/email2matrix.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, config, ... }:
let
inherit (import ../pkgs) email2matrix;
default_mailbox = {
MailboxName = "<missing>";
MatrixRoomId = "<missing>";
MatrixHomeserverUrl = "https://matrix.maralorn.de";
MatrixUserId = "@marabot:matrix.maralorn.de";
MatrixAccessToken = config.m-0.private.matrix_marabot_token;
IgnoreSubject = false;
IgnoreBody = false;
SkipMarkdown = true;
};
email2matrix-config = pkgs.writeText "email2matrix-config.json"
(builtins.toJSON {
Smtp = {
ListenInterface = "[::1]:2525";
Hostname = "email2matrix.maralorn.de";
Workers = 10;
};
Matrix = {
Mappings = [
(default_mailbox // {
MailboxName = "subjects";
MatrixRoomId = "!kTKVQjRwxjaoMQmcve:maralorn.de";
IgnoreBody = true;
})
(default_mailbox // {
MailboxName = "monitoring";
MatrixRoomId = "!negVsngnYOmXYCLKiO:maralorn.de";
})
(default_mailbox // {
MailboxName = "weather";
MatrixRoomId = "!ELeFcSrHXgMqOmwnxg:maralorn.de";
})
];
};
Misc = { Debug = true; };
});
in {
systemd.services.email2matrix = {
script =
"${email2matrix}/bin/devture-email2matrix --config ${email2matrix-config}";
wantedBy = [ "multi-user.target" ];
};
}

20
hosts/hera/matrix.nix → system/matrix-synapse.nix
View file

@ -2,20 +2,10 @@
let
hostName = "matrix.maralorn.de";
inherit (config.m-0) hosts;
inherit (../../lib) unstable;
in {
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
networking.firewall.allowedTCPPorts = [ 8448 ];
services = {
coturn = {
enable = true;
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
nginx = {
enable = true;
virtualHosts."${hostName}" = {
@ -46,6 +36,8 @@ in {
max_upload_size = "30M";
create_local_database = false;
dynamic_thumbnails = true;
registration_shared_secret =
config.m-0.private.matrix_registration_secret;
macaroon_secret_key = config.m-0.private.macaroon_secret;
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
turn_shared_secret = config.m-0.private.turn_secret;
@ -92,6 +84,12 @@ in {
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
listeners = [
{
type = "metrics";
port = 9148;
bind_address = "127.0.0.1";
resources = [ ];
}
{
port = 8448;
bind_address = "::";

10
system/monitoring/default.nix
View file

@ -47,7 +47,7 @@ in {
"receivers" = [{
"name" = "team-admins";
"email_configs" = [{
"to" = "malte.brandy@maralorn.de";
"to" = "monitoring@maralorn.de";
"send_resolved" = true;
}];
}];
@ -73,6 +73,9 @@ in {
"https://wiki.vocalensemble-darmstadt.de"
"https://intern.vocalensemble-darmstadt.de"
"https://www.vocalensemble-darmstadt.de"
"https://matrix.maralorn.de"
"http://localhost:9090"
"http://localhost:9093"
];
}];
relabel_configs = [
@ -90,6 +93,11 @@ in {
} # The blackbox exporter's real hostname:port.
];
}
{
job_name = "matrix";
metrics_path = "/_synapse/metrics";
static_configs = [{ targets = [ "localhost:9148" ]; }];
}
{
job_name = "nodes";
static_configs = map (entry: {