Encrypt telegram password
This commit is contained in:
parent
e5bb75e0b6
commit
1163466d97
|
@ -46,7 +46,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
"${inputs.self}/modules/telegram-notifications"
|
||||
(import "${inputs.self}/modules/telegram-notifications" { inherit inputs; })
|
||||
];
|
||||
|
||||
systemd.timers."restic-backups-${custom.username}" = {
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
{ custom }: { pkgs, ... }:
|
||||
{ inputs }: { config, pkgs, ... }:
|
||||
let
|
||||
# TODO: encrypt with agenix
|
||||
telegram-notify-env = "/home/${custom.username}/.nixos/secrets/passwords/telegram_notify_env";
|
||||
|
||||
send-to-telegram = pkgs.writeShellScript "send-to-telegram" ''
|
||||
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${telegram-notify-env} | ${pkgs.findutils}/bin/xargs)
|
||||
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${config.age.secrets.telegramNotifyEnv.path} | ${pkgs.findutils}/bin/xargs)
|
||||
URL="https://api.telegram.org/bot$TELEGRAM_KEY/sendMessage"
|
||||
${pkgs.curl}/bin/curl -s -d "chat_id=$CHAT_ID&disable_web_page_preview=1&text=$1" $URL > /dev/null'';
|
||||
|
||||
|
@ -19,6 +18,7 @@ let
|
|||
$UNITSTATUS"'';
|
||||
in
|
||||
{
|
||||
age.secrets.telegramNotifyEnv.file = "${inputs.self}/scrts/telegram_notify_env.age";
|
||||
systemd.services."unit-status-telegram@" = {
|
||||
description = "Unit Status Telegram Service";
|
||||
unitConfig = {
|
||||
|
|
|
@ -30,11 +30,13 @@ let
|
|||
ttrss
|
||||
];
|
||||
defaultKeys = [ andreas andreas-nixos-vm gwyn management nixos-vm ];
|
||||
all = users ++ systems;
|
||||
in
|
||||
{
|
||||
"gitea_env.age".publicKeys = defaultKeys ++ [ git ];
|
||||
"pihole_env.age".publicKeys = defaultKeys ++ [ pihole ];
|
||||
"plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
|
||||
"telegram_notify_env.age".publicKeys = all;
|
||||
"ttrss_env.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||
}
|
||||
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue