···
autoUpdate = lib.mkEnableOption "Automatically git pull on service restart";
45
-
enable = lib.mkEnableOption "Enable webhook endpoint for triggering service restart";
47
-
path = lib.mkOption {
48
-
type = lib.types.str;
49
-
default = "/webhook/restart";
50
-
description = "URL path for the webhook endpoint";
53
-
secretFile = lib.mkOption {
54
-
type = lib.types.nullOr lib.types.path;
56
-
description = "Path to file containing webhook secret token";
config = lib.mkIf cfg.enable {
···
87
-
systemd.services.cachet-webhook = lib.mkIf cfg.webhook.enable {
88
-
description = "Cachet webhook listener";
89
-
wantedBy = [ "multi-user.target" ];
90
-
after = [ "network.target" ];
93
-
webhookScript = pkgs.writeShellScript "cachet-webhook" ''
95
-
${lib.optionalString (cfg.webhook.secretFile != null) ''
96
-
SECRET=$(cat "${cfg.webhook.secretFile}")
99
-
while IFS= read -r line; do
100
-
# Parse the request line
101
-
if [[ "$line" =~ ^GET.*token=([^\ \&]+) ]]; then
102
-
TOKEN="''${BASH_REMATCH[1]}"
103
-
if [ "$TOKEN" = "$SECRET" ]; then
104
-
echo -e "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\nRestarting cachet service..."
105
-
${pkgs.systemd}/bin/systemctl restart cachet &
107
-
echo -e "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\n\r\nInvalid token"
110
-
echo -e "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\n\r\nBad request"
117
-
${pkgs.netcat}/bin/nc -l -p 9000 -c "${webhookScript}"
123
-
Restart = "always";
systemd.services.cachet = {
description = "Cachet Slack emoji/profile cache";
wantedBy = [ "multi-user.target" ];
···
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
184
-
${lib.optionalString cfg.webhook.enable ''
185
-
handle ${cfg.webhook.path} {
186
-
reverse_proxy localhost:9000
reverse_proxy localhost:${toString cfg.port}
dunkirk.sh