From bd71d6e2f560aa6e0d2b3b362635b84817cf2b5d Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Fri, 13 Mar 2026 20:00:09 -0700 Subject: [PATCH] Don't ntfy for logrotate failures and add container names to ntfy alerts --- common/network/pia-vpn/service-container.nix | 4 ++++ common/network/pia-vpn/vpn-container.nix | 3 +++ common/ntfy/default.nix | 6 ++++++ common/ntfy/service-failure.nix | 2 +- common/server/gitea-actions-runner.nix | 8 ++++++-- 5 files changed, 20 insertions(+), 3 deletions(-) diff --git a/common/network/pia-vpn/service-container.nix b/common/network/pia-vpn/service-container.nix index c8f7ef0..f62b632 100644 --- a/common/network/pia-vpn/service-container.nix +++ b/common/network/pia-vpn/service-container.nix @@ -11,6 +11,7 @@ with lib; let cfg = config.pia-vpn; + hostName = config.networking.hostName; mkContainer = name: ctr: { autoStart = true; @@ -28,6 +29,9 @@ let config = { config, pkgs, lib, ... }: { imports = allModules ++ [ ctr.config ]; + ntfy-alerts.ignoredUnits = [ "logrotate" ]; + ntfy-alerts.hostLabel = "${hostName}/${name}"; + # Static IP with gateway pointing to VPN container networking.useNetworkd = true; systemd.network.enable = true; diff --git a/common/network/pia-vpn/vpn-container.nix b/common/network/pia-vpn/vpn-container.nix index e45ed77..d8964eb 100644 --- a/common/network/pia-vpn/vpn-container.nix +++ b/common/network/pia-vpn/vpn-container.nix @@ -6,6 +6,7 @@ with lib; let cfg = config.pia-vpn; + hostName = config.networking.hostName; scripts = import ./scripts.nix; # Port forwarding derived state @@ -98,6 +99,8 @@ in # Route ntfy alerts through the host proxy (VPN container has no gateway on eth0) ntfy-alerts.curlExtraArgs = "--proxy http://${cfg.hostAddress}:${toString cfg.proxyPort}"; + ntfy-alerts.ignoredUnits = [ "logrotate" ]; + ntfy-alerts.hostLabel = "${hostName}/pia-vpn"; # Enable forwarding so bridge traffic can go through WG boot.kernel.sysctl."net.ipv4.ip_forward" = 1; diff --git a/common/ntfy/default.nix b/common/ntfy/default.nix index d917040..fd5965f 100644 --- a/common/ntfy/default.nix +++ b/common/ntfy/default.nix @@ -26,6 +26,12 @@ default = [ ]; description = "Unit names to skip failure notifications for."; }; + + hostLabel = lib.mkOption { + type = lib.types.str; + default = config.networking.hostName; + description = "Label used in ntfy alert titles to identify this host/container."; + }; }; config = lib.mkIf config.thisMachine.hasRole."ntfy" { diff --git a/common/ntfy/service-failure.nix b/common/ntfy/service-failure.nix index e10548b..71ae4e1 100644 --- a/common/ntfy/service-failure.nix +++ b/common/ntfy/service-failure.nix @@ -32,7 +32,7 @@ in --max-time 30 --retry 3 \ ${cfg.curlExtraArgs} \ -H "Authorization: Bearer $NTFY_TOKEN" \ - -H "Title: Service failure on ${config.networking.hostName}" \ + -H "Title: Service failure on ${cfg.hostLabel}" \ -H "Priority: high" \ -H "Tags: rotating_light" \ -H "Message: Unit $unit failed at $(date +%c)" \ diff --git a/common/server/gitea-actions-runner.nix b/common/server/gitea-actions-runner.nix index 4c4f071..af17223 100644 --- a/common/server/gitea-actions-runner.nix +++ b/common/server/gitea-actions-runner.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, allModules, ... }: # Gitea Actions Runner inside a NixOS container. # The container shares the host's /nix/store (read-only) and nix-daemon socket, @@ -9,6 +9,7 @@ let thisMachineIsARunner = config.thisMachine.hasRole."gitea-actions-runner"; hostOverlays = config.nixpkgs.overlays; + hostName = config.networking.hostName; containerName = "gitea-runner"; giteaRunnerUid = 991; giteaRunnerGid = 989; @@ -32,9 +33,12 @@ in }; config = { config, lib, pkgs, ... }: { - system.stateVersion = "25.11"; + imports = allModules; nixpkgs.overlays = hostOverlays; + ntfy-alerts.ignoredUnits = [ "logrotate" ]; + ntfy-alerts.hostLabel = "${hostName}/${containerName}"; + services.gitea-actions-runner.instances.inst = { enable = true; name = containerName;