tgstation-operations · Cyberboss · Feb 24, 2025 · Feb 23, 2025 · Feb 23, 2025 · Feb 23, 2025
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -35,6 +35,7 @@
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
     dragon-bot.url = "github:tgstation/dragon-bot";
     tgstation-server.url = "github:tgstation/tgstation-server/e7d2a23450a7cb00e0b2bb87dc0815fec04d1855?dir=build/package/nix";
+    tgstation-pr-announcer.url = "github:tgstation/tgstation/c1ceeb35edfe1f72e9ed362a451ffd5bae9d2ede?dir=tools/Tgstation.PRAnnouncer";
     tgstation-website.url = "github:tgstation-operations/website-v2";
     impermanence.url = "github:scriptis/impermanence";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";

diff --git a/systems/game-servers/secrets/secrets.nix b/systems/game-servers/secrets/secrets.nix
@@ -13,6 +13,8 @@ in {
   "rsc-cdn.age".publicKeys = users ++ systems ++ [wiggle];
   # /tg/station13 main server secrets
   "tg13-dbconfig.age".publicKeys = users ++ systems ++ [wiggle];
+  # The comms key in here is also used in the PR announcer
+  # If you change it here change it there as well
   "tg13-comms.age".publicKeys = users ++ systems ++ [wiggle];
   "tg13-tts_secrets.age".publicKeys = users ++ systems ++ [wiggle];
   "tg13-webhooks.age".publicKeys = users ++ systems ++ [wiggle];

diff --git a/systems/game-servers/systems/tgsatan/default.nix b/systems/game-servers/systems/tgsatan/default.nix
@@ -11,6 +11,7 @@
     (import hw.common-gpu-nvidia)
     (import hw.common-cpu-amd)
     self.inputs.tgstation-server.nixosModules.default
+    self.inputs.tgstation-pr-announcer.nixosModules.default
   ];
   localModules = [
     ../../../../modules/fail2ban.nix
@@ -114,6 +115,17 @@ in {
     wants = ["mysql.service"];
   };
 
+  age.secrets.tgstation-pr-announcer = {
+    file = ./secrets/tgstation-pr-announcer.age;
+    owner = "${config.services.tgstation-pr-announcer.username}";
+    group = "${config.services.tgstation-pr-announcer.groupname}";
+  };
+  services.tgstation-pr-announcer = {
+    enable = true;
+    production-appsettings = ./tgstation-pr-announcer/tgstation_pr_announcer_config.json;
+    environmentFile = config.age.secrets.tgstation-pr-announcer.path;
+  };
+
   services.grafana = {
     enable = true;
     settings = {

diff --git a/systems/game-servers/systems/tgsatan/modules/caddy/default.nix b/systems/game-servers/systems/tgsatan/modules/caddy/default.nix
@@ -80,7 +80,20 @@
         useACMEHost = "tgs.tgsatan.us.tgstation13.org";
         extraConfig = ''
           encode gzip zstd
-          reverse_proxy localhost:5000
+          reverse_proxy localhost:5000 {
+            health_uri /health
+            health_port 5000
+          }
+        '';
+      };
+      "github_webhooks.tgstation13.org" = {
+        useACMEHost = "github_webhooks.tgstation13.org";
+        extraConfig = ''
+          encode gzip zstd
+          reverse_proxy localhost:5004 {
+            health_uri /health
+            health_port 5004
+          }
         '';
       };
       "s3.tgstation13.org" = {

diff --git a/systems/game-servers/systems/tgsatan/modules/monitoring/prometheus.nix b/systems/game-servers/systems/tgsatan/modules/monitoring/prometheus.nix
@@ -5,7 +5,9 @@
 }: let
   systemdPromPort = toString config.services.prometheus.exporters.systemd.port;
   nodeExporterPort = toString config.services.prometheus.exporters.node.port;
+  # Needs moved into a common config
   tgsPromPort = "5001";
+  prAnnouncerPort = "5004";
   # The following is already a string, so no need to convert it
   haproxyPromPort = config.systemd.services.haproxy.environment.PROMETHEUS_PORT;
 in {
@@ -81,6 +83,16 @@ in {
           }
         ];
       }
+      {
+        job_name = "GitHub Webhook PR Announcer";
+        static_configs = [
+          {
+            targets = [
+              "tgsatan.tg.lan:${prAnnouncerPort}"
+            ];
+          }
+        ];
+      }
       {
         job_name = "systemd relay node";
         static_configs = [

diff --git a/systems/game-servers/systems/tgsatan/secrets/secrets.nix b/systems/game-servers/systems/tgsatan/secrets/secrets.nix
@@ -17,6 +17,10 @@ in {
   "cloudflared-pem.age".publicKeys = users ++ systems;
   # Tgstation website api key
   "tgstation-web-apikey.age".publicKeys = users ++ systems;
+  # TGS PR Announcer
+  # The same value is used in game-servers/secrets/tg13-comms.age
+  # TODO: Move to a shared secret (somehow)
+  "tgstation-pr-announcer.age".publicKeys = users ++ systems;
   # AWS Route 53 DNS-01
   "aws_credentials.age".publicKeys = users ++ systems;
   # Atticd

diff --git a/systems/game-servers/systems/tgsatan/secrets/tgstation-pr-announcer.age b/systems/game-servers/systems/tgsatan/secrets/tgstation-pr-announcer.age
diff --git a/...ms/game-servers/systems/tgsatan/tgstation-pr-announcer/tgstation_pr_announcer_config.json b/...ms/game-servers/systems/tgsatan/tgstation-pr-announcer/tgstation_pr_announcer_config.json
@@ -0,0 +1,42 @@
+{
+  "Settings": {
+    "GameServerHealthCheckSeconds": 30,
+    "Servers": [
+      {
+        "Address": "blockmoths.tg.lan",
+        "Port": 3336,
+        "InterestedRepoSlugs": [
+          "tgstation/tgstation"
+        ]
+      },
+      {
+        "Address": "localhost",
+        "Port": 1337,
+        "InterestedRepoSlugs": [
+          "tgstation/tgstation"
+        ]
+      },
+      {
+        "Address": "localhost",
+        "Port": 1447,
+        "InterestedRepoSlugs": [
+          "tgstation/tgstation"
+        ]
+      },
+      {
+        "Address": "localhost",
+        "Port": 5337,
+        "InterestedRepoSlugs": [
+          "tgstation/TerraGov-Marine-Corps"
+        ]
+      }
+    ]
+  },
+  "Kestrel": {
+    "Endpoints": {
+      "Http": {
+        "Url": "http://0.0.0.0:5004"
+      }
+    }
+  }
+}