Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[webhook] Switches match rule to just use an IP whitelist.

Browse Source
This commit is contained in:
Drew Haven
2025-06-05 11:10:40 -07:00
parent 9acaae9277
commit d432ef8014
1 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
system/hosts/mcp/static-site-hooks.nix
View File

@@ -58,18 +58,36 @@ in
id = "deploy-www2-terakoda-com"; id = "deploy-www2-terakoda-com";
http-methods = [ "POST" ]; http-methods = [ "POST" ];
command-working-directory = "/tank/web/www2.terakoda.com"; command-working-directory = "/tank/web/www2.terakoda.com";
include-command-output-in-response = true;
include-command-output-in-response-on-error = true; include-command-output-in-response-on-error = true;
execute-command = "${testHook}/bin/deploy-astro-app"; execute-command = "${testHook}/bin/deploy-astro-app";
trigger-rule-mismatch-http-response-code = 400;
trigger-rule = { trigger-rule = {
or = [
# There were some issues getting the payload signature validation to work.
# Switching to only accepting requests from internal IPs.
# {
# match = {
# type = "payload-hmac-sha1";
# secret = "mysecret";
# parameter = {
# source = "header";
# name = "X-Hub-Signature";
# };
# };
# }
{
match = { match = {
type = "payload-mac-sha256"; type = "ip-whitelist";
secret = "test123"; ip-range = "192.168.0.0/16";
parameter = {
source = "header";
name = "X-Hub-Signature-256";
}; };
}
{
match = {
type = "ip-whitelist";
ip-range = "10.88.0.0/16";
}; };
}
];
}; };
}; };
}; };