Migrations infra & working instance-control + commands

all-apps/instance-control-webhooks/hooks/hooks.yaml

@@ -1,33 +0,0 @@
-- id: queue-restic-snapshot
-  pass-environment-to-command:
-    - source: payload
-      name: version
-    - source: payload
-      name: path
-    - source: payload
-      name: tag
-    - source: payload
-      name: request_id
-  trigger-rule:
-    # - match:
-    #     type: payload-hmac-sha256
-    #     secret: '{{ cat "/run/secrets/instance_control_webhooks_secret" }}'
-    #     parameter:
-    #       source: header
-    #       name: X-Nassella-Signature
-  execute-command: "/etc/webhook/queue-restic-snapshot.sh"
-- id: restic-snapshot-status
-  include-command-output-in-response: true
-  pass-environment-to-command:
-    - source: payload
-      name: version
-    - source: payload
-      name: request_id
-  # trigger-rule:
-  #   - match:
-  #       type: payload-hmac-sha256
-  #       secret: '{{ cat "/run/secrets/instance_control_webhooks_secret" }}'
-  #       parameter:
-  #         source: header
-  #         name: X-Nassella-Signature
-  execute-command: "/etc/webhook/restic-snapshot-status.sh"

all-apps/instance-control/docker-compose.yaml

@@ -2,24 +2,21 @@ version: '3'
 
 secrets:
   instance_control_webhooks_secret:
-    file: ./instance-control-webhooks/webhook_secret
+    file: ./instance-control/webhook_secret
 
 services:
-  node_webhooks:
+  instance_control:
     image: almir/webhook
     volumes:
-      - ./instance-control-webhooks/hooks/:/etc/webhook
+      - ./instance-control/hooks/:/etc/webhook
       - /tmp/restic:/tmp/restic
     secrets:
       - instance_control_webhooks_secret
     command:
-      - -template
-      - "-hooks=/etc/webhook/hooks.yaml"
+      - "-hooks=/etc/webhook/hooks.json"
       - -verbose
     networks:
       - lb
     restart: unless-stopped
-    ports:
-      - 9000:9000
 networks:
   lb:

all-apps/instance-control/hooks/hooks.json.tmpl

@@ -0,0 +1,43 @@
+[
+    {
+        "id": "queue-restic-snapshot",
+        "pass-environment-to-command": [
+            {"source": "payload", "name": "version"},
+            {"source": "payload", "name": "path"},
+            {"source": "payload", "name": "tag"},
+            {"source": "payload", "name": "request_id"}
+        ],
+        "trigger-rule":
+            {
+                "match": {
+                    "type": "payload-hmac-sha256",
+                    "secret": "$INSTANCE_CONTROL_WEBHOOKS_SECRET",
+                    "parameter": {
+                        "source": "header",
+                        "name": "X-Nassella-Signature"
+                    }
+                }
+            },
+        "execute-command": "/etc/webhook/queue-restic-snapshot.sh"
+    },
+    {
+        "id": "restic-snapshot-status",
+        "include-command-output-in-response": true,
+        "pass-environment-to-command": [
+            {"source": "payload", "name": "version"},
+            {"source": "payload", "name": "request_id"}
+        ],
+        "trigger-rule":
+            {
+                "match": {
+                    "type": "payload-hmac-sha256",
+                    "secret": "$INSTANCE_CONTROL_WEBHOOKS_SECRET",
+                    "parameter": {
+                        "source": "header",
+                        "name": "X-Nassella-Signature"
+                    }
+                }
+            },
+        "execute-command": "/etc/webhook/restic-snapshot-status.sh"
+    }
+]

all-apps/instance-control/hooks/queue-restic-snapshot.sh

@@ -4,7 +4,7 @@
 # touch /maintenance/maintenance.on
 # rm /maintenance/maintenance.on
 
-# for instance-control-webhooks docker compose setup:
+# for instance-control docker compose setup:
 # make a directory in /tmp for these pipes and mount that as a volume
 # into the container