diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..8859aa4 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: taigrr diff --git a/.gitignore b/.gitignore index 877bc76..a69b303 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ config.toml config.yaml config.json *.env +.crush diff --git a/README.md b/README.md index 73574be..830e6e6 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ signal-cli -a +1YOURNUMBER updateProfile --avatar assets/octocat.png ### 2. Run signal-cli daemon ```bash -signal-cli -a +1YOURNUMBER daemon --http 127.0.0.1:8080 --no-receive-stdout +signal-cli -a +1YOURNUMBER daemon --http 127.0.0.1:8081 --no-receive-stdout ``` ### 3. Configure @@ -49,7 +49,7 @@ webhook_secret = "your-secret-here" listen_addr = ":9900" # signal-cli JSON-RPC endpoint -signal_url = "http://127.0.0.1:8080" +signal_url = "http://127.0.0.1:8081" # signal-cli account (phone number registered with signal-cli) signal_account = "+1YOURNUMBER" @@ -122,6 +122,23 @@ sudo nginx -t && sudo systemctl reload nginx Edit the service files first to set your phone number and paths. The signal-cli daemon listens on `127.0.0.1:8081` (not 8080, to avoid conflicts). Update `signal_url` in your config.toml to match. +### SSL with Certbot + +Install certbot and the nginx plugin, then request a certificate: + +```bash +# Install certbot (Debian/Ubuntu) +sudo apt install certbot python3-certbot-nginx + +# Request certificate (certbot auto-configures nginx) +sudo certbot --nginx -d ghwebhook.example.com + +# Verify auto-renewal is enabled +sudo systemctl status certbot.timer +``` + +Certbot will automatically modify the nginx config to enable SSL and set up renewal. The signal-cli daemon listens on `127.0.0.1:8081` (not 8080, to avoid conflicts). Update `signal_url` in your config.toml to match. + ## Dependencies - [cbrgm/githubevents](https://github.com/cbrgm/githubevents) — GitHub webhook event handling diff --git a/config.example.toml b/config.example.toml index f2f07d8..e7eae4c 100644 --- a/config.example.toml +++ b/config.example.toml @@ -5,10 +5,10 @@ webhook_secret = "" listen_addr = ":9900" # signal-cli JSON-RPC endpoint -signal_url = "http://127.0.0.1:8080" +signal_url = "http://127.0.0.1:8081" # signal-cli account (phone number registered with signal-cli) -signal_account = "+1234567890" +signal_account = "+YOURNUMBER" # Signal recipient UUID for DM notifications signal_recipient = "" diff --git a/deploy/github-to-signal.nginx.conf b/deploy/github-to-signal.nginx.conf index 7aa393b..9bfb353 100644 --- a/deploy/github-to-signal.nginx.conf +++ b/deploy/github-to-signal.nginx.conf @@ -1,9 +1,12 @@ server { - listen 443 ssl; - server_name ghooks.org; - ssl_certificate /etc/letsencrypt/live/ghwebhook.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ghwebhook.example.com/privkey.pem; + listen 80; + # listen 443 ssl; + server_name ghwebhook.example.com; + + # let certbot handle the SSL setup and renewal + # ssl_certificate /etc/letsencrypt/live/ghwebhook.example.com/fullchain.pem; + # ssl_certificate_key /etc/letsencrypt/live/ghwebhook.example.com/privkey.pem; location /webhook { proxy_pass http://127.0.0.1:9900; diff --git a/deploy/signal-cli-bot.service b/deploy/signal-cli-bot.service index f9b62ce..49d56a8 100644 --- a/deploy/signal-cli-bot.service +++ b/deploy/signal-cli-bot.service @@ -5,7 +5,7 @@ Wants=network-online.target [Service] Type=exec -ExecStart=/usr/local/bin/signal-cli -a +18134455076 daemon --http 127.0.0.1:8081 --no-receive-stdout +ExecStart=/usr/local/bin/signal-cli -a +YOURNUMBER daemon --http 127.0.0.1:8081 --no-receive-stdout Restart=on-failure RestartSec=5