gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/services.mjolnir: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler
2024-08-24 22:05:37 +02:00
parent 167cad7457
commit 0f517df99c
1 changed files with 36 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
nixos/modules/services/matrix/mjolnir.nix
View File

@@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.services.mjolnir; cfg = config.services.mjolnir;
@@ -25,8 +23,8 @@ let
}; };
moduleConfigFile = pkgs.writeText "module-config.yaml" ( moduleConfigFile = pkgs.writeText "module-config.yaml" (
generators.toYAML { } (filterAttrs (_: v: v != null) lib.generators.toYAML { } (lib.filterAttrs (_: v: v != null)
(fold recursiveUpdate { } [ yamlConfig cfg.settings ]))); (lib.fold lib.recursiveUpdate { } [ yamlConfig cfg.settings ])));
# these config files will be merged one after the other to build the final config # these config files will be merged one after the other to build the final config
configFiles = [ configFiles = [
@@ -38,8 +36,8 @@ let
# replace all secret strings using replace-secret # replace all secret strings using replace-secret
generateConfig = pkgs.writeShellScript "mjolnir-generate-config" ( generateConfig = pkgs.writeShellScript "mjolnir-generate-config" (
let let
yqEvalStr = concatImapStringsSep " * " (pos: _: "select(fileIndex == ${toString (pos - 1)})") configFiles; yqEvalStr = lib.concatImapStringsSep " * " (pos: _: "select(fileIndex == ${toString (pos - 1)})") configFiles;
yqEvalArgs = concatStringsSep " " configFiles; yqEvalArgs = lib.concatStringsSep " " configFiles;
in in
'' ''
set -euo pipefail set -euo pipefail
@@ -54,10 +52,10 @@ let
# e.g. "eval-all 'select(fileIndex == 0) * select(fileIndex == 1)' filea.yaml fileb.yaml" will merge filea.yaml with fileb.yaml # e.g. "eval-all 'select(fileIndex == 0) * select(fileIndex == 1)' filea.yaml fileb.yaml" will merge filea.yaml with fileb.yaml
${pkgs.yq-go}/bin/yq eval-all -P '${yqEvalStr}' ${yqEvalArgs} > ${cfg.dataPath}/config/default.yaml ${pkgs.yq-go}/bin/yq eval-all -P '${yqEvalStr}' ${yqEvalArgs} > ${cfg.dataPath}/config/default.yaml
${optionalString (cfg.accessTokenFile != null) '' ${lib.optionalString (cfg.accessTokenFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@ACCESS_TOKEN@' '${cfg.accessTokenFile}' ${cfg.dataPath}/config/default.yaml ${pkgs.replace-secret}/bin/replace-secret '@ACCESS_TOKEN@' '${cfg.accessTokenFile}' ${cfg.dataPath}/config/default.yaml
''} ''}
${optionalString (cfg.pantalaimon.passwordFile != null) '' ${lib.optionalString (cfg.pantalaimon.passwordFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@PANTALAIMON_PASSWORD@' '${cfg.pantalaimon.passwordFile}' ${cfg.dataPath}/config/default.yaml ${pkgs.replace-secret}/bin/replace-secret '@PANTALAIMON_PASSWORD@' '${cfg.pantalaimon.passwordFile}' ${cfg.dataPath}/config/default.yaml
''} ''}
'' ''
@@ -65,10 +63,10 @@ let
in in
{ {
options.services.mjolnir = { options.services.mjolnir = {
enable = mkEnableOption "Mjolnir, a moderation tool for Matrix"; enable = lib.mkEnableOption "Mjolnir, a moderation tool for Matrix";
homeserverUrl = mkOption { homeserverUrl = lib.mkOption {
type = types.str; type = lib.types.str;
default = "https://matrix.org"; default = "https://matrix.org";
description = '' description = ''
Where the homeserver is located (client-server URL). Where the homeserver is located (client-server URL).
@@ -78,43 +76,43 @@ in
''; '';
}; };
accessTokenFile = mkOption { accessTokenFile = lib.mkOption {
type = with types; nullOr path; type = with lib.types; nullOr path;
default = null; default = null;
description = '' description = ''
File containing the matrix access token for the `mjolnir` user. File containing the matrix access token for the `mjolnir` user.
''; '';
}; };
pantalaimon = mkOption { pantalaimon = lib.mkOption {
description = '' description = ''
`pantalaimon` options (enables E2E Encryption support). `pantalaimon` options (enables E2E Encryption support).
This will create a `pantalaimon` instance with the name "mjolnir". This will create a `pantalaimon` instance with the name "mjolnir".
''; '';
default = { }; default = { };
type = types.submodule { type = lib.types.submodule {
options = { options = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
ignoring the accessToken. If true, accessToken is ignored and the username/password below will be ignoring the accessToken. If true, accessToken is ignored and the username/password below will be
used instead. The access token of the bot will be stored in the dataPath used instead. The access token of the bot will be stored in the dataPath
''; '';
username = mkOption { username = lib.mkOption {
type = types.str; type = lib.types.str;
description = "The username to login with."; description = "The username to login with.";
}; };
passwordFile = mkOption { passwordFile = lib.mkOption {
type = with types; nullOr path; type = with lib.types; nullOr path;
default = null; default = null;
description = '' description = ''
File containing the matrix password for the `mjolnir` user. File containing the matrix password for the `mjolnir` user.
''; '';
}; };
options = mkOption { options = lib.mkOption {
type = types.submodule (import ./pantalaimon-options.nix); type = lib.types.submodule (import ./pantalaimon-options.nix);
default = { }; default = { };
description = '' description = ''
passthrough additional options to the `pantalaimon` service. passthrough additional options to the `pantalaimon` service.
@@ -124,16 +122,16 @@ in
}; };
}; };
dataPath = mkOption { dataPath = lib.mkOption {
type = types.path; type = lib.types.path;
default = "/var/lib/mjolnir"; default = "/var/lib/mjolnir";
description = '' description = ''
The directory the bot should store various bits of information in. The directory the bot should store various bits of information in.
''; '';
}; };
managementRoom = mkOption { managementRoom = lib.mkOption {
type = types.str; type = lib.types.str;
default = "#moderators:example.org"; default = "#moderators:example.org";
description = '' description = ''
The room ID where people can use the bot. The bot has no access controls, so The room ID where people can use the bot. The bot has no access controls, so
@@ -143,10 +141,10 @@ in
''; '';
}; };
protectedRooms = mkOption { protectedRooms = lib.mkOption {
type = types.listOf types.str; type = lib.types.listOf lib.types.str;
default = [ ]; default = [ ];
example = literalExpression '' example = lib.literalExpression ''
[ [
"https://matrix.to/#/#yourroom:example.org" "https://matrix.to/#/#yourroom:example.org"
"https://matrix.to/#/#anotherroom:example.org" "https://matrix.to/#/#anotherroom:example.org"
@@ -157,10 +155,10 @@ in
''; '';
}; };
settings = mkOption { settings = lib.mkOption {
default = { }; default = { };
type = (pkgs.formats.yaml { }).type; type = (pkgs.formats.yaml { }).type;
example = literalExpression '' example = lib.literalExpression ''
{ {
autojoinOnlyIfManager = true; autojoinOnlyIfManager = true;
automaticallyRedactForReasons = [ "spam" "advertising" ]; automaticallyRedactForReasons = [ "spam" "advertising" ];
@@ -172,7 +170,7 @@ in
}; };
}; };
config = mkIf config.services.mjolnir.enable { config = lib.mkIf config.services.mjolnir.enable {
assertions = [ assertions = [
{ {
assertion = !(cfg.pantalaimon.enable && cfg.pantalaimon.passwordFile == null); assertion = !(cfg.pantalaimon.enable && cfg.pantalaimon.passwordFile == null);
@@ -188,15 +186,15 @@ in
} }
]; ];
services.pantalaimon-headless.instances."mjolnir" = mkIf cfg.pantalaimon.enable services.pantalaimon-headless.instances."mjolnir" = lib.mkIf cfg.pantalaimon.enable
{ {
homeserver = cfg.homeserverUrl; homeserver = cfg.homeserverUrl;
} // cfg.pantalaimon.options; } // cfg.pantalaimon.options;
systemd.services.mjolnir = { systemd.services.mjolnir = {
description = "mjolnir - a moderation tool for Matrix"; description = "mjolnir - a moderation tool for Matrix";
wants = [ "network-online.target" ] ++ optionals (cfg.pantalaimon.enable) [ "pantalaimon-mjolnir.service" ]; wants = [ "network-online.target" ] ++ lib.optionals (cfg.pantalaimon.enable) [ "pantalaimon-mjolnir.service" ];
after = [ "network-online.target" ] ++ optionals (cfg.pantalaimon.enable) [ "pantalaimon-mjolnir.service" ]; after = [ "network-online.target" ] ++ lib.optionals (cfg.pantalaimon.enable) [ "pantalaimon-mjolnir.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
@@ -216,10 +214,10 @@ in
/* TODO: wait for #102397 to be resolved. Then load secrets from $CREDENTIALS_DIRECTORY+"/NAME" /* TODO: wait for #102397 to be resolved. Then load secrets from $CREDENTIALS_DIRECTORY+"/NAME"
DynamicUser = true; DynamicUser = true;
LoadCredential = [] ++ LoadCredential = [] ++
optionals (cfg.accessTokenFile != null) [ lib.optionals (cfg.accessTokenFile != null) [
"access_token:${cfg.accessTokenFile}" "access_token:${cfg.accessTokenFile}"
] ++ ] ++
optionals (cfg.pantalaimon.passwordFile != null) [ lib.optionals (cfg.pantalaimon.passwordFile != null) [
"pantalaimon_password:${cfg.pantalaimon.passwordFile}" "pantalaimon_password:${cfg.pantalaimon.passwordFile}"
]; ];
*/ */
@@ -237,6 +235,6 @@ in
meta = { meta = {
doc = ./mjolnir.md; doc = ./mjolnir.md;
maintainers = with maintainers; [ jojosch ]; maintainers = with lib.maintainers; [ jojosch ];
}; };
} }