port matrix-ops-bot to uv and nix flake module

2026-03-05 15:55:47 +01:00 · 2026-03-05 15:55:47 +01:00 · 3a042155af
commit 3a042155af
parent c13d5fc536
17 changed files with 2402 additions and 3476 deletions
--- a/nix/modules/nixos/default.nix
+++ b/nix/modules/nixos/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./services/matrix-ops-bot.nix
+  ];
+}
--- a/nix/modules/nixos/services/matrix-ops-bot.nix
+++ b/nix/modules/nixos/services/matrix-ops-bot.nix
@ -0,0 +1,118 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.matrix-ops-bot;
+  defaultMatrixOpsBotPackage =
+    if builtins.hasAttr "matrix-ops-bot" pkgs then pkgs."matrix-ops-bot" else null;
+in
+{
+  options.services.matrix-ops-bot = {
+    enable = lib.mkEnableOption "matrix-ops-bot webhook daemon";
+
+    package = lib.mkOption {
+      type = lib.types.nullOr lib.types.package;
+      default = defaultMatrixOpsBotPackage;
+      description = "Package that provides matrix-ops-bot.";
+    };
+
+    stateDirectory = lib.mkOption {
+      type = lib.types.str;
+      default = "matrix-ops-bot";
+      description = "StateDirectory name for persistent service state under /var/lib.";
+    };
+
+    configFile = lib.mkOption {
+      type = lib.types.str;
+      default = "/etc/matrix-ops-bot/config.json";
+      description = "Source file loaded into systemd credentials as config.json.";
+    };
+
+    envFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Optional source env file loaded into systemd credentials as bot.env.";
+    };
+
+    templateRoot = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Template root directory passed via OPS_BOT_TEMPLATE_ROOT.";
+    };
+
+    listenAddress = lib.mkOption {
+      type = lib.types.str;
+      default = "127.0.0.1";
+      description = "Listen address passed via BOT_LISTEN_HOST.";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 1111;
+      description = "Listen port passed via BOT_LISTEN_PORT.";
+    };
+
+    extraEnvironment = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = { };
+      description = "Additional environment variables for the service.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.package != null;
+        message = ''
+          services.matrix-ops-bot.package is not set and pkgs.matrix-ops-bot
+          was not found. Configure package explicitly.
+        '';
+      }
+    ];
+
+    systemd.services.matrix-ops-bot = {
+      description = "Matrix Ops Bot webhook daemon";
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+      environment = {
+        BOT_CONFIG_FILE = "%d/config.json";
+        BOT_LISTEN_HOST = cfg.listenAddress;
+        BOT_LISTEN_PORT = toString cfg.port;
+        OPS_BOT_TEMPLATE_ROOT =
+          if cfg.templateRoot != null then
+            cfg.templateRoot
+          else
+            "${cfg.package}/share/matrix-ops-bot/templates";
+      }
+      // lib.optionalAttrs (cfg.envFile != null) {
+        BOT_ENV_FILE = "%d/bot.env";
+      }
+      // cfg.extraEnvironment;
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/matrix-ops-bot";
+        DynamicUser = true;
+        StateDirectory = cfg.stateDirectory;
+        WorkingDirectory = "/var/lib/${cfg.stateDirectory}";
+        LoadCredential = [
+          "config.json:${cfg.configFile}"
+        ]
+        ++ lib.optionals (cfg.envFile != null) [
+          "bot.env:${cfg.envFile}"
+        ];
+
+        Restart = "on-failure";
+        RestartSec = "5s";
+
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+      };
+    };
+  };
+}