118 lines
3.3 KiB
Nix
118 lines
3.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.matrix-ops-bot;
|
|
defaultMatrixOpsBotPackage =
|
|
if builtins.hasAttr "matrix-ops-bot" pkgs then pkgs."matrix-ops-bot" else null;
|
|
in
|
|
{
|
|
options.services.matrix-ops-bot = {
|
|
enable = lib.mkEnableOption "matrix-ops-bot webhook daemon";
|
|
|
|
package = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.package;
|
|
default = defaultMatrixOpsBotPackage;
|
|
description = "Package that provides matrix-ops-bot.";
|
|
};
|
|
|
|
stateDirectory = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "matrix-ops-bot";
|
|
description = "StateDirectory name for persistent service state under /var/lib.";
|
|
};
|
|
|
|
configFile = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "/etc/matrix-ops-bot/config.json";
|
|
description = "Source file loaded into systemd credentials as config.json.";
|
|
};
|
|
|
|
envFile = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Optional source env file loaded into systemd credentials as bot.env.";
|
|
};
|
|
|
|
templateRoot = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Template root directory passed via OPS_BOT_TEMPLATE_ROOT.";
|
|
};
|
|
|
|
listenAddress = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "127.0.0.1";
|
|
description = "Listen address passed via BOT_LISTEN_HOST.";
|
|
};
|
|
|
|
port = lib.mkOption {
|
|
type = lib.types.port;
|
|
default = 1111;
|
|
description = "Listen port passed via BOT_LISTEN_PORT.";
|
|
};
|
|
|
|
extraEnvironment = lib.mkOption {
|
|
type = lib.types.attrsOf lib.types.str;
|
|
default = { };
|
|
description = "Additional environment variables for the service.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
assertion = cfg.package != null;
|
|
message = ''
|
|
services.matrix-ops-bot.package is not set and pkgs.matrix-ops-bot
|
|
was not found. Configure package explicitly.
|
|
'';
|
|
}
|
|
];
|
|
|
|
systemd.services.matrix-ops-bot = {
|
|
description = "Matrix Ops Bot webhook daemon";
|
|
wantedBy = [ "multi-user.target" ];
|
|
wants = [ "network-online.target" ];
|
|
after = [ "network-online.target" ];
|
|
environment = {
|
|
BOT_CONFIG_FILE = "%d/config.json";
|
|
BOT_LISTEN_HOST = cfg.listenAddress;
|
|
BOT_LISTEN_PORT = toString cfg.port;
|
|
OPS_BOT_TEMPLATE_ROOT =
|
|
if cfg.templateRoot != null then
|
|
cfg.templateRoot
|
|
else
|
|
"${cfg.package}/share/matrix-ops-bot/templates";
|
|
}
|
|
// lib.optionalAttrs (cfg.envFile != null) {
|
|
BOT_ENV_FILE = "%d/bot.env";
|
|
}
|
|
// cfg.extraEnvironment;
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${cfg.package}/bin/matrix-ops-bot";
|
|
DynamicUser = true;
|
|
StateDirectory = cfg.stateDirectory;
|
|
WorkingDirectory = "/var/lib/${cfg.stateDirectory}";
|
|
LoadCredential = [
|
|
"config.json:${cfg.configFile}"
|
|
]
|
|
++ lib.optionals (cfg.envFile != null) [
|
|
"bot.env:${cfg.envFile}"
|
|
];
|
|
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
|
|
NoNewPrivileges = true;
|
|
PrivateTmp = true;
|
|
ProtectSystem = "strict";
|
|
ProtectHome = true;
|
|
};
|
|
};
|
|
};
|
|
}
|