1 files changed, 121 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..4085fb7
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,121 @@
+{
+ inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+ outputs =
+ {
+ self,
+ nixpkgs,
+ }:
+ let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in
+ {
+ packages.x86_64-linux = {
+ MatrixContentFilter = pkgs.buildDotnetModule rec {
+ pname = "MatrixContentFilter-v${version}";
+ version = "1";
+ dotnet-sdk = pkgs.dotnet-sdk_8;
+ dotnet-runtime = pkgs.dotnet-runtime_8;
+ src = ./.;
+ projectFile = [
+ "MatrixContentFilter/MatrixContentFilter.csproj"
+ ];
+ nugetDeps = ./MatrixContentFilter/deps.nix;
+ };
+ };
+ modules = {
+ default = (
+ {
+ pkgs,
+ lib,
+ config,
+ ...
+ }:
+ {
+ options.services.MatrixContentFilter = {
+ enable = lib.mkEnableOption "MatrixContentFilter";
+ accessTokenPath = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ };
+ appSettings = lib.mkOption {
+ type = (pkgs.formats.json { }).type;
+ default = {
+ "Logging" = {
+ "LogLevel" = {
+ "Default" = "Debug";
+ "System" = "Information";
+ "Microsoft" = "Information";
+ };
+ };
+ "LibMatrixBot" = {
+ "Prefixes" = [
+ "!mcf "
+ ];
+ "MentionPrefix" = false;
+ };
+ "MatrixContentFilter" = { };
+ };
+ };
+ };
+ config = {
+ assertions = [
+ {
+ assertion = config.services.MatrixContentFilter.enable -> config.services.MatrixContentFilter.accessTokenPath != null;
+ message = "MatrixContentFilter: accessTokenPath must be set";
+ }
+ {
+ # check that appSettings.MatrixContentFilter.Admins exists in the attrset, is not null and has one or more entries
+ assertion =
+ config.services.MatrixContentFilter.enable
+ -> config.services.MatrixContentFilter.appSettings.MatrixContentFilter ? Admins && (lib.lists.length config.services.MatrixContentFilter.appSettings.MatrixContentFilter.Admins) > 0;
+ message = "MatrixContentFilter: appSettings.MatrixContentFilter.Admins must be set";
+ }
+ ];
+ systemd.services = {
+ "MatrixContentFilter" = {
+ description = "Rory&::MatrixContentFilter - A Matrix content filtering bot, built for complex communities.";
+ wants = [
+ "network-online.target"
+ "matrix-synapse.service"
+ "conduit.service"
+ "dendrite.service"
+ ];
+ after = [
+ "network-online.target"
+ "matrix-synapse.service"
+ "conduit.service"
+ "dendrite.service"
+ ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${self.packages.x86_64-linux.MatrixContentFilter}/bin/MatrixContentFilter";
+ Restart = "on-failure";
+ RestartSec = "5";
+ DynamicUser = true;
+ WorkingDirectory = "/var/lib/draupnir";
+ StateDirectory = "draupnir";
+ StateDirectoryMode = "0700";
+ ProtectSystem = "strict";
+ ProtectHome = true;
+ PrivateTmp = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ LoadCredential = [
+ "access_token:${config.services.MatrixContentFilter.accessTokenPath}"
+ ];
+ };
+
+ environment = {
+ LIBMATRIX_ACCESS_TOKEN_PATH = "/run/credentials/MatrixContentFilter.service/access_token";
+ MATRIXCONTENTFILTER_APPSETTINGS_PATH = (pkgs.formats.json { }).generate "MatrixContentFilter-appsettings.json" (
+ lib.filterAttrsRecursive (_: value: value != null) config.services.MatrixContentFilter.appSettings
+ );
+ };
+ };
+ };
+ };
+ }
+ );
+ };
+ };
+}
|
