Add draupnir-cme

2 files changed, 9 insertions, 2 deletions

diff --git a/host/Rory-nginx/services/containers/draupnir-cme/container.nix b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
index b88a963..ace8a49 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/container.nix
+++ b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
@@ -23,4 +23,10 @@
   localAddress = "192.168.100.17";
   hostAddress6 = "fc00::3";
   localAddress6 = "fc00::4";
+
+  bindMounts."draupnir-access-token" = {
+    hostPath = "/etc/draupnir-cme-access-token";
+    mountPoint = "/etc/draupnir-access-token";
+    isReadOnly = true;
+  };
 }
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
index 9a31278..10c601d 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
+++ b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
@@ -8,11 +8,12 @@
 {
   services.draupnir = {
     enable = true;
+    accessTokenFile = "/etc/draupnir-access-token";
 
     settings = {
       managementRoom = "#draupnir-mgmt:rory.gay";
-      recordIgnoredInvites = true; # Let's log ignored invites, just incase
-      autojoinOnlyIfManager = true; # Let's not open ourselves up to DoS attacks
+      recordIgnoredInvites = true; # We want to be aware of invites
+      autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
       automaticallyRedactForReasons = [ "*" ]; # Always autoredact
       fasterMembershipChecks = true;
       homeserverUrl = "https://matrix.rory.gay"