about summary refs log tree commit diff
path: root/flake.nix
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-10-04 19:51:44 +0200
committerRory& <root@rory.gay>2024-10-04 19:51:44 +0200
commitc8f7ef7c1d2bd705a5442c0dc591b8e5a50673a5 (patch)
tree9b951c6e2c120ec370ce8318238aadbdda880a89 /flake.nix
downloadMatrixContentFilter-master.tar.xz
Initial commit HEAD master
Diffstat (limited to 'flake.nix')
-rw-r--r--flake.nix121
1 files changed, 121 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..4085fb7
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,121 @@
+{
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+  outputs =
+    {
+      self,
+      nixpkgs,
+    }:
+    let
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in
+    {
+      packages.x86_64-linux = {
+        MatrixContentFilter = pkgs.buildDotnetModule rec {
+          pname = "MatrixContentFilter-v${version}";
+          version = "1";
+          dotnet-sdk = pkgs.dotnet-sdk_8;
+          dotnet-runtime = pkgs.dotnet-runtime_8;
+          src = ./.;
+          projectFile = [
+            "MatrixContentFilter/MatrixContentFilter.csproj"
+          ];
+          nugetDeps = ./MatrixContentFilter/deps.nix;
+        };
+      };
+      modules = {
+        default = (
+          {
+            pkgs,
+            lib,
+            config,
+            ...
+          }:
+          {
+            options.services.MatrixContentFilter = {
+              enable = lib.mkEnableOption "MatrixContentFilter";
+              accessTokenPath = lib.mkOption {
+                type = lib.types.nullOr lib.types.path;
+                default = null;
+              };
+              appSettings = lib.mkOption {
+                type = (pkgs.formats.json { }).type;
+                default = {
+                  "Logging" = {
+                    "LogLevel" = {
+                      "Default" = "Debug";
+                      "System" = "Information";
+                      "Microsoft" = "Information";
+                    };
+                  };
+                  "LibMatrixBot" = {
+                    "Prefixes" = [
+                      "!mcf "
+                    ];
+                    "MentionPrefix" = false;
+                  };
+                  "MatrixContentFilter" = { };
+                };
+              };
+            };
+            config = {
+              assertions = [
+                {
+                  assertion = config.services.MatrixContentFilter.enable -> config.services.MatrixContentFilter.accessTokenPath != null;
+                  message = "MatrixContentFilter: accessTokenPath must be set";
+                }
+                {
+                  # check that appSettings.MatrixContentFilter.Admins exists in the attrset, is not null and has one or more entries
+                  assertion =
+                    config.services.MatrixContentFilter.enable
+                    -> config.services.MatrixContentFilter.appSettings.MatrixContentFilter ? Admins && (lib.lists.length config.services.MatrixContentFilter.appSettings.MatrixContentFilter.Admins) > 0;
+                    message = "MatrixContentFilter: appSettings.MatrixContentFilter.Admins must be set";
+                }
+              ];
+              systemd.services = {
+                "MatrixContentFilter" = {
+                  description = "Rory&::MatrixContentFilter - A Matrix content filtering bot, built for complex communities.";
+                  wants = [
+                    "network-online.target"
+                    "matrix-synapse.service"
+                    "conduit.service"
+                    "dendrite.service"
+                  ];
+                  after = [
+                    "network-online.target"
+                    "matrix-synapse.service"
+                    "conduit.service"
+                    "dendrite.service"
+                  ];
+                  wantedBy = [ "multi-user.target" ];
+                  serviceConfig = {
+                    ExecStart = "${self.packages.x86_64-linux.MatrixContentFilter}/bin/MatrixContentFilter";
+                    Restart = "on-failure";
+                    RestartSec = "5";
+                    DynamicUser = true;
+                    WorkingDirectory = "/var/lib/draupnir";
+                    StateDirectory = "draupnir";
+                    StateDirectoryMode = "0700";
+                    ProtectSystem = "strict";
+                    ProtectHome = true;
+                    PrivateTmp = true;
+                    NoNewPrivileges = true;
+                    PrivateDevices = true;
+                    LoadCredential = [
+                      "access_token:${config.services.MatrixContentFilter.accessTokenPath}"
+                    ];
+                  };
+
+                  environment = {
+                    LIBMATRIX_ACCESS_TOKEN_PATH = "/run/credentials/MatrixContentFilter.service/access_token";
+                    MATRIXCONTENTFILTER_APPSETTINGS_PATH = (pkgs.formats.json { }).generate "MatrixContentFilter-appsettings.json" (
+                      lib.filterAttrsRecursive (_: value: value != null) config.services.MatrixContentFilter.appSettings
+                    );
+                  };
+                };
+              };
+            };
+          }
+        );
+      };
+    };
+}