diff options
author | Rory& <root@rory.gay> | 2024-10-04 19:51:44 +0200 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-10-04 19:51:44 +0200 |
commit | c8f7ef7c1d2bd705a5442c0dc591b8e5a50673a5 (patch) | |
tree | 9b951c6e2c120ec370ce8318238aadbdda880a89 /flake.nix | |
download | MatrixContentFilter-master.tar.xz |
Diffstat (limited to 'flake.nix')
-rw-r--r-- | flake.nix | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..4085fb7 --- /dev/null +++ b/flake.nix @@ -0,0 +1,121 @@ +{ + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + outputs = + { + self, + nixpkgs, + }: + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + in + { + packages.x86_64-linux = { + MatrixContentFilter = pkgs.buildDotnetModule rec { + pname = "MatrixContentFilter-v${version}"; + version = "1"; + dotnet-sdk = pkgs.dotnet-sdk_8; + dotnet-runtime = pkgs.dotnet-runtime_8; + src = ./.; + projectFile = [ + "MatrixContentFilter/MatrixContentFilter.csproj" + ]; + nugetDeps = ./MatrixContentFilter/deps.nix; + }; + }; + modules = { + default = ( + { + pkgs, + lib, + config, + ... + }: + { + options.services.MatrixContentFilter = { + enable = lib.mkEnableOption "MatrixContentFilter"; + accessTokenPath = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + }; + appSettings = lib.mkOption { + type = (pkgs.formats.json { }).type; + default = { + "Logging" = { + "LogLevel" = { + "Default" = "Debug"; + "System" = "Information"; + "Microsoft" = "Information"; + }; + }; + "LibMatrixBot" = { + "Prefixes" = [ + "!mcf " + ]; + "MentionPrefix" = false; + }; + "MatrixContentFilter" = { }; + }; + }; + }; + config = { + assertions = [ + { + assertion = config.services.MatrixContentFilter.enable -> config.services.MatrixContentFilter.accessTokenPath != null; + message = "MatrixContentFilter: accessTokenPath must be set"; + } + { + # check that appSettings.MatrixContentFilter.Admins exists in the attrset, is not null and has one or more entries + assertion = + config.services.MatrixContentFilter.enable + -> config.services.MatrixContentFilter.appSettings.MatrixContentFilter ? Admins && (lib.lists.length config.services.MatrixContentFilter.appSettings.MatrixContentFilter.Admins) > 0; + message = "MatrixContentFilter: appSettings.MatrixContentFilter.Admins must be set"; + } + ]; + systemd.services = { + "MatrixContentFilter" = { + description = "Rory&::MatrixContentFilter - A Matrix content filtering bot, built for complex communities."; + wants = [ + "network-online.target" + "matrix-synapse.service" + "conduit.service" + "dendrite.service" + ]; + after = [ + "network-online.target" + "matrix-synapse.service" + "conduit.service" + "dendrite.service" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${self.packages.x86_64-linux.MatrixContentFilter}/bin/MatrixContentFilter"; + Restart = "on-failure"; + RestartSec = "5"; + DynamicUser = true; + WorkingDirectory = "/var/lib/draupnir"; + StateDirectory = "draupnir"; + StateDirectoryMode = "0700"; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + NoNewPrivileges = true; + PrivateDevices = true; + LoadCredential = [ + "access_token:${config.services.MatrixContentFilter.accessTokenPath}" + ]; + }; + + environment = { + LIBMATRIX_ACCESS_TOKEN_PATH = "/run/credentials/MatrixContentFilter.service/access_token"; + MATRIXCONTENTFILTER_APPSETTINGS_PATH = (pkgs.formats.json { }).generate "MatrixContentFilter-appsettings.json" ( + lib.filterAttrsRecursive (_: value: value != null) config.services.MatrixContentFilter.appSettings + ); + }; + }; + }; + }; + } + ); + }; + }; +} |