blob: 4085fb77c4920c0c129f36c074760cd3cbad5e8e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs =
{
self,
nixpkgs,
}:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
in
{
packages.x86_64-linux = {
MatrixContentFilter = pkgs.buildDotnetModule rec {
pname = "MatrixContentFilter-v${version}";
version = "1";
dotnet-sdk = pkgs.dotnet-sdk_8;
dotnet-runtime = pkgs.dotnet-runtime_8;
src = ./.;
projectFile = [
"MatrixContentFilter/MatrixContentFilter.csproj"
];
nugetDeps = ./MatrixContentFilter/deps.nix;
};
};
modules = {
default = (
{
pkgs,
lib,
config,
...
}:
{
options.services.MatrixContentFilter = {
enable = lib.mkEnableOption "MatrixContentFilter";
accessTokenPath = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
};
appSettings = lib.mkOption {
type = (pkgs.formats.json { }).type;
default = {
"Logging" = {
"LogLevel" = {
"Default" = "Debug";
"System" = "Information";
"Microsoft" = "Information";
};
};
"LibMatrixBot" = {
"Prefixes" = [
"!mcf "
];
"MentionPrefix" = false;
};
"MatrixContentFilter" = { };
};
};
};
config = {
assertions = [
{
assertion = config.services.MatrixContentFilter.enable -> config.services.MatrixContentFilter.accessTokenPath != null;
message = "MatrixContentFilter: accessTokenPath must be set";
}
{
# check that appSettings.MatrixContentFilter.Admins exists in the attrset, is not null and has one or more entries
assertion =
config.services.MatrixContentFilter.enable
-> config.services.MatrixContentFilter.appSettings.MatrixContentFilter ? Admins && (lib.lists.length config.services.MatrixContentFilter.appSettings.MatrixContentFilter.Admins) > 0;
message = "MatrixContentFilter: appSettings.MatrixContentFilter.Admins must be set";
}
];
systemd.services = {
"MatrixContentFilter" = {
description = "Rory&::MatrixContentFilter - A Matrix content filtering bot, built for complex communities.";
wants = [
"network-online.target"
"matrix-synapse.service"
"conduit.service"
"dendrite.service"
];
after = [
"network-online.target"
"matrix-synapse.service"
"conduit.service"
"dendrite.service"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${self.packages.x86_64-linux.MatrixContentFilter}/bin/MatrixContentFilter";
Restart = "on-failure";
RestartSec = "5";
DynamicUser = true;
WorkingDirectory = "/var/lib/draupnir";
StateDirectory = "draupnir";
StateDirectoryMode = "0700";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
NoNewPrivileges = true;
PrivateDevices = true;
LoadCredential = [
"access_token:${config.services.MatrixContentFilter.accessTokenPath}"
];
};
environment = {
LIBMATRIX_ACCESS_TOKEN_PATH = "/run/credentials/MatrixContentFilter.service/access_token";
MATRIXCONTENTFILTER_APPSETTINGS_PATH = (pkgs.formats.json { }).generate "MatrixContentFilter-appsettings.json" (
lib.filterAttrsRecursive (_: value: value != null) config.services.MatrixContentFilter.appSettings
);
};
};
};
};
}
);
};
};
}
|
