nixos/modules/services/networking/mxisd.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / mxisd.nix
at 21.11-pre 3.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  isMa1sd =
  8    package:
  9    lib.hasPrefix "ma1sd" package.name;
 10
 11  isMxisd =
 12    package:
 13    lib.hasPrefix "mxisd" package.name;
 14
 15  cfg = config.services.mxisd;
 16
 17  server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; }
 18        // optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; };
 19
 20  baseConfig = {
 21    matrix.domain = cfg.matrix.domain;
 22    key.path = "${cfg.dataDir}/signing.key";
 23    storage = {
 24      provider.sqlite.database = if isMa1sd cfg.package
 25                                 then "${cfg.dataDir}/ma1sd.db"
 26                                 else "${cfg.dataDir}/mxisd.db";
 27    };
 28  } // optionalAttrs (server != {}) { inherit server; };
 29
 30  # merges baseConfig and extraConfig into a single file
 31  fullConfig = recursiveUpdate baseConfig cfg.extraConfig;
 32
 33  configFile = if isMa1sd cfg.package
 34               then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig)
 35               else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
 36
 37in {
 38  options = {
 39    services.mxisd = {
 40      enable = mkEnableOption "matrix federated identity server";
 41
 42      package = mkOption {
 43        type = types.package;
 44        default = pkgs.ma1sd;
 45        defaultText = "pkgs.ma1sd";
 46        description = "The mxisd/ma1sd package to use";
 47      };
 48
 49      dataDir = mkOption {
 50        type = types.str;
 51        default = "/var/lib/mxisd";
 52        description = "Where data mxisd/ma1sd uses resides";
 53      };
 54
 55      extraConfig = mkOption {
 56        type = types.attrs;
 57        default = {};
 58        description = "Extra options merged into the mxisd/ma1sd configuration";
 59      };
 60
 61      matrix = {
 62
 63        domain = mkOption {
 64          type = types.str;
 65          description = ''
 66            the domain of the matrix homeserver
 67          '';
 68        };
 69
 70      };
 71
 72      server = {
 73
 74        name = mkOption {
 75          type = types.nullOr types.str;
 76          default = null;
 77          description = ''
 78            Public hostname of mxisd/ma1sd, if different from the Matrix domain.
 79          '';
 80        };
 81
 82        port = mkOption {
 83          type = types.nullOr types.int;
 84          default = null;
 85          description = ''
 86            HTTP port to listen on (unencrypted)
 87          '';
 88        };
 89
 90      };
 91
 92    };
 93  };
 94
 95  config = mkIf cfg.enable {
 96    users.users.mxisd =
 97      {
 98        group = "mxisd";
 99        home = cfg.dataDir;
100        createHome = true;
101        shell = "${pkgs.bash}/bin/bash";
102        uid = config.ids.uids.mxisd;
103      };
104
105    users.groups.mxisd =
106      {
107        gid = config.ids.gids.mxisd;
108      };
109
110    systemd.services.mxisd = {
111      description = "a federated identity server for the matrix ecosystem";
112      after = [ "network.target" ];
113      wantedBy = [ "multi-user.target" ];
114
115      serviceConfig = let
116        executable = if isMa1sd cfg.package then "ma1sd" else "mxisd";
117      in {
118        Type = "simple";
119        User = "mxisd";
120        Group = "mxisd";
121        ExecStart = "${cfg.package}/bin/${executable} -c ${configFile}";
122        WorkingDirectory = cfg.dataDir;
123        Restart = "on-failure";
124      };
125    };
126  };
127}