nixos/modules/services/matrix/pantalaimon.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / matrix / pantalaimon.nix
at 23.11-pre 2.2 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4let
 5  cfg = config.services.pantalaimon-headless;
 6
 7  iniFmt = pkgs.formats.ini { };
 8
 9  mkConfigFile = name: instanceConfig: iniFmt.generate "pantalaimon.conf" {
10    Default = {
11      LogLevel = instanceConfig.logLevel;
12      Notifications = false;
13    };
14
15    ${name} = (recursiveUpdate
16      {
17        Homeserver = instanceConfig.homeserver;
18        ListenAddress = instanceConfig.listenAddress;
19        ListenPort = instanceConfig.listenPort;
20        SSL = instanceConfig.ssl;
21
22        # Set some settings to prevent user interaction for headless operation
23        IgnoreVerification = true;
24        UseKeyring = false;
25      }
26      instanceConfig.extraSettings
27    );
28  };
29
30  mkPantalaimonService = name: instanceConfig:
31    nameValuePair "pantalaimon-${name}" {
32      description = "pantalaimon instance ${name} - E2EE aware proxy daemon for matrix clients";
33      wants = [ "network-online.target" ];
34      after = [ "network-online.target" ];
35      wantedBy = [ "multi-user.target" ];
36
37      serviceConfig = {
38        ExecStart = ''${pkgs.pantalaimon-headless}/bin/pantalaimon --config ${mkConfigFile name instanceConfig} --data-path ${instanceConfig.dataPath}'';
39        Restart = "on-failure";
40        DynamicUser = true;
41        NoNewPrivileges = true;
42        PrivateDevices = true;
43        PrivateTmp = true;
44        ProtectHome = true;
45        ProtectSystem = "strict";
46        StateDirectory = "pantalaimon-${name}";
47      };
48    };
49in
50{
51  options.services.pantalaimon-headless.instances = mkOption {
52    default = { };
53    type = types.attrsOf (types.submodule (import ./pantalaimon-options.nix));
54    description = lib.mdDoc ''
55      Declarative instance config.
56
57      Note: to use pantalaimon interactively, e.g. for a Matrix client which does not
58      support End-to-end encryption (like `fractal`), refer to the home-manager module.
59    '';
60  };
61
62  config = mkIf (config.services.pantalaimon-headless.instances != { })
63    {
64      systemd.services = mapAttrs' mkPantalaimonService config.services.pantalaimon-headless.instances;
65    };
66
67  meta = {
68    maintainers = with maintainers; [ jojosch ];
69  };
70}