pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / mxisd.nix
at 23.11-pre 3.9 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 isMa1sd = 8 package: 9 lib.hasPrefix "ma1sd" package.name; 10 11 isMxisd = 12 package: 13 lib.hasPrefix "mxisd" package.name; 14 15 cfg = config.services.mxisd; 16 17 server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; } 18 // optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; }; 19 20 baseConfig = { 21 matrix.domain = cfg.matrix.domain; 22 key.path = "${cfg.dataDir}/signing.key"; 23 storage = { 24 provider.sqlite.database = if isMa1sd cfg.package 25 then "${cfg.dataDir}/ma1sd.db" 26 else "${cfg.dataDir}/mxisd.db"; 27 }; 28 } // optionalAttrs (server != {}) { inherit server; }; 29 30 # merges baseConfig and extraConfig into a single file 31 fullConfig = recursiveUpdate baseConfig cfg.extraConfig; 32 33 configFile = if isMa1sd cfg.package 34 then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig) 35 else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig); 36 37in { 38 options = { 39 services.mxisd = { 40 enable = mkEnableOption (lib.mdDoc "matrix federated identity server"); 41 42 package = mkOption { 43 type = types.package; 44 default = pkgs.ma1sd; 45 defaultText = literalExpression "pkgs.ma1sd"; 46 description = lib.mdDoc "The mxisd/ma1sd package to use"; 47 }; 48 49 environmentFile = mkOption { 50 type = types.nullOr types.str; 51 default = null; 52 description = lib.mdDoc '' 53 Path to an environment-file which may contain secrets to be 54 substituted via `envsubst`. 55 ''; 56 }; 57 58 dataDir = mkOption { 59 type = types.str; 60 default = "/var/lib/mxisd"; 61 description = lib.mdDoc "Where data mxisd/ma1sd uses resides"; 62 }; 63 64 extraConfig = mkOption { 65 type = types.attrs; 66 default = {}; 67 description = lib.mdDoc "Extra options merged into the mxisd/ma1sd configuration"; 68 }; 69 70 matrix = { 71 72 domain = mkOption { 73 type = types.str; 74 description = lib.mdDoc '' 75 the domain of the matrix homeserver 76 ''; 77 }; 78 79 }; 80 81 server = { 82 83 name = mkOption { 84 type = types.nullOr types.str; 85 default = null; 86 description = lib.mdDoc '' 87 Public hostname of mxisd/ma1sd, if different from the Matrix domain. 88 ''; 89 }; 90 91 port = mkOption { 92 type = types.nullOr types.int; 93 default = null; 94 description = lib.mdDoc '' 95 HTTP port to listen on (unencrypted) 96 ''; 97 }; 98 99 }; 100 101 }; 102 }; 103 104 config = mkIf cfg.enable { 105 users.users.mxisd = 106 { 107 group = "mxisd"; 108 home = cfg.dataDir; 109 createHome = true; 110 shell = "${pkgs.bash}/bin/bash"; 111 uid = config.ids.uids.mxisd; 112 }; 113 114 users.groups.mxisd = 115 { 116 gid = config.ids.gids.mxisd; 117 }; 118 119 systemd.services.mxisd = { 120 description = "a federated identity server for the matrix ecosystem"; 121 after = [ "network.target" ]; 122 wantedBy = [ "multi-user.target" ]; 123 124 serviceConfig = let 125 executable = if isMa1sd cfg.package then "ma1sd" else "mxisd"; 126 in { 127 Type = "simple"; 128 User = "mxisd"; 129 Group = "mxisd"; 130 EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; 131 ExecStart = "${cfg.package}/bin/${executable} -c ${cfg.dataDir}/mxisd-config.yaml"; 132 ExecStartPre = "${pkgs.writeShellScript "mxisd-substitute-secrets" '' 133 umask 0077 134 ${pkgs.envsubst}/bin/envsubst -o ${cfg.dataDir}/mxisd-config.yaml \ 135 -i ${configFile} 136 ''}"; 137 WorkingDirectory = cfg.dataDir; 138 Restart = "on-failure"; 139 }; 140 }; 141 }; 142}