pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / mxisd.nix
at 24.11-pre 3.6 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 isMa1sd = 8 package: 9 lib.hasPrefix "ma1sd" package.name; 10 11 isMxisd = 12 package: 13 lib.hasPrefix "mxisd" package.name; 14 15 cfg = config.services.mxisd; 16 17 server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; } 18 // optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; }; 19 20 baseConfig = { 21 matrix.domain = cfg.matrix.domain; 22 key.path = "${cfg.dataDir}/signing.key"; 23 storage = { 24 provider.sqlite.database = if isMa1sd cfg.package 25 then "${cfg.dataDir}/ma1sd.db" 26 else "${cfg.dataDir}/mxisd.db"; 27 }; 28 } // optionalAttrs (server != {}) { inherit server; }; 29 30 # merges baseConfig and extraConfig into a single file 31 fullConfig = recursiveUpdate baseConfig cfg.extraConfig; 32 33 configFile = if isMa1sd cfg.package 34 then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig) 35 else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig); 36 37in { 38 options = { 39 services.mxisd = { 40 enable = mkEnableOption "matrix federated identity server"; 41 42 package = mkPackageOption pkgs "ma1sd" { }; 43 44 environmentFile = mkOption { 45 type = types.nullOr types.str; 46 default = null; 47 description = '' 48 Path to an environment-file which may contain secrets to be 49 substituted via `envsubst`. 50 ''; 51 }; 52 53 dataDir = mkOption { 54 type = types.str; 55 default = "/var/lib/mxisd"; 56 description = "Where data mxisd/ma1sd uses resides"; 57 }; 58 59 extraConfig = mkOption { 60 type = types.attrs; 61 default = {}; 62 description = "Extra options merged into the mxisd/ma1sd configuration"; 63 }; 64 65 matrix = { 66 67 domain = mkOption { 68 type = types.str; 69 description = '' 70 the domain of the matrix homeserver 71 ''; 72 }; 73 74 }; 75 76 server = { 77 78 name = mkOption { 79 type = types.nullOr types.str; 80 default = null; 81 description = '' 82 Public hostname of mxisd/ma1sd, if different from the Matrix domain. 83 ''; 84 }; 85 86 port = mkOption { 87 type = types.nullOr types.int; 88 default = null; 89 description = '' 90 HTTP port to listen on (unencrypted) 91 ''; 92 }; 93 94 }; 95 96 }; 97 }; 98 99 config = mkIf cfg.enable { 100 users.users.mxisd = 101 { 102 group = "mxisd"; 103 home = cfg.dataDir; 104 createHome = true; 105 shell = "${pkgs.bash}/bin/bash"; 106 uid = config.ids.uids.mxisd; 107 }; 108 109 users.groups.mxisd = 110 { 111 gid = config.ids.gids.mxisd; 112 }; 113 114 systemd.services.mxisd = { 115 description = "a federated identity server for the matrix ecosystem"; 116 after = [ "network.target" ]; 117 wantedBy = [ "multi-user.target" ]; 118 119 serviceConfig = let 120 executable = if isMa1sd cfg.package then "ma1sd" else "mxisd"; 121 in { 122 Type = "simple"; 123 User = "mxisd"; 124 Group = "mxisd"; 125 EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; 126 ExecStart = "${cfg.package}/bin/${executable} -c ${cfg.dataDir}/mxisd-config.yaml"; 127 ExecStartPre = "${pkgs.writeShellScript "mxisd-substitute-secrets" '' 128 umask 0077 129 ${pkgs.envsubst}/bin/envsubst -o ${cfg.dataDir}/mxisd-config.yaml \ 130 -i ${configFile} 131 ''}"; 132 WorkingDirectory = cfg.dataDir; 133 Restart = "on-failure"; 134 }; 135 }; 136 }; 137}