nixos/modules/services/matrix/pantalaimon.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / matrix / pantalaimon.nix
at 25.11-pre 2.2 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.pantalaimon-headless;
 9
10  iniFmt = pkgs.formats.ini { };
11
12  mkConfigFile =
13    name: instanceConfig:
14    iniFmt.generate "pantalaimon.conf" {
15      Default = {
16        LogLevel = instanceConfig.logLevel;
17        Notifications = false;
18      };
19
20      ${name} = (
21        lib.recursiveUpdate {
22          Homeserver = instanceConfig.homeserver;
23          ListenAddress = instanceConfig.listenAddress;
24          ListenPort = instanceConfig.listenPort;
25          SSL = instanceConfig.ssl;
26
27          # Set some settings to prevent user interaction for headless operation
28          IgnoreVerification = true;
29          UseKeyring = false;
30        } instanceConfig.extraSettings
31      );
32    };
33
34  mkPantalaimonService =
35    name: instanceConfig:
36    lib.nameValuePair "pantalaimon-${name}" {
37      description = "pantalaimon instance ${name} - E2EE aware proxy daemon for matrix clients";
38      wants = [ "network-online.target" ];
39      after = [ "network-online.target" ];
40      wantedBy = [ "multi-user.target" ];
41
42      serviceConfig = {
43        ExecStart = ''${pkgs.pantalaimon-headless}/bin/pantalaimon --config ${mkConfigFile name instanceConfig} --data-path ${instanceConfig.dataPath}'';
44        Restart = "on-failure";
45        DynamicUser = true;
46        NoNewPrivileges = true;
47        PrivateDevices = true;
48        PrivateTmp = true;
49        ProtectHome = true;
50        ProtectSystem = "strict";
51        StateDirectory = "pantalaimon-${name}";
52      };
53    };
54in
55{
56  options.services.pantalaimon-headless.instances = lib.mkOption {
57    default = { };
58    type = lib.types.attrsOf (lib.types.submodule (import ./pantalaimon-options.nix));
59    description = ''
60      Declarative instance config.
61
62      Note: to use pantalaimon interactively, e.g. for a Matrix client which does not
63      support End-to-end encryption (like `fractal`), refer to the home-manager module.
64    '';
65  };
66
67  config = lib.mkIf (config.services.pantalaimon-headless.instances != { }) {
68    systemd.services = lib.mapAttrs' mkPantalaimonService config.services.pantalaimon-headless.instances;
69  };
70
71  meta = {
72    maintainers = with lib.maintainers; [ jojosch ];
73  };
74}