nixos/modules/services/networking/go-neb.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / go-neb.nix
at 25.11-pre 2.5 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.go-neb;
 9
10  settingsFormat = pkgs.formats.yaml { };
11  configFile = settingsFormat.generate "config.yaml" cfg.config;
12in
13{
14  options.services.go-neb = {
15    enable = lib.mkEnableOption "an extensible matrix bot written in Go";
16
17    bindAddress = lib.mkOption {
18      type = lib.types.str;
19      description = "Port (and optionally address) to listen on.";
20      default = ":4050";
21    };
22
23    secretFile = lib.mkOption {
24      type = lib.types.nullOr lib.types.path;
25      default = null;
26      example = "/run/keys/go-neb.env";
27      description = ''
28        Environment variables from this file will be interpolated into the
29        final config file using envsubst with this syntax: `$ENVIRONMENT`
30        or `''${VARIABLE}`.
31        The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.
32        This is useful to avoid putting secrets into the nix store.
33      '';
34    };
35
36    baseUrl = lib.mkOption {
37      type = lib.types.str;
38      description = "Public-facing endpoint that can receive webhooks.";
39    };
40
41    config = lib.mkOption {
42      inherit (settingsFormat) type;
43      description = ''
44        Your {file}`config.yaml` as a Nix attribute set.
45        See [config.sample.yaml](https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml)
46        for possible options.
47      '';
48    };
49  };
50
51  config = lib.mkIf cfg.enable {
52    systemd.services.go-neb =
53      let
54        finalConfigFile = if cfg.secretFile == null then configFile else "/var/run/go-neb/config.yaml";
55      in
56      {
57        description = "Extensible matrix bot written in Go";
58        after = [ "network.target" ];
59        wantedBy = [ "multi-user.target" ];
60        environment = {
61          BASE_URL = cfg.baseUrl;
62          BIND_ADDRESS = cfg.bindAddress;
63          CONFIG_FILE = finalConfigFile;
64        };
65
66        serviceConfig = {
67          ExecStartPre = lib.optional (cfg.secretFile != null) (
68            "+"
69            + pkgs.writeShellScript "pre-start" ''
70              umask 077
71              export $(xargs < ${cfg.secretFile})
72              ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > ${finalConfigFile}
73              chown go-neb ${finalConfigFile}
74            ''
75          );
76          RuntimeDirectory = "go-neb";
77          ExecStart = "${pkgs.go-neb}/bin/go-neb";
78          User = "go-neb";
79          DynamicUser = true;
80        };
81      };
82  };
83
84  meta.maintainers = with lib.maintainers; [
85    hexa
86    maralorn
87  ];
88}