diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index fb55c25..2eee87c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -134,6 +134,19 @@ in enable = true; }; + prololo = { + enable = true; + port = 8089; + settings = { + matrix_username = "prololo"; + matrix_password = config.my.secrets.prololo_password; + matrix_homeserver = "https://matrix.alarsyo.net"; + matrix_room_id = config.my.secrets.prololo_room; + matrix_state_dir = "./prololo_state_dir"; + github_secret = config.my.secrets.prololo_github_secret; + }; + }; + tailscale = { enable = true; exitNode = true; diff --git a/secrets/default.nix b/secrets/default.nix index 59c9049..522b240 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -20,5 +20,9 @@ with lib; restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; + + prololo_password = lib.fileContents ./prololo-password.secret; + prololo_room = lib.fileContents ./prololo-room.secret; + prololo_github_secret = lib.fileContents ./prololo-github-secret.secret; }; } diff --git a/secrets/prololo-github-secret.secret b/secrets/prololo-github-secret.secret new file mode 100644 index 0000000..e63c13e Binary files /dev/null and b/secrets/prololo-github-secret.secret differ diff --git a/secrets/prololo-password.secret b/secrets/prololo-password.secret new file mode 100644 index 0000000..0396263 Binary files /dev/null and b/secrets/prololo-password.secret differ diff --git a/secrets/prololo-room.secret b/secrets/prololo-room.secret new file mode 100644 index 0000000..3ce6001 Binary files /dev/null and b/secrets/prololo-room.secret differ diff --git a/services/default.nix b/services/default.nix index 9412e57..1522988 100644 --- a/services/default.nix +++ b/services/default.nix @@ -21,6 +21,7 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix + ./prololo.nix ./restic-backup.nix ./tailscale.nix ./tgv.nix diff --git a/services/prololo.nix b/services/prololo.nix new file mode 100644 index 0000000..8976551 --- /dev/null +++ b/services/prololo.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.prololo; + my = config.my; + domain = config.networking.domain; + prololoPkg = + let + flake = builtins.getFlake "github:alarsyo/prololo-reborn?rev=40da010f5782bc760c83ac9883716970fcee40ff"; + in + flake.defaultPackage."x86_64-linux"; # FIXME: use correct system + settingsFormat = pkgs.formats.yaml {}; +in +{ + options.my.services.prololo = { + enable = lib.mkEnableOption "Prololo Matrix bot"; + + home = mkOption { + type = types.str; + default = "/var/lib/prololo"; + example = "/var/lib/prololo"; + description = "Home for the prololo service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Prololo Rocket server"; + }; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + }; + }; + + config = + let + configFile = settingsFormat.generate "config.yaml" cfg.settings; + in mkIf cfg.enable + { + systemd.services.prololo = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Environment = [ + "ROCKET_PORT=${toString cfg.port}" + "ROCKET_LOG_LEVEL=normal" + "RUST_LOG=rocket=info,prololo_reborn=trace" + ]; + ExecStart = "${prololoPkg}/bin/prololo-reborn --config ${configFile}"; + StateDirectory = "prololo"; + WorkingDirectory = cfg.home; + User = "prololo"; + Group = "prololo"; + }; + }; + + users.users.prololo = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "prololo"; + }; + users.groups.prololo = { }; + + services.nginx.virtualHosts = { + "prololo.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; + }; +}