From c80a5e9a872c834fbfd9a0610be94fff359dadf9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Sep 2021 20:43:54 +0200 Subject: [PATCH] services: setup prololo test service --- hosts/poseidon/default.nix | 13 +++++ secrets/default.nix | 4 ++ secrets/prololo-github-secret.secret | Bin 0 -> 30 bytes secrets/prololo-password.secret | Bin 0 -> 87 bytes secrets/prololo-room.secret | Bin 0 -> 54 bytes services/default.nix | 1 + services/prololo.nix | 80 +++++++++++++++++++++++++++ 7 files changed, 98 insertions(+) create mode 100644 secrets/prololo-github-secret.secret create mode 100644 secrets/prololo-password.secret create mode 100644 secrets/prololo-room.secret create mode 100644 services/prololo.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index fb55c25..2eee87c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -134,6 +134,19 @@ in enable = true; }; + prololo = { + enable = true; + port = 8089; + settings = { + matrix_username = "prololo"; + matrix_password = config.my.secrets.prololo_password; + matrix_homeserver = "https://matrix.alarsyo.net"; + matrix_room_id = config.my.secrets.prololo_room; + matrix_state_dir = "./prololo_state_dir"; + github_secret = config.my.secrets.prololo_github_secret; + }; + }; + tailscale = { enable = true; exitNode = true; diff --git a/secrets/default.nix b/secrets/default.nix index 59c9049..522b240 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -20,5 +20,9 @@ with lib; restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; + + prololo_password = lib.fileContents ./prololo-password.secret; + prololo_room = lib.fileContents ./prololo-room.secret; + prololo_github_secret = lib.fileContents ./prololo-github-secret.secret; }; } diff --git a/secrets/prololo-github-secret.secret b/secrets/prololo-github-secret.secret new file mode 100644 index 0000000000000000000000000000000000000000..e63c13e69ab8d50a735a09a118e2df097ba2f3a3 GIT binary patch literal 30 mcmZQ@_Y83kiVO&0ILonr-=P(`3e6Ic!TFn>ZSh=R+y(%uGYqo; literal 0 HcmV?d00001 diff --git a/secrets/prololo-password.secret b/secrets/prololo-password.secret new file mode 100644 index 0000000000000000000000000000000000000000..039626324fcbe7bc98d49ace35c7202ace55bd76 GIT binary patch literal 87 zcmV-d0I2@}M@dveQdv+`06EM>cs|n{{q8*Dh4T2LFo{mSL~`*klK9pKMMTR-V6-{< tI`~l04U#fPuH&`P$KfTJM7t>VdPOdi5 literal 0 HcmV?d00001 diff --git a/secrets/prololo-room.secret b/secrets/prololo-room.secret new file mode 100644 index 0000000000000000000000000000000000000000..3ce60010f52ea0e4c84d70ce09320471b32ec005 GIT binary patch literal 54 zcmZQ@_Y83kiVO&0V9QCVHLus(bwlJ!N^N0I7{{wjql~>XwD&6d@CmGw55IIn+|d2i KqEH6zOZ5O0f)uj= literal 0 HcmV?d00001 diff --git a/services/default.nix b/services/default.nix index 9412e57..1522988 100644 --- a/services/default.nix +++ b/services/default.nix @@ -21,6 +21,7 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix + ./prololo.nix ./restic-backup.nix ./tailscale.nix ./tgv.nix diff --git a/services/prololo.nix b/services/prololo.nix new file mode 100644 index 0000000..8976551 --- /dev/null +++ b/services/prololo.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.prololo; + my = config.my; + domain = config.networking.domain; + prololoPkg = + let + flake = builtins.getFlake "github:alarsyo/prololo-reborn?rev=40da010f5782bc760c83ac9883716970fcee40ff"; + in + flake.defaultPackage."x86_64-linux"; # FIXME: use correct system + settingsFormat = pkgs.formats.yaml {}; +in +{ + options.my.services.prololo = { + enable = lib.mkEnableOption "Prololo Matrix bot"; + + home = mkOption { + type = types.str; + default = "/var/lib/prololo"; + example = "/var/lib/prololo"; + description = "Home for the prololo service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Prololo Rocket server"; + }; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + }; + }; + + config = + let + configFile = settingsFormat.generate "config.yaml" cfg.settings; + in mkIf cfg.enable + { + systemd.services.prololo = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Environment = [ + "ROCKET_PORT=${toString cfg.port}" + "ROCKET_LOG_LEVEL=normal" + "RUST_LOG=rocket=info,prololo_reborn=trace" + ]; + ExecStart = "${prololoPkg}/bin/prololo-reborn --config ${configFile}"; + StateDirectory = "prololo"; + WorkingDirectory = cfg.home; + User = "prololo"; + Group = "prololo"; + }; + }; + + users.users.prololo = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "prololo"; + }; + users.groups.prololo = { }; + + services.nginx.virtualHosts = { + "prololo.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; + }; +}