110 lines
2.9 KiB
Nix
110 lines
2.9 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
with lib;
|
||
|
|
||
|
let
|
||
|
cfg = config.services.asjon;
|
||
|
|
||
|
in {
|
||
|
|
||
|
options.services.asjon = {
|
||
|
enable = mkEnableOption "Asjon: our chat bot";
|
||
|
|
||
|
dataDir = mkOption {
|
||
|
type = types.path;
|
||
|
default = "/var/lib/asjon";
|
||
|
description = ''
|
||
|
Path where the settings and source tree will exist.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
user = mkOption {
|
||
|
type = types.str;
|
||
|
default = "asjon";
|
||
|
description = ''
|
||
|
Asjon will be run under this user (user will be created if it doesn't exist.
|
||
|
This can be your user name).
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
|
||
|
users.extraUsers."${cfg.user}" = {
|
||
|
home = cfg.dataDir;
|
||
|
createHome = true;
|
||
|
description = "asjon user";
|
||
|
shell = "${pkgs.bash}/bin/bash";
|
||
|
};
|
||
|
|
||
|
systemd.services.asjon = {
|
||
|
description = "asjon: our chat bot";
|
||
|
after = [ "nginx.service" "matrix-synapse.service" "asjon-init.service" ];
|
||
|
requires = [ "nginx.service" "matrix-synapse.service" "asjon-init.service" ];
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
|
||
|
path = with pkgs; [
|
||
|
nodejs nodePackages.coffee-script
|
||
|
yarn openssh graphicsmagick git
|
||
|
bash
|
||
|
];
|
||
|
|
||
|
environment = {
|
||
|
# Matrix login
|
||
|
HUBOT_MATRIX_HOST_SERVER = "https://${config.var.hostname}";
|
||
|
|
||
|
# Git integration
|
||
|
HUBOT_GIT_URL = "https://${config.var.hostname}/git";
|
||
|
HUBOT_GIT_API = "https://${config.var.hostname}/git/api/v1";
|
||
|
HUBOT_GIT_REPO = "rnhmjoj/asjon";
|
||
|
|
||
|
# Scripts
|
||
|
AUTO_KILL_ON_UPDATE = "1";
|
||
|
AUTO_INFORM_ON_START = "!kvLvoCovzInhiablSq:maxwell.ydns.eu";
|
||
|
ADMIN_ROOM = "!kvLvoCovzInhiablSq:maxwell.ydns.eu";
|
||
|
REV_REMOTE_HOST = "proxy@rnhmjoj.ydns.eu";
|
||
|
REV_REMOTE_PORT = "22";
|
||
|
REV_KEY = "~/.ssh/proxy";
|
||
|
};
|
||
|
|
||
|
serviceConfig = {
|
||
|
User = cfg.user;
|
||
|
ExecStart = "${cfg.dataDir}/tree/bin/hubot -a matrix";
|
||
|
Restart = "always";
|
||
|
WorkingDirectory = "${cfg.dataDir}/tree";
|
||
|
# API keys and passwords definitions
|
||
|
EnvironmentFile = config.secrets.asjon.environment;
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
systemd.services.asjon-init = {
|
||
|
description = "Initialize Asjon service (first time only)";
|
||
|
wants = [ "network.target" ];
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
|
||
|
serviceConfig.User = cfg.user;
|
||
|
path = with pkgs; [ git yarn acl ];
|
||
|
|
||
|
script = ''
|
||
|
if test -d ${cfg.dataDir}/tree/.git; then
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
# clone repository and install packages
|
||
|
git clone https://github.com/rnhmjoj/asjon.git ${cfg.dataDir}/tree
|
||
|
cd ${cfg.dataDir}/tree
|
||
|
yarn install
|
||
|
|
||
|
# give read/traverse permission to nginx
|
||
|
setfacl -m g:nginx:x ${cfg.dataDir}
|
||
|
setfacl -m g:nginx:x ${cfg.dataDir}/tree
|
||
|
setfacl -Rdm g:nginx:rx ${cfg.dataDir}/tree/report
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
}
|