feat: Matterbridge

je suis fatigué

machines/core-services-01/matterbridge.nix

@@ -0,0 +1,50 @@
+{ config, pkgs, ... }:
+let
+  manageSecrets = conf: secrets: output: keys:
+    /*
+    `secrets` are in the form "SECRET_1=secret\nSECRET_2=secre"
+    For each name in `keys` we search for a line `$NAME=<secret>`,
+    (`<secret>` is just everything up to the end of the line)
+    and we substitute `$NAME` by `<secret>` in `conf`, and we print
+    the result in `output`.
+    */
+    let
+      check = key: ''
+        if grep ${key} ${secrets} > /dev/null
+        then
+          true
+        else
+          echo "Missing ${key} from secrets"
+          exit 1
+        fi
+        '';
+      get = key: "$(grep '${key}=' ${secrets} | sed 's/^.*=//' | sed -e 's/[\\/&]/\\\\&/g')";
+      checks = pkgs.lib.concatMapStrings check;
+      replaces = pkgs.lib.concatMapStrings (key: "s/${key}/${get key}/;");
+    in pkgs.writeShellScriptBin "preStart" ''
+      ${checks keys}
+      sed "${replaces keys}" ${conf} > ${output}
+      '';
+  startScript = pkgs.writeShellScriptBin "start" ''
+    ${manageSecrets
+          ./matterbridge.toml "$CREDENTIALS_DIRECTORY/secrets" "$RUNTIME_DIRECTORY/conf.toml"
+          [ "SECRET_MATTERMOST_WEBHOOK" ]}/bin/preStart
+    ${pkgs.matterbridge}/bin/matterbridge -conf $RUNTIME_DIRECTORY/conf.toml
+    '';
+in {
+  networking.firewall.allowedTCPPorts = [ 52187 ];
+  systemd.services.matterbridge = {
+    description = "Chat platform bridge";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+
+    serviceConfig = {
+      DynamicUser = true;
+      LoadCredential = "secrets:${config.age.secrets.matterbridge.path}";
+      ExecStart = "${startScript}/bin/start";
+      Restart = "always";
+      RestartSec = "10";
+      RuntimeDirectory = "matterbridge";
+    };
+  };
+}