83 lines
2.4 KiB
Nix
83 lines
2.4 KiB
Nix
|
{ pkgs, config, lib, ... }:
|
||
|
let
|
||
|
cfg = config.services.signal-irc-bridge;
|
||
|
mkSystemdRunOptions = opts: lib.escapeShellArgs (lib.mapAttrsToList (k: v: "-p${k}=${builtins.toString v}") opts);
|
||
|
commonServiceOptions = {
|
||
|
DynamicUser = true;
|
||
|
User = "signal-irc-client";
|
||
|
StateDirectory = "signal-cli";
|
||
|
RuntimeDirectory = "signal-cli";
|
||
|
|
||
|
PrivateDevices=true;
|
||
|
PrivateTmp=true;
|
||
|
ProtectControlGroups=true;
|
||
|
ProtectKernelTunables=true;
|
||
|
RestrictSUIDSGID=true;
|
||
|
|
||
|
ProtectSystem="strict";
|
||
|
ProtectKernelLogs=true;
|
||
|
ProtectProc="invisible";
|
||
|
PrivateUsers=true;
|
||
|
ProtectHome=true;
|
||
|
UMask="0077";
|
||
|
RuntimeDirectoryMode="0750";
|
||
|
StateDirectoryMode="0750";
|
||
|
};
|
||
|
signal-cli-bridge-wrapper = pkgs.writeShellApplication {
|
||
|
name = "signal-cli-bridge-wrapper";
|
||
|
text = ''
|
||
|
systemd-run ${mkSystemdRunOptions commonServiceOptions} --pty --pipe --unit="signal-cli-bridge" ${lib.getExe pkgs.signal-cli} --config "\''${STATE_DIRECTORY}"/signal-cli-config/ "$@"
|
||
|
'';
|
||
|
};
|
||
|
in {
|
||
|
options = {
|
||
|
services.signal-irc-bridge = {
|
||
|
enable = lib.mkEnableOption "signal-irc bridge";
|
||
|
package = lib.mkOption {
|
||
|
type = lib.types.package;
|
||
|
default = pkgs.signal-irc-bridge;
|
||
|
};
|
||
|
configFile = lib.mkOption {
|
||
|
type = lib.types.path;
|
||
|
description = "Path to the toml config file";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = {
|
||
|
|
||
|
nixpkgs.overlays = [
|
||
|
(import ./overlay.nix)
|
||
|
];
|
||
|
|
||
|
systemd.services = lib.mkIf cfg.enable {
|
||
|
signal-irc-bridge = {
|
||
|
environment = {
|
||
|
CONFIG_PATH = cfg.configFile;
|
||
|
};
|
||
|
unitConfig = {
|
||
|
BindsTo = [ "signal-irc-bridge-signal-cli.service" ];
|
||
|
After = [ "signal-irc-bridge-signal-cli.service" ];
|
||
|
};
|
||
|
serviceConfig = commonServiceOptions // {
|
||
|
ExecStart = "${lib.getExe cfg.package}";
|
||
|
Restart = "always";
|
||
|
RestartSec= "5s";
|
||
|
StateDirectory = "signal-irc";
|
||
|
RuntimeDirectory = "signal-irc";
|
||
|
};
|
||
|
};
|
||
|
signal-irc-bridge-signal-cli = {
|
||
|
serviceConfig = commonServiceOptions // {
|
||
|
ExecStart = "${lib.getExe pkgs.signal-cli} --config \"\${STATE_DIRECTORY}\"/signal-cli-config/ daemon --socket \"\${RUNTIME_DIRECTORY}\"/socket --receive-mode=manual";
|
||
|
Restart = "always";
|
||
|
RestartSec= "5s";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
environment.systemPackages = lib.mkIf cfg.enable [
|
||
|
signal-cli-bridge-wrapper
|
||
|
];
|
||
|
};
|
||
|
}
|