chore: Run nixfmt
This commit is contained in:
parent
8d8924f5f4
commit
688a5c324e
5 changed files with 70 additions and 50 deletions
|
@ -1,4 +1,4 @@
|
||||||
{
|
{
|
||||||
pkgs ? import (import ./npins).nixpkgs { },
|
pkgs ? import (import ./npins).nixpkgs { },
|
||||||
}:
|
}:
|
||||||
pkgs.callPackage ./package.nix {}
|
pkgs.callPackage ./package.nix { }
|
||||||
|
|
50
module.nix
50
module.nix
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.services.signal-irc-bridge;
|
cfg = config.services.signal-irc-bridge;
|
||||||
commonServiceOptions = {
|
commonServiceOptions = {
|
||||||
|
@ -7,22 +12,23 @@ let
|
||||||
StateDirectory = "signal-cli";
|
StateDirectory = "signal-cli";
|
||||||
RuntimeDirectory = "signal-cli";
|
RuntimeDirectory = "signal-cli";
|
||||||
|
|
||||||
PrivateDevices=true;
|
PrivateDevices = true;
|
||||||
PrivateTmp=true;
|
PrivateTmp = true;
|
||||||
ProtectControlGroups=true;
|
ProtectControlGroups = true;
|
||||||
ProtectKernelTunables=true;
|
ProtectKernelTunables = true;
|
||||||
RestrictSUIDSGID=true;
|
RestrictSUIDSGID = true;
|
||||||
|
|
||||||
ProtectSystem="strict";
|
ProtectSystem = "strict";
|
||||||
ProtectKernelLogs=true;
|
ProtectKernelLogs = true;
|
||||||
ProtectProc="invisible";
|
ProtectProc = "invisible";
|
||||||
PrivateUsers=true;
|
PrivateUsers = true;
|
||||||
ProtectHome=true;
|
ProtectHome = true;
|
||||||
UMask="0027";
|
UMask = "0027";
|
||||||
RuntimeDirectoryMode="0750";
|
RuntimeDirectoryMode = "0750";
|
||||||
StateDirectoryMode="0750";
|
StateDirectoryMode = "0750";
|
||||||
};
|
};
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
services.signal-irc-bridge = {
|
services.signal-irc-bridge = {
|
||||||
enable = lib.mkEnableOption "signal-irc bridge";
|
enable = lib.mkEnableOption "signal-irc bridge";
|
||||||
|
@ -38,9 +44,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [ (import ./overlay.nix) ];
|
||||||
(import ./overlay.nix)
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services = lib.mkIf cfg.enable {
|
systemd.services = lib.mkIf cfg.enable {
|
||||||
signal-irc-bridge = {
|
signal-irc-bridge = {
|
||||||
|
@ -53,7 +57,7 @@ in {
|
||||||
};
|
};
|
||||||
serviceConfig = commonServiceOptions // {
|
serviceConfig = commonServiceOptions // {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec= "5s";
|
RestartSec = "5s";
|
||||||
|
|
||||||
LoadCredential = [ "config:${cfg.configFile}" ];
|
LoadCredential = [ "config:${cfg.configFile}" ];
|
||||||
|
|
||||||
|
@ -66,20 +70,18 @@ in {
|
||||||
serviceConfig = commonServiceOptions // {
|
serviceConfig = commonServiceOptions // {
|
||||||
ExecStart = "${lib.getExe pkgs.signal-cli} --config \"\${STATE_DIRECTORY}\"/signal-cli-config/ daemon --socket \"\${RUNTIME_DIRECTORY}\"/socket --receive-mode=manual";
|
ExecStart = "${lib.getExe pkgs.signal-cli} --config \"\${STATE_DIRECTORY}\"/signal-cli-config/ daemon --socket \"\${RUNTIME_DIRECTORY}\"/socket --receive-mode=manual";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec= "5s";
|
RestartSec = "5s";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environment.systemPackages = lib.mkIf cfg.enable [
|
environment.systemPackages = lib.mkIf cfg.enable [ pkgs.signal-cli ];
|
||||||
pkgs.signal-cli
|
|
||||||
];
|
|
||||||
|
|
||||||
users = lib.mkIf cfg.enable {
|
users = lib.mkIf cfg.enable {
|
||||||
users.signal-irc = {
|
users.signal-irc = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "signal-irc";
|
group = "signal-irc";
|
||||||
};
|
};
|
||||||
groups.signal-irc = {};
|
groups.signal-irc = { };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,18 +3,32 @@ let
|
||||||
data = builtins.fromJSON (builtins.readFile ./sources.json);
|
data = builtins.fromJSON (builtins.readFile ./sources.json);
|
||||||
version = data.version;
|
version = data.version;
|
||||||
|
|
||||||
mkSource = spec:
|
mkSource =
|
||||||
assert spec ? type; let
|
spec:
|
||||||
|
assert spec ? type;
|
||||||
|
let
|
||||||
path =
|
path =
|
||||||
if spec.type == "Git" then mkGitSource spec
|
if spec.type == "Git" then
|
||||||
else if spec.type == "GitRelease" then mkGitSource spec
|
mkGitSource spec
|
||||||
else if spec.type == "PyPi" then mkPyPiSource spec
|
else if spec.type == "GitRelease" then
|
||||||
else if spec.type == "Channel" then mkChannelSource spec
|
mkGitSource spec
|
||||||
else builtins.throw "Unknown source type ${spec.type}";
|
else if spec.type == "PyPi" then
|
||||||
|
mkPyPiSource spec
|
||||||
|
else if spec.type == "Channel" then
|
||||||
|
mkChannelSource spec
|
||||||
|
else
|
||||||
|
builtins.throw "Unknown source type ${spec.type}";
|
||||||
in
|
in
|
||||||
spec // { outPath = path; };
|
spec // { outPath = path; };
|
||||||
|
|
||||||
mkGitSource = { repository, revision, url ? null, hash, ... }:
|
mkGitSource =
|
||||||
|
{
|
||||||
|
repository,
|
||||||
|
revision,
|
||||||
|
url ? null,
|
||||||
|
hash,
|
||||||
|
...
|
||||||
|
}:
|
||||||
assert repository ? type;
|
assert repository ? type;
|
||||||
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
|
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
|
||||||
# In the latter case, there we will always be an url to the tarball
|
# In the latter case, there we will always be an url to the tarball
|
||||||
|
@ -23,19 +37,23 @@ let
|
||||||
inherit url;
|
inherit url;
|
||||||
sha256 = hash; # FIXME: check nix version & use SRI hashes
|
sha256 = hash; # FIXME: check nix version & use SRI hashes
|
||||||
})
|
})
|
||||||
else assert repository.type == "Git"; builtins.fetchGit {
|
else
|
||||||
url = repository.url;
|
assert repository.type == "Git";
|
||||||
rev = revision;
|
builtins.fetchGit {
|
||||||
# hash = hash;
|
url = repository.url;
|
||||||
};
|
rev = revision;
|
||||||
|
# hash = hash;
|
||||||
|
};
|
||||||
|
|
||||||
mkPyPiSource = { url, hash, ... }:
|
mkPyPiSource =
|
||||||
|
{ url, hash, ... }:
|
||||||
builtins.fetchurl {
|
builtins.fetchurl {
|
||||||
inherit url;
|
inherit url;
|
||||||
sha256 = hash;
|
sha256 = hash;
|
||||||
};
|
};
|
||||||
|
|
||||||
mkChannelSource = { url, hash, ... }:
|
mkChannelSource =
|
||||||
|
{ url, hash, ... }:
|
||||||
builtins.fetchTarball {
|
builtins.fetchTarball {
|
||||||
inherit url;
|
inherit url;
|
||||||
sha256 = hash;
|
sha256 = hash;
|
||||||
|
|
|
@ -1,3 +1 @@
|
||||||
final: prev: {
|
final: prev: { signal-irc-bridge = final.callPackage ./package.nix { }; }
|
||||||
signal-irc-bridge = final.callPackage ./package.nix {};
|
|
||||||
}
|
|
||||||
|
|
16
package.nix
16
package.nix
|
@ -1,4 +1,9 @@
|
||||||
{ lib, openssl, pkg-config, rustPlatform }:
|
{
|
||||||
|
lib,
|
||||||
|
openssl,
|
||||||
|
pkg-config,
|
||||||
|
rustPlatform,
|
||||||
|
}:
|
||||||
|
|
||||||
rustPlatform.buildRustPackage rec {
|
rustPlatform.buildRustPackage rec {
|
||||||
pname = "signal-irc-bridge";
|
pname = "signal-irc-bridge";
|
||||||
|
@ -8,18 +13,15 @@ rustPlatform.buildRustPackage rec {
|
||||||
with lib.fileset;
|
with lib.fileset;
|
||||||
toSource {
|
toSource {
|
||||||
root = ./.;
|
root = ./.;
|
||||||
fileset =
|
fileset = intersection (gitTracked ./.) (fileFilter (file: !file.hasExt "nix") ./.);
|
||||||
intersection (gitTracked ./.) (fileFilter (file: !file.hasExt "nix") ./.);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
|
||||||
pkg-config
|
pkg-config
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [ openssl ];
|
||||||
openssl
|
|
||||||
];
|
|
||||||
|
|
||||||
cargoHash = "sha256-J7+o6krHuK3CwwOIcDfm0s6F0cmviFQhSHpdKpXsa/g=";
|
cargoHash = "sha256-J7+o6krHuK3CwwOIcDfm0s6F0cmviFQhSHpdKpXsa/g=";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue