tlaternet-server/configuration/services/conduit/lib.nix

{
  lib,
  writeShellScript,
  formats,
  replace-secret,
}:
let
  replaceSecretBin = "${lib.getExe replace-secret}";
in
{
  # Write a script that will set up the service's registration.yaml
  # with secrets from systemd credentials.
  #
  # The credentials should be named `${id}_as-token` and
  # `${id}_hs-token`.
  #
  # This registration file needs to be manually added to conduit by
  # messaging the admin with the yaml file.
  #
  # TODO(tlater): Conduwuit seems to support a CLI interface for this,
  # may want to migrate to that sometime.
  writeRegistrationScript =
    {
      id, # Must be unique among all registered appservices/bots
      url, # The URL on which the service listens
      sender_localpart,
      rate_limited ? false,
      namespaces ? {
        aliases = [ ];
        rooms = [ ];
        users = [ ];
      },
      extraSettings ? { },
      # The location to place the file; assumes systemd runtime dir
      runtimeRegistration ? "$RUNTIME_DIRECTORY/${id}-registration.yaml",
    }:
    let
      registrationFile = (formats.yaml { }).generate "${id}-registration.yaml" (
        {
          inherit
            id
            url
            sender_localpart
            rate_limited
            namespaces
            ;

          as_token = "@AS_TOKEN@";
          hs_token = "@HS_TOKEN@";
        }
        // extraSettings
      );
    in
    {
      inherit runtimeRegistration;
      ExecStartPre = writeShellScript "${id}-registration-setup.sh" ''
        cp -f ${registrationFile} "${runtimeRegistration}"
        chmod 600 "${runtimeRegistration}"

        # Write actual secrets into config
        ${replaceSecretBin} '@AS_TOKEN@' "$CREDENTIALS_DIRECTORY/${id}_as-token" "${runtimeRegistration}"
        ${replaceSecretBin} '@HS_TOKEN@' "$CREDENTIALS_DIRECTORY/${id}_hs-token" "${runtimeRegistration}"

        chmod 400 "${runtimeRegistration}"
      '';
    };
}
feat(conduit): Refactor matrix appservices and add matrix-hookshot 2025-02-07 21:47:44 +00:00			`{`
			`lib,`
			`writeShellScript,`
			`formats,`
			`replace-secret,`
			`}:`
			`let`
			`replaceSecretBin = "${lib.getExe replace-secret}";`
			`in`
			`{`
			`# Write a script that will set up the service's registration.yaml`
			`# with secrets from systemd credentials.`
			`#`
			# The credentials should be named `${id}_as-token` and
			# `${id}_hs-token`.
			`#`
			`# This registration file needs to be manually added to conduit by`
			`# messaging the admin with the yaml file.`
			`#`
			`# TODO(tlater): Conduwuit seems to support a CLI interface for this,`
			`# may want to migrate to that sometime.`
			`writeRegistrationScript =`
			`{`
			`id, # Must be unique among all registered appservices/bots`
			`url, # The URL on which the service listens`
			`sender_localpart,`
			`rate_limited ? false,`
			`namespaces ? {`
			`aliases = [ ];`
			`rooms = [ ];`
			`users = [ ];`
			`},`
			`extraSettings ? { },`
			`# The location to place the file; assumes systemd runtime dir`
			`runtimeRegistration ? "$RUNTIME_DIRECTORY/${id}-registration.yaml",`
			`}:`
			`let`
			`registrationFile = (formats.yaml { }).generate "${id}-registration.yaml" (`
			`{`
			`inherit`
			`id`
			`url`
			`sender_localpart`
			`rate_limited`
			`namespaces`
			`;`

			`as_token = "@AS_TOKEN@";`
			`hs_token = "@HS_TOKEN@";`
			`}`
			`// extraSettings`
			`);`
			`in`
			`{`
			`inherit runtimeRegistration;`
			`ExecStartPre = writeShellScript "${id}-registration-setup.sh" ''`
			`cp -f ${registrationFile} "${runtimeRegistration}"`
			`chmod 600 "${runtimeRegistration}"`

			`# Write actual secrets into config`
			`${replaceSecretBin} '@AS_TOKEN@' "$CREDENTIALS_DIRECTORY/${id}_as-token" "${runtimeRegistration}"`
			`${replaceSecretBin} '@HS_TOKEN@' "$CREDENTIALS_DIRECTORY/${id}_hs-token" "${runtimeRegistration}"`

			`chmod 400 "${runtimeRegistration}"`
			`'';`
			`};`
			`}`
No results found.