diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f5594aa --- /dev/null +++ b/flake.lock @@ -0,0 +1,87 @@ +{ + "nodes": { + "naersk": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1652722411, + "narHash": "sha256-FxzNgYiH9c91hUVAntcjrqY//KOTUPP2a4e8Wyuysxg=", + "owner": "nix-community", + "repo": "naersk", + "rev": "94beb7a3edfeb3bcda65fa3f2ebc48ec6b40bf72", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1653117584, + "narHash": "sha256-5uUrHeHBIaySBTrRExcCoW8fBBYVSDjDYDU5A6iOl+k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f4dfed73ee886b115a99e5b85fdfbeb683290d83", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1653117584, + "narHash": "sha256-5uUrHeHBIaySBTrRExcCoW8fBBYVSDjDYDU5A6iOl+k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f4dfed73ee886b115a99e5b85fdfbeb683290d83", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "naersk": "naersk", + "nixpkgs": "nixpkgs_2", + "src": "src", + "utils": "utils" + } + }, + "src": { + "flake": false, + "locked": { + "narHash": "sha256-rokT3gG2BKALiOQ5kSaf0FKXzH9dGnR8t3nsAH7YsLc=", + "path": ".", + "type": "path" + }, + "original": { + "path": ".", + "type": "path" + } + }, + "utils": { + "locked": { + "lastModified": 1652776076, + "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3404377 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "Matrix Monzo bot"; + + inputs = { + utils.url = "github:numtide/flake-utils"; + naersk.url = "github:nix-community/naersk"; + src.url = "path:./."; + src.flake = false; + }; + + outputs = { self, nixpkgs, utils, naersk, src }: + utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages."${system}"; + naersk-lib = naersk.lib."${system}"; + in rec { + # `nix build` + packages.mxmonzo = naersk-lib.buildPackage { + pname = "mxmonzo"; + root = src; + + buildInputs = with pkgs; [ + openssl + pkgconfig + ]; + }; + + defaultPackage = packages.mxmonzo; + + # NixOS Modules + nixosModules = { + mxmonzo = import ./nixos_modules/mxmonzo.nix self; + }; + + # `nix run` + apps.mxmonzo = utils.lib.mkApp { + drv = packages.mxmonzo; + }; + defaultApp = apps.mxmonzo; + + # `nix develop` + devShell = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ rustc cargo ]; + }; + }); +} diff --git a/nixos_modules/mxmonzo.nix b/nixos_modules/mxmonzo.nix new file mode 100644 index 0000000..d1b994b --- /dev/null +++ b/nixos_modules/mxmonzo.nix @@ -0,0 +1,114 @@ +flake: {config, pkgs, lib, ...}: + +let + cfg = config.services.mxmonzo; + inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) mxmonzo; +in + +with lib; + +{ + options = { + services.mxmonzo = { + enable = mkOption { + default = false; + type = with types; bool; + description = '' + Start the Matrix Monzo bot. + ''; + }; + + user = mkOption { + default = "mxmonzo"; + type = with types; uniq str; + description = '' + Name of the user. + ''; + }; + + matrixId = mkOption { + type = with types; str; + example = "@monzobot:librepush.net"; + description = '' + Matrix ID of the Monzo bot user. + ''; + }; + + bindAddress = mkOption { + default = "127.0.0.1:38320"; + type = with types; str; + description = '' + Host:Port upon which to bind the web interface (used for OAuth + webhooks). + ''; + }; + + externalBaseUri = mkOption { + example = "https://mxmonzo.my.librepush.net"; + type = with types; str; + description = '' + External URL prefix to which this MxMonzo instance can be accessed (by webhooks). + It should be proxied to the HTTP interface listening on `bindAddress`. + ''; + }; + + environmentFile = mkOption { + type = with types; path; + description = '' + File containing environment variables, especially: + - MATRIX_PASSWORD + - MONZO_CLIENT_ID + - MONZO_CLIENT_SECRET + ''; + }; + + matrixRoom = mkOption { + type = with types; str; + description = '' + Room ID, like !roomid:librepush.net, of the bot's room to answer commands and emit notifications to. + ''; + }; + + dataPath = mkOption { + type = with types; path; + description = '' + Path to where data can be kept. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users."${cfg.user}" = { + description = "Matrix Monzo User"; + isSystemUser = true; + group = "${cfg.user}"; + }; + users.groups."${cfg.user}" = {}; + + systemd.services.mxmonzo = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Start the Matrix Monzo bot."; + + environment = { + BIND_ADDRESS = cfg.bindAddress; + MATRIX_ID = cfg.matrixId; + MATRIX_ROOM = cfg.matrixRoom; + MATRIX_STORE = "${cfg.dataPath}/matrix-sdk"; + MATRIX_PERSIST = "${cfg.dataPath}/matrix.json"; + MONZO_PERSIST = "${cfg.dataPath}/monzo.json"; + BASE_URI = cfg.externalBaseUri; + }; + + serviceConfig = { + Type = "simple"; + User = "${cfg.user}"; + ExecStart = ''${mxmonzo}/bin/mxmonzo''; + + EnvironmentFile = [ + cfg.environmentFile + ]; + }; + }; + }; +}