mirror of
https://gitlab.computer.surgery/matrix/grapevine.git
synced 2025-12-17 15:51:23 +01:00
a25f2ec950
This makes it possible to deploy Grapevine while using a database originally created by Conduit, including leaving the admin bot user's localpart the same as before.
129 lines
3.5 KiB
Nix
129 lines
3.5 KiB
Nix
inputs:
|
|
|
|
{ config
|
|
, lib
|
|
, pkgs
|
|
, ...
|
|
}:
|
|
|
|
let
|
|
inherit (lib) types;
|
|
|
|
cfg = config.services.grapevine;
|
|
configFile = format.generate "config.toml" cfg.settings;
|
|
format = pkgs.formats.toml {};
|
|
in
|
|
|
|
{
|
|
options.services.grapevine = {
|
|
enable = lib.mkEnableOption "grapevine";
|
|
package = lib.mkPackageOption
|
|
inputs.self.packages.${pkgs.system}
|
|
"grapevine"
|
|
{
|
|
default = "default";
|
|
pkgsText = "inputs.grapevine.packages.\${pkgs.system}";
|
|
};
|
|
|
|
extraEnvironment = lib.mkOption {
|
|
type = types.attrsOf types.str;
|
|
description = ''
|
|
Extra environment variables to set for the process.
|
|
'';
|
|
default = {};
|
|
example = { RUST_BACKTRACE="yes"; };
|
|
};
|
|
|
|
settings = lib.mkOption {
|
|
type = types.submodule {
|
|
freeformType = format.type;
|
|
options = {
|
|
global.address = lib.mkOption {
|
|
type = types.nonEmptyStr;
|
|
description = ''
|
|
The local IP address to bind to.
|
|
'';
|
|
default = "::1";
|
|
};
|
|
global.conduit_compat = lib.mkOption {
|
|
type = types.bool;
|
|
description = ''
|
|
Whether to operate as a drop-in replacement for Conduit.
|
|
'';
|
|
default = false;
|
|
};
|
|
global.database_path = lib.mkOption {
|
|
type = types.nonEmptyStr;
|
|
readOnly = true;
|
|
description = ''
|
|
The path to store persistent data in.
|
|
|
|
Note that this is read-only because this module makes use of
|
|
systemd's `StateDirectory` option.
|
|
'';
|
|
default = if cfg.settings.global.conduit_compat
|
|
then "/var/lib/matrix-conduit"
|
|
else "/var/lib/grapevine";
|
|
};
|
|
global.port = lib.mkOption {
|
|
type = types.port;
|
|
description = ''
|
|
The local port to bind to.
|
|
'';
|
|
default = 6167;
|
|
};
|
|
};
|
|
};
|
|
default = {};
|
|
description = ''
|
|
The TOML configuration file is generated from this attribute set.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.grapevine = {
|
|
description = "Grapevine (Matrix homeserver)";
|
|
wantedBy = [ "multi-user.target" ];
|
|
environment = lib.mkMerge [
|
|
{
|
|
GRAPEVINE_CONFIG = configFile;
|
|
}
|
|
cfg.extraEnvironment
|
|
];
|
|
|
|
# Keep sorted
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
ExecStart = "${lib.getExe cfg.package}";
|
|
LockPersonality = true;
|
|
MemoryDenyWriteExecute = true;
|
|
PrivateDevices = true;
|
|
PrivateMounts = true;
|
|
PrivateUsers = true;
|
|
ProtectClock = true;
|
|
ProtectControlGroups = true;
|
|
ProtectHostname = true;
|
|
ProtectKernelLogs = true;
|
|
ProtectKernelModules = true;
|
|
ProtectKernelTunables = true;
|
|
Restart = "on-failure";
|
|
RestartSec = 10;
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
RestrictRealtime = true;
|
|
StartLimitBurst = 5;
|
|
StateDirectory = if cfg.settings.global.conduit_compat
|
|
then "matrix-conduit"
|
|
else "grapevine";
|
|
StateDirectoryMode = "0700";
|
|
SystemCallArchitectures = "native";
|
|
SystemCallFilter = [ "@system-service" "~@privileged" ];
|
|
UMask = "077";
|
|
User = if cfg.settings.global.conduit_compat
|
|
then "conduit"
|
|
else "grapevine";
|
|
};
|
|
};
|
|
};
|
|
}
|