talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/services.heisenbridge: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler 2024-08-24 22:05:45 +02:00
parent 0205ba83ab
commit 2270873952
1 changed files with 23 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
nixos/modules/services/misc/heisenbridge.nix
View File

@ -1,7 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
cfg = config.services.heisenbridge; cfg = config.services.heisenbridge;
@ -23,18 +20,18 @@ let
in in
{ {
options.services.heisenbridge = { options.services.heisenbridge = {
enable = mkEnableOption "the Matrix to IRC bridge"; enable = lib.mkEnableOption "the Matrix to IRC bridge";
package = mkPackageOption pkgs "heisenbridge" { }; package = lib.mkPackageOption pkgs "heisenbridge" { };
homeserver = mkOption { homeserver = lib.mkOption {
type = types.str; type = lib.types.str;
description = "The URL to the home server for client-server API calls"; description = "The URL to the home server for client-server API calls";
example = "http://localhost:8008"; example = "http://localhost:8008";
}; };
registrationUrl = mkOption { registrationUrl = lib.mkOption {
type = types.str; type = lib.types.str;
description = '' description = ''
The URL where the application service is listening for HS requests, from the Matrix HS perspective.# The URL where the application service is listening for HS requests, from the Matrix HS perspective.#
The default value assumes the bridge runs on the same host as the home server, in the same network. The default value assumes the bridge runs on the same host as the home server, in the same network.
@ -44,27 +41,27 @@ in
defaultText = "http://$${cfg.address}:$${toString cfg.port}"; defaultText = "http://$${cfg.address}:$${toString cfg.port}";
}; };
address = mkOption { address = lib.mkOption {
type = types.str; type = lib.types.str;
description = "Address to listen on. IPv6 does not seem to be supported."; description = "Address to listen on. IPv6 does not seem to be supported.";
default = "127.0.0.1"; default = "127.0.0.1";
example = "0.0.0.0"; example = "0.0.0.0";
}; };
port = mkOption { port = lib.mkOption {
type = types.port; type = lib.types.port;
description = "The port to listen on"; description = "The port to listen on";
default = 9898; default = 9898;
}; };
debug = mkOption { debug = lib.mkOption {
type = types.bool; type = lib.types.bool;
description = "More verbose logging. Recommended during initial setup."; description = "More verbose logging. Recommended during initial setup.";
default = false; default = false;
}; };
owner = mkOption { owner = lib.mkOption {
type = types.nullOr types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
Set owner MXID otherwise first talking local user will claim the bridge Set owner MXID otherwise first talking local user will claim the bridge
''; '';
@ -72,10 +69,10 @@ in
example = "@admin:example.org"; example = "@admin:example.org";
}; };
namespaces = mkOption { namespaces = lib.mkOption {
description = "Configure the 'namespaces' section of the registration.yml for the bridge and the server"; description = "Configure the 'namespaces' section of the registration.yml for the bridge and the server";
# TODO link to Matrix documentation of the format # TODO link to Matrix documentation of the format
type = types.submodule { type = lib.types.submodule {
freeformType = jsonType; freeformType = jsonType;
}; };
@ -91,21 +88,21 @@ in
}; };
}; };
identd.enable = mkEnableOption "identd service support"; identd.enable = lib.mkEnableOption "identd service support";
identd.port = mkOption { identd.port = lib.mkOption {
type = types.port; type = lib.types.port;
description = "identd listen port"; description = "identd listen port";
default = 113; default = 113;
}; };
extraArgs = mkOption { extraArgs = lib.mkOption {
type = types.listOf types.str; type = lib.types.listOf lib.types.str;
description = "Heisenbridge is configured over the command line. Append extra arguments here"; description = "Heisenbridge is configured over the command line. Append extra arguments here";
default = [ ]; default = [ ];
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.heisenbridge = { systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge"; description = "Matrix<->IRC bridge";
before = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse before = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse
@ -191,7 +188,7 @@ in
RemoveIPC = true; RemoveIPC = true;
UMask = "0077"; UMask = "0077";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE"; CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ lib.optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet; AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true; NoNewPrivileges = true;
LockPersonality = true; LockPersonality = true;