summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.nix3
-rw-r--r--flora/configuration.nix2
-rw-r--r--flora/services/ntfy.nix12
-rw-r--r--modules/mollysocket.nix92
-rw-r--r--pkgs/mollysocket.nix38
-rw-r--r--pkgs/overlay.nix2
-rw-r--r--secrets/flora.yaml6
7 files changed, 152 insertions, 3 deletions
diff --git a/flake.nix b/flake.nix
index 73e8c89..be32a3e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -141,7 +141,7 @@
kijetesantakaluotokieni showrt isabelle-utils isabat
travelynx crs-tracker crs-php bahnhof-name matrix-to
hikari_unstable heartwood radicle-interface radicle-tui
- inweb nomsring bookwyrm;
+ inweb nomsring bookwyrm mollysocket;
tests.bookwyrm = nixpkgs.nixosTest ./tests/bookwyrm.nix;
};
@@ -149,6 +149,7 @@
nixosModules = {
glitchtip = import ./modules/glitchtip.nix;
bookwyrm = import ./modules/bookwyrm.nix;
+ mollysocket = import ./modules/mollysocket.nix;
};
};
}
diff --git a/flora/configuration.nix b/flora/configuration.nix
index 40cd3a5..d124f99 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -13,6 +13,8 @@
./services/ntfy.nix
./services/murmur.nix
./services/monit.nix
+
+ ../modules/mollysocket.nix
];
# Use the GRUB 2 boot loader.
diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix
index 45dcb3c..e00971f 100644
--- a/flora/services/ntfy.nix
+++ b/flora/services/ntfy.nix
@@ -21,6 +21,18 @@
};
};
+ services.mollysocket = {
+ enable = true;
+ settings = {
+ allowed_endpoints = [ "https://ping.stuebinm.eu" ];
+ port = 8020;
+ host = "::";
+ };
+ environmentFile = "/run/secrets/mollysocket/config.toml";
+ };
+
+ sops.secrets."mollysocket/config.toml" = {};
+
services.nginx.virtualHosts."ping.stuebinm.eu" = {
enableACME = true;
forceSSL = true;
diff --git a/modules/mollysocket.nix b/modules/mollysocket.nix
new file mode 100644
index 0000000..5ca68c9
--- /dev/null
+++ b/modules/mollysocket.nix
@@ -0,0 +1,92 @@
+{ lib, pkgs, config, ... }:
+
+let
+ cfg = config.services.mollysocket;
+ configFormat = pkgs.formats.toml { };
+ configFile = configFormat.generate "mollysocket-config.toml" cfg.settings;
+in
+{
+ options.services.mollysocket = with lib; {
+ enable = mkEnableOption
+ "mollysocket, which allows getting Signal notifications via UnifiedPush";
+
+ settings = mkOption {
+ default = {};
+ type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
+ description = lib.mdDoc ''
+ Configuration options for mollysocket. See the upstream
+ [Readme.md](https://github.com/mollyim/mollysocket/blob/main/README.md#configuration)
+ file for what is permissable here.
+ '';
+ example = {
+ host = "::";
+ port = 8020;
+ allowed_endpoints = "https://ntfy.example.org";
+ };
+ };
+
+ environmentFile = mkOption {
+ default = null;
+ type = with types; nullOr path;
+ description = lib.mdDoc ''
+ Configuration options set via environment Variables. Useful for e.g.
+ keeping some values outside of Nix.
+ '';
+ };
+
+ stateDir = mkOption {
+ default = "/var/lib/mollysocket";
+ type = lib.types.path;
+ description = lib.mdDoc ''
+ Directory in which state is kept, unless a custom database location is
+ set using {option}`services.mollysocket.settings.db`. This directory
+ will be created automatically.
+ '';
+ };
+
+ installWrapper = mkOption {
+ default = true;
+ type = lib.types.bool;
+ description = lib.mdDoc ''
+ Whether to install a mollysocket executable wrapped to use the generated
+ config into {option}`environment.systemPackages`.
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.services.mollysocket = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${lib.getExe pkgs.mollysocket} -c ${configFile} server";
+ Type = "simple";
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "~@mount" ];
+ User = "mollysocket";
+ Group = "mollysocket";
+ BindPaths = [ cfg.stateDir ];
+ WorkingDirectory = cfg.stateDir;
+ TimeoutStopSec = 5;
+ KillSignal = "SIGINT";
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "d ${cfg.stateDir} 0750 mollysocket mollysocket - -"
+ ];
+
+ users.users.mollysocket = {
+ isSystemUser = true;
+ group = "mollysocket";
+ };
+ users.groups.mollysocket = {};
+
+ environment.systemPackages = lib.mkIf cfg.installWrapper [
+ (pkgs.writeScriptBin "mollysocket" ''
+ export MOLLY_CONF=${configFile}
+ exec ${lib.getExe pkgs.mollysocket} "$@"
+ '')
+ ];
+ };
+}
diff --git a/pkgs/mollysocket.nix b/pkgs/mollysocket.nix
new file mode 100644
index 0000000..8ac434d
--- /dev/null
+++ b/pkgs/mollysocket.nix
@@ -0,0 +1,38 @@
+{ lib, rustPlatform, fetchFromGitHub, pkg-config, openssl, sqlite, ... }:
+
+rustPlatform.buildRustPackage rec {
+ pname = "mollysocket";
+ version = "1.2.0";
+
+ src = fetchFromGitHub {
+ owner = "mollyim";
+ repo = "mollysocket";
+ rev = "${version}";
+ hash = "sha256-9yXC64i5NeSjsLnjgNtA+qkhE7i+Ku1Cu8B9xDajD9Y=";
+ };
+
+ cargoHash = "sha256-vqi18y1Z9Fo1P6ihdN1LCK6Trr7fcfzCsQfPNt0MYNk=";
+
+ nativeBuildInputs = [ pkg-config ];
+
+ buildInputs = [ openssl sqlite ];
+
+ checkFlags = [
+ # These tests try to contact DNS
+ "--skip=config::tests::check_wildcard_endpoint"
+ "--skip=utils::post_allowed::tests::test_allowed"
+ "--skip=utils::post_allowed::tests::test_not_allowed"
+ "--skip=utils::post_allowed::tests::test_post"
+ "--skip=ws::tls::tests::connect_untrusted_server"
+ "--skip=ws::tls::tests::connect_trusted_server"
+ ];
+
+ meta = {
+ description =
+ "MollySocket allows getting Signal notifications via UnifiedPush.";
+ homepage = "https://github.com/mollyim/mollysocket";
+ license = lib.licenses.agpl3Plus;
+ maintainers = with lib.maintainers; [ networkexception ];
+ mainProgram = "mollysocket";
+ };
+}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 6e654b3..f38e7e0 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -183,4 +183,6 @@ in
cp Tangled/inweb $out/bin
'';
}) {};
+
+ mollysocket = self.callPackage ./mollysocket.nix { };
}
diff --git a/secrets/flora.yaml b/secrets/flora.yaml
index 83daec0..2ea3529 100644
--- a/secrets/flora.yaml
+++ b/secrets/flora.yaml
@@ -6,6 +6,8 @@ akkoma:
jokenDefaultSigner: ENC[AES256_GCM,data:1Wl/N58oiGiGeBHSkJPqLeHOyBmVgLGshAmTyi2H8cu7w/tIHMxW2sd11hhzyq2FCNVsL3Bi+yXgydG7uCl5yw==,iv:criEzJfQMsAUZ7tnIQvr9HOqn7NjBBzXL+rFAgzohPY=,tag:+izDkiUEfwD1+Ym2OuZRnA==,type:str]
monit:
mail: ENC[AES256_GCM,data:wq+xDelBsyIZRJY0GHrZGPWCF0deLZRZxrU89M93hK1zUIeWP6i7xO3dgKE/A5OAGa350Zbj5v9QTieNFHiGqr9g,iv:APUuS3s+t4VPz24Ppen3u+LFSv+GqO49j9Mq77Mb3lQ=,tag:rNVJGN/lnCuq9Km8lZTkLw==,type:str]
+mollysocket:
+ config.toml: ENC[AES256_GCM,data:FGT6QOpqaf74yKmUFyyeAPLLv1BEtXZvLrUZw9bCG3hjmd2oUqcX2EGSWWICik3bnfgwYtQAnORg,iv:wEaK5COW9Gm7Hux+Kt8/Md+O/ygSWUk65gMnD6Mnw2g=,tag:4AhZs2vVE2oYErJOC5lMEw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -30,8 +32,8 @@ sops:
SEx0Y2tsaGtkV3dMd0t0ejl3WVkwOW8KTpb14yYJ1bOeLquOrmworNqiwYoZSYiQ
LkLkXKSGf6T3BrL0t0bM3fgwSQN3k92GGsEZzY7I2hhxZoNXGBOaKg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-29T15:29:35Z"
- mac: ENC[AES256_GCM,data:kQ6+O8Ar7qnRTpuQauxngXvt+KlyqdFw85vjXPQ63vqVKWCrODlTJXD5saC2WQdMuMF3UfPLru1a35TyXxobu+MlvTadVpqUEtRZjtjhAydEA7+HEyvo+pUlmrm+LCrX3ajKhqlbobUE4kdHg0A2BYOlWIPq9CHtvwAC92R7De4=,iv:Gk5hgwEh4D1QLkiVaMRgcnyS2/F1mK/MpSMYjPaVL7U=,tag:noGbtmNC1yTDzUycML3Mpg==,type:str]
+ lastmodified: "2024-03-04T17:19:00Z"
+ mac: ENC[AES256_GCM,data:/GOYEzTEn3fxJRidfPzwgfitcUv2S5MRppiiagH+E1wsEJgV3JtlfxuQ9KQlh1tFPgS1p109+w4udP2dstJGKj027tZT0VJr7KYHFrXzKKdqWypINaqLXOibUg17THHn5W+Y/AFU2hQK1MXem5eY2qCBtxJQMU0ermllY4nuHvA=,iv:KlYG0h6NtPyjrNaLXxpKSO/yQkeW6LqmZl9ZvFNwNdY=,tag:SYrr1grlqOgQcHVJkJzWWQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1