summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/mollysocket.nix92
1 files changed, 92 insertions, 0 deletions
diff --git a/modules/mollysocket.nix b/modules/mollysocket.nix
new file mode 100644
index 0000000..5ca68c9
--- /dev/null
+++ b/modules/mollysocket.nix
@@ -0,0 +1,92 @@
+{ lib, pkgs, config, ... }:
+
+let
+ cfg = config.services.mollysocket;
+ configFormat = pkgs.formats.toml { };
+ configFile = configFormat.generate "mollysocket-config.toml" cfg.settings;
+in
+{
+ options.services.mollysocket = with lib; {
+ enable = mkEnableOption
+ "mollysocket, which allows getting Signal notifications via UnifiedPush";
+
+ settings = mkOption {
+ default = {};
+ type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
+ description = lib.mdDoc ''
+ Configuration options for mollysocket. See the upstream
+ [Readme.md](https://github.com/mollyim/mollysocket/blob/main/README.md#configuration)
+ file for what is permissable here.
+ '';
+ example = {
+ host = "::";
+ port = 8020;
+ allowed_endpoints = "https://ntfy.example.org";
+ };
+ };
+
+ environmentFile = mkOption {
+ default = null;
+ type = with types; nullOr path;
+ description = lib.mdDoc ''
+ Configuration options set via environment Variables. Useful for e.g.
+ keeping some values outside of Nix.
+ '';
+ };
+
+ stateDir = mkOption {
+ default = "/var/lib/mollysocket";
+ type = lib.types.path;
+ description = lib.mdDoc ''
+ Directory in which state is kept, unless a custom database location is
+ set using {option}`services.mollysocket.settings.db`. This directory
+ will be created automatically.
+ '';
+ };
+
+ installWrapper = mkOption {
+ default = true;
+ type = lib.types.bool;
+ description = lib.mdDoc ''
+ Whether to install a mollysocket executable wrapped to use the generated
+ config into {option}`environment.systemPackages`.
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.services.mollysocket = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${lib.getExe pkgs.mollysocket} -c ${configFile} server";
+ Type = "simple";
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "~@mount" ];
+ User = "mollysocket";
+ Group = "mollysocket";
+ BindPaths = [ cfg.stateDir ];
+ WorkingDirectory = cfg.stateDir;
+ TimeoutStopSec = 5;
+ KillSignal = "SIGINT";
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "d ${cfg.stateDir} 0750 mollysocket mollysocket - -"
+ ];
+
+ users.users.mollysocket = {
+ isSystemUser = true;
+ group = "mollysocket";
+ };
+ users.groups.mollysocket = {};
+
+ environment.systemPackages = lib.mkIf cfg.installWrapper [
+ (pkgs.writeScriptBin "mollysocket" ''
+ export MOLLY_CONF=${configFile}
+ exec ${lib.getExe pkgs.mollysocket} "$@"
+ '')
+ ];
+ };
+}