From 0b7bf6205fa36e48c597bce55a65820d81cbeaec Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Mon, 4 Mar 2024 18:55:18 +0100
Subject: init mollysocket package, module, and deploy it on flora

with thanks to networkException, who wrote the initial nix package.
---
 modules/mollysocket.nix | 92 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 modules/mollysocket.nix

(limited to 'modules')

diff --git a/modules/mollysocket.nix b/modules/mollysocket.nix
new file mode 100644
index 0000000..5ca68c9
--- /dev/null
+++ b/modules/mollysocket.nix
@@ -0,0 +1,92 @@
+{ lib, pkgs, config, ... }:
+
+let
+  cfg = config.services.mollysocket;
+  configFormat = pkgs.formats.toml { };
+  configFile = configFormat.generate "mollysocket-config.toml" cfg.settings;
+in
+{
+  options.services.mollysocket = with lib; {
+    enable = mkEnableOption
+      "mollysocket, which allows getting Signal notifications via UnifiedPush";
+
+    settings = mkOption {
+      default = {};
+      type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
+      description = lib.mdDoc ''
+        Configuration options for mollysocket. See the upstream
+        [Readme.md](https://github.com/mollyim/mollysocket/blob/main/README.md#configuration)
+        file for what is permissable here.
+      '';
+      example = {
+        host = "::";
+        port = 8020;
+        allowed_endpoints = "https://ntfy.example.org";
+      };
+    };
+
+    environmentFile = mkOption {
+      default = null;
+      type = with types; nullOr path;
+      description = lib.mdDoc ''
+        Configuration options set via environment Variables. Useful for e.g.
+        keeping some values outside of Nix.
+      '';
+    };
+
+    stateDir = mkOption {
+      default = "/var/lib/mollysocket";
+      type = lib.types.path;
+      description = lib.mdDoc ''
+        Directory in which state is kept, unless a custom database location is
+        set using {option}`services.mollysocket.settings.db`. This directory
+        will be created automatically.
+      '';
+    };
+
+    installWrapper = mkOption {
+      default = true;
+      type = lib.types.bool;
+      description = lib.mdDoc ''
+        Whether to install a mollysocket executable wrapped to use the generated
+        config into {option}`environment.systemPackages`.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.mollysocket = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${lib.getExe pkgs.mollysocket} -c ${configFile} server";
+        Type = "simple";
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "~@mount"  ];
+        User = "mollysocket";
+        Group = "mollysocket";
+        BindPaths = [ cfg.stateDir ];
+        WorkingDirectory = cfg.stateDir;
+        TimeoutStopSec = 5;
+        KillSignal = "SIGINT";
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.stateDir} 0750 mollysocket mollysocket - -"
+    ];
+
+    users.users.mollysocket = {
+      isSystemUser = true;
+      group = "mollysocket";
+    };
+    users.groups.mollysocket = {};
+
+    environment.systemPackages = lib.mkIf cfg.installWrapper [
+      (pkgs.writeScriptBin "mollysocket" ''
+        export MOLLY_CONF=${configFile}
+        exec ${lib.getExe pkgs.mollysocket} "$@"
+      '')
+    ];
+  };
+}
-- 
cgit v1.2.3