blob: 5ca68c93f34bf0cdba7e8826d3f0354a2cd988f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
{ lib, pkgs, config, ... }:
let
cfg = config.services.mollysocket;
configFormat = pkgs.formats.toml { };
configFile = configFormat.generate "mollysocket-config.toml" cfg.settings;
in
{
options.services.mollysocket = with lib; {
enable = mkEnableOption
"mollysocket, which allows getting Signal notifications via UnifiedPush";
settings = mkOption {
default = {};
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
description = lib.mdDoc ''
Configuration options for mollysocket. See the upstream
[Readme.md](https://github.com/mollyim/mollysocket/blob/main/README.md#configuration)
file for what is permissable here.
'';
example = {
host = "::";
port = 8020;
allowed_endpoints = "https://ntfy.example.org";
};
};
environmentFile = mkOption {
default = null;
type = with types; nullOr path;
description = lib.mdDoc ''
Configuration options set via environment Variables. Useful for e.g.
keeping some values outside of Nix.
'';
};
stateDir = mkOption {
default = "/var/lib/mollysocket";
type = lib.types.path;
description = lib.mdDoc ''
Directory in which state is kept, unless a custom database location is
set using {option}`services.mollysocket.settings.db`. This directory
will be created automatically.
'';
};
installWrapper = mkOption {
default = true;
type = lib.types.bool;
description = lib.mdDoc ''
Whether to install a mollysocket executable wrapped to use the generated
config into {option}`environment.systemPackages`.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.mollysocket = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.mollysocket} -c ${configFile} server";
Type = "simple";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "~@mount" ];
User = "mollysocket";
Group = "mollysocket";
BindPaths = [ cfg.stateDir ];
WorkingDirectory = cfg.stateDir;
TimeoutStopSec = 5;
KillSignal = "SIGINT";
};
};
systemd.tmpfiles.rules = [
"d ${cfg.stateDir} 0750 mollysocket mollysocket - -"
];
users.users.mollysocket = {
isSystemUser = true;
group = "mollysocket";
};
users.groups.mollysocket = {};
environment.systemPackages = lib.mkIf cfg.installWrapper [
(pkgs.writeScriptBin "mollysocket" ''
export MOLLY_CONF=${configFile}
exec ${lib.getExe pkgs.mollysocket} "$@"
'')
];
};
}
|
