diff --git a/secrets/bread-dcbot.age b/secrets/bread-dcbot.age new file mode 100644 index 0000000..81ae673 --- /dev/null +++ b/secrets/bread-dcbot.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 GQzYWA oxKOXLokaA47vSPUhCobKZnSJSmTXY5HFbOm72XcLho +RhWCfWMIgacKpR0Yy9m7PN+e0aUx2qp73YQKoMsvq7Y +-> ssh-ed25519 MfR7VA mUCKaE6KtLwEqx1HUJLCdwLCLE/JmbrsluWFCNnE0zc +XW8ixc5VPYSiBvtFtOG1SIayrmR7smu0Y+WSChqIrOI +-> ssh-ed25519 +cvRTg Z5EeXPZ4uK9qpTn3X9QkNgmqVSScY+5SNyW1ff+a9WI +QTgv8WV+pM32OeAR7IdAIeqdYSyjGRz3DiOT+hP7qzc +-> ssh-ed25519 WCPLrA 6d7Tu27YChuazPy+A1a58nLCIIIK7aFimMSCW18Wahg +4XaJsMe97L0y3TH6ytrHa8YJIIXQMPV60Omp6RaepPs +-> ssh-ed25519 7/ziYw 7L1sXK+Cd2hLne2Vdr0dslWgmZJH0gRWlSPyxDxy8Ro +reoZzk6rUDLwIUXIz2mlIwRsEJoJp0KGmdZNXVN7/VQ +-> ssh-ed25519 VQy60Q n1Yq+hoUwjirJusbHSXhAlJDQFE8hLwouFfh8bPcTUc +YRVEgRbG2lEJ5pz6V1owgQ5etWnh81zwunUvQRzegQM +--- az5zrd8PDMTJJW//qtDTp1qw0M0ePTBZwYRnD4UJgxs +fЦ0"=k +fbPJJcR}sP ׶afL* ;U ]yw:̞Ū%A,oFTM -V{\i]6alg26l2ϞN> sq2U#0A,pxYgR{ЍVSI~Y ^P(? 7D466EuQٍzrm_9f1&y;/>2쫗l>+N5Lo \hצ4630? \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 190ca21..2db3699 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,6 +16,7 @@ in { "transfer-sh.age".publicKeys = keys; "password.age".publicKeys = keys; "dcbot.age".publicKeys = keys; + "bread-dcbot.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys; "cloudflare-acme.age".publicKeys = keys; "mail-admin.age".publicKeys = keys; diff --git a/system/server/default.nix b/system/server/default.nix index 1c23bb6..001c25f 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -1,4 +1,15 @@ {lib, ...}: { - imports = [./caddy.nix ./index ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix ./forgejo.nix ./temp.nix]; + imports = [ + ./bot.nix + ./caddy.nix + ./derekBot.nix + ./forgejo.nix + ./immich.nix + ./index + ./mail.nix + ./matrix.nix + ./seafile.nix + ./temp.nix + ]; options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. } diff --git a/system/server/derekBot.nix b/system/server/derekBot.nix new file mode 100644 index 0000000..78f3810 --- /dev/null +++ b/system/server/derekBot.nix @@ -0,0 +1,75 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.niksos.server; + userGroup = "bread-dcbot"; + gitRepo = "https://github.com/The-Breadening/Breadener"; + + bash = lib.getExe pkgs.bash; + varLib = "/var/lib/"; + mainDir = + varLib + + ( + if !cfg + then "" + else config.systemd.services.bread-dcbot.serviceConfig.StateDirectory + ) + + "/"; + programDir = mainDir + "program"; + denoDir = mainDir + "deno"; + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]); +in { + config = lib.mkIf config.niksos.server { + systemd.services.bread-dcbot = { + enable = true; + after = ["network.target"]; + wantedBy = ["default.target"]; + description = "Breadener bot or smt."; + + environment = { + "DENO_DIR" = denoDir; + "PATH" = lib.mkForce path; + }; + + preStart = '' + export PATH=${path} + + cd "${mainDir}" + chown -R ${userGroup}:${userGroup} ${mainDir}* || echo + + mkdir -p "${programDir}" "${denoDir}" + if [ -d "${programDir}" ]; then + git clone "${gitRepo}" + fi + chmod -R 750 ${mainDir}* || echo + + rm "${mainDir}/prodBot.json" || echo + ln -s "${config.age.secrets.${userGroup}.path}" "${mainDir}/prodBot.json" + + cd "${programDir}" + git fetch + git reset --hard HEAD + + DENO_DIR=${denoDir} deno i + ''; + + serviceConfig = { + StateDirectory = userGroup; + ExecStart = "${bash} -c 'cd ${programDir} && deno run prod'"; + User = userGroup; + Group = userGroup; + Restart = "always"; + RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s + }; + }; + + users.groups.${userGroup} = {}; + users.users.${userGroup} = { + group = userGroup; + isSystemUser = true; + }; + }; +}