From e6197316cc8540068dc16e00bfc091d2e8de157a Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Sun, 20 Jul 2025 13:21:18 +0200 Subject: [PATCH 1/3] Server: added bread-discordbot. --- secrets/bread-dcbot.age | 16 ++++++++ secrets/secrets.nix | 1 + system/server/default.nix | 13 ++++++- system/server/derekBot.nix | 75 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 secrets/bread-dcbot.age create mode 100644 system/server/derekBot.nix diff --git a/secrets/bread-dcbot.age b/secrets/bread-dcbot.age new file mode 100644 index 0000000..81ae673 --- /dev/null +++ b/secrets/bread-dcbot.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 GQzYWA oxKOXLokaA47vSPUhCobKZnSJSmTXY5HFbOm72XcLho +RhWCfWMIgacKpR0Yy9m7PN+e0aUx2qp73YQKoMsvq7Y +-> ssh-ed25519 MfR7VA mUCKaE6KtLwEqx1HUJLCdwLCLE/JmbrsluWFCNnE0zc +XW8ixc5VPYSiBvtFtOG1SIayrmR7smu0Y+WSChqIrOI +-> ssh-ed25519 +cvRTg Z5EeXPZ4uK9qpTn3X9QkNgmqVSScY+5SNyW1ff+a9WI +QTgv8WV+pM32OeAR7IdAIeqdYSyjGRz3DiOT+hP7qzc +-> ssh-ed25519 WCPLrA 6d7Tu27YChuazPy+A1a58nLCIIIK7aFimMSCW18Wahg +4XaJsMe97L0y3TH6ytrHa8YJIIXQMPV60Omp6RaepPs +-> ssh-ed25519 7/ziYw 7L1sXK+Cd2hLne2Vdr0dslWgmZJH0gRWlSPyxDxy8Ro +reoZzk6rUDLwIUXIz2mlIwRsEJoJp0KGmdZNXVN7/VQ +-> ssh-ed25519 VQy60Q n1Yq+hoUwjirJusbHSXhAlJDQFE8hLwouFfh8bPcTUc +YRVEgRbG2lEJ5pz6V1owgQ5etWnh81zwunUvQRzegQM +--- az5zrd8PDMTJJW//qtDTp1qw0M0ePTBZwYRnD4UJgxs +fЦ0"=k +fbPJJcR}sP ׶afL* ;U ]yw:̞Ū%A,oFTM -V{\i]6alg26l2ϞN> sq2U#0A,pxYgR{ЍVSI~Y ^P(? 7D466EuQٍzrm_9f1&y;/>2쫗l>+N5Lo \hצ4630? \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 190ca21..2db3699 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,6 +16,7 @@ in { "transfer-sh.age".publicKeys = keys; "password.age".publicKeys = keys; "dcbot.age".publicKeys = keys; + "bread-dcbot.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys; "cloudflare-acme.age".publicKeys = keys; "mail-admin.age".publicKeys = keys; diff --git a/system/server/default.nix b/system/server/default.nix index 1c23bb6..001c25f 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -1,4 +1,15 @@ {lib, ...}: { - imports = [./caddy.nix ./index ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix ./forgejo.nix ./temp.nix]; + imports = [ + ./bot.nix + ./caddy.nix + ./derekBot.nix + ./forgejo.nix + ./immich.nix + ./index + ./mail.nix + ./matrix.nix + ./seafile.nix + ./temp.nix + ]; options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. } diff --git a/system/server/derekBot.nix b/system/server/derekBot.nix new file mode 100644 index 0000000..78f3810 --- /dev/null +++ b/system/server/derekBot.nix @@ -0,0 +1,75 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.niksos.server; + userGroup = "bread-dcbot"; + gitRepo = "https://github.com/The-Breadening/Breadener"; + + bash = lib.getExe pkgs.bash; + varLib = "/var/lib/"; + mainDir = + varLib + + ( + if !cfg + then "" + else config.systemd.services.bread-dcbot.serviceConfig.StateDirectory + ) + + "/"; + programDir = mainDir + "program"; + denoDir = mainDir + "deno"; + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]); +in { + config = lib.mkIf config.niksos.server { + systemd.services.bread-dcbot = { + enable = true; + after = ["network.target"]; + wantedBy = ["default.target"]; + description = "Breadener bot or smt."; + + environment = { + "DENO_DIR" = denoDir; + "PATH" = lib.mkForce path; + }; + + preStart = '' + export PATH=${path} + + cd "${mainDir}" + chown -R ${userGroup}:${userGroup} ${mainDir}* || echo + + mkdir -p "${programDir}" "${denoDir}" + if [ -d "${programDir}" ]; then + git clone "${gitRepo}" + fi + chmod -R 750 ${mainDir}* || echo + + rm "${mainDir}/prodBot.json" || echo + ln -s "${config.age.secrets.${userGroup}.path}" "${mainDir}/prodBot.json" + + cd "${programDir}" + git fetch + git reset --hard HEAD + + DENO_DIR=${denoDir} deno i + ''; + + serviceConfig = { + StateDirectory = userGroup; + ExecStart = "${bash} -c 'cd ${programDir} && deno run prod'"; + User = userGroup; + Group = userGroup; + Restart = "always"; + RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s + }; + }; + + users.groups.${userGroup} = {}; + users.users.${userGroup} = { + group = userGroup; + isSystemUser = true; + }; + }; +} From 6b972097034acf7e759d15b00b05da2fcf493383 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Sun, 20 Jul 2025 13:28:17 +0200 Subject: [PATCH 2/3] BreadDcbot; fixed infinite recursion and made secrete available to user --- secrets/default.nix | 7 +++++++ system/server/derekBot.nix | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/secrets/default.nix b/secrets/default.nix index 12e4986..99356d8 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -13,6 +13,13 @@ in { then serviceUser "dcbot" # "dcbot" doesn't exist on e.g laptop. else "root"; }; + bread-dcbot = { + file = ./bread-dcbot.age; + owner = + if config.niksos.server + then serviceUser "bread-dcbot" # "dcbot" doesn't exist on e.g laptop. + else "root"; + }; password.file = ./password.age; matrix-registration = { file = ./matrix-registration.age; diff --git a/system/server/derekBot.nix b/system/server/derekBot.nix index 78f3810..fbd1911 100644 --- a/system/server/derekBot.nix +++ b/system/server/derekBot.nix @@ -15,7 +15,7 @@ + ( if !cfg then "" - else config.systemd.services.bread-dcbot.serviceConfig.StateDirectory + else userGroup ) + "/"; programDir = mainDir + "program"; @@ -23,11 +23,11 @@ path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]); in { config = lib.mkIf config.niksos.server { - systemd.services.bread-dcbot = { + systemd.services.${userGroup} = { enable = true; after = ["network.target"]; wantedBy = ["default.target"]; - description = "Breadener bot or smt."; + description = userGroup; environment = { "DENO_DIR" = denoDir; From 71b64d8edcbfdc99f83c2b269ce514d2171af82f Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Sun, 20 Jul 2025 13:32:43 +0200 Subject: [PATCH 3/3] Server: bread-dcbot added git to path. --- system/server/derekBot.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/system/server/derekBot.nix b/system/server/derekBot.nix index fbd1911..4c5791f 100644 --- a/system/server/derekBot.nix +++ b/system/server/derekBot.nix @@ -20,7 +20,8 @@ + "/"; programDir = mainDir + "program"; denoDir = mainDir + "deno"; - path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]); + tokenDir = mainDir + "Breadener-token"; + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]); in { config = lib.mkIf config.niksos.server { systemd.services.${userGroup} = { @@ -40,14 +41,15 @@ in { cd "${mainDir}" chown -R ${userGroup}:${userGroup} ${mainDir}* || echo - mkdir -p "${programDir}" "${denoDir}" - if [ -d "${programDir}" ]; then - git clone "${gitRepo}" + rm -rf "${tokenDir}" || echo + mkdir -p "${denoDir}" "${tokenDir}" + ln -s "${config.age.secrets.${userGroup}.path}" "${tokenDir}/prodBot.json" + + if [ ! -d "${programDir}" ]; then + git clone "${gitRepo}" "${programDir}" fi chmod -R 750 ${mainDir}* || echo - rm "${mainDir}/prodBot.json" || echo - ln -s "${config.age.secrets.${userGroup}.path}" "${mainDir}/prodBot.json" cd "${programDir}" git fetch