jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jsw:0406d043bdb081258e951e1b1b12e67b08f9c35e
Branches Tags
jsw:master
jsw:derek-site
..
compare: jsw:93086ad9a450b2f7bfefe31b861de01d102617db
Branches Tags
jsw:derek-site
jsw:master

4 commits
0406d043bd ... 93086ad9a4

Author SHA1 Message Date
jsw
93086ad9a4 Merge pull request 'derek-discordbot' (#1) from derek-discordbot into master 
Reviewed-on: #1
 2025-07-20 12:54:30 +00:00
Jurn Wubben
71b64d8edc Server: bread-dcbot added git to path. 2025-07-20 14:26:43 +02:00
Jurn Wubben
6b97209703 BreadDcbot; fixed infinite recursion and made secrete available to user 2025-07-20 13:28:17 +02:00
Jurn Wubben
e6197316cc Server: added bread-discordbot. 2025-07-20 13:21:18 +02:00
5 changed files with 113 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
secrets/bread-dcbot.age Normal file
View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA oxKOXLokaA47vSPUhCobKZnSJSmTXY5HFbOm72XcLho
RhWCfWMIgacKpR0Yy9m7PN+e0aUx2qp73YQKoMsvq7Y
-> ssh-ed25519 MfR7VA mUCKaE6KtLwEqx1HUJLCdwLCLE/JmbrsluWFCNnE0zc
XW8ixc5VPYSiBvtFtOG1SIayrmR7smu0Y+WSChqIrOI
-> ssh-ed25519 +cvRTg Z5EeXPZ4uK9qpTn3X9QkNgmqVSScY+5SNyW1ff+a9WI
QTgv8WV+pM32OeAR7IdAIeqdYSyjGRz3DiOT+hP7qzc
-> ssh-ed25519 WCPLrA 6d7Tu27YChuazPy+A1a58nLCIIIK7aFimMSCW18Wahg
4XaJsMe97L0y3TH6ytrHa8YJIIXQMPV60Omp6RaepPs
-> ssh-ed25519 7/ziYw 7L1sXK+Cd2hLne2Vdr0dslWgmZJH0gRWlSPyxDxy8Ro
reoZzk6rUDLwIUXIz2mlIwRsEJoJp0KGmdZNXVN7/VQ
-> ssh-ed25519 VQy60Q n1Yq+hoUwjirJusbHSXhAlJDQFE8hLwouFfh8bPcTUc
YRVEgRbG2lEJ5pz6V1owgQ5etWnh81zwunUvQRzegQM
--- az5zrd8PDMTJJW//qtDTp1qw0M0ePTBZwYRnD4UJgxs
‡µÃfЦ¯0"Œ=ÜÁk
ÕÚfbPJ¶ž½JcÂRå}sP¤‘– î±þÚ׶÷ÖÓafƒLÇ*ˆ‰ ÔÃó;»U ]ywÞø:—ÌžéŪç%A,€oÊFTM ¦-Vµì{ó\ÍÁßi]6alg2é6¬½øl2ÏžN ÇÖsq2U#˜0<CB9C>ò<EFBFBD>ïA¼,“pâ¤xYúÝg»RÌ{²ê<C2B2>Âö<C382>à÷ÛÛÐ<C39B>ÁVS£ÈI~Y ^P(é¿?š±² þ7D46å6ßEu«¬œÔQ¹ôåÙ<C3A5>¾zrm_¬Íü9f1&y¥;Ï/—Ï÷—>˜2Äì«—³£lé><3E>ë+¡Nµ¯5Š¼˜Lo€ \hצ463ó0³?

7
secrets/default.nix
View file

@ -13,6 +13,13 @@ in {
then serviceUser "dcbot" # "dcbot" doesn't exist on e.g laptop.
else "root";
};
bread-dcbot = {
file = ./bread-dcbot.age;
owner =
if config.niksos.server
then serviceUser "bread-dcbot" # "dcbot" doesn't exist on e.g laptop.
else "root";
};
password.file = ./password.age;
matrix-registration = {
file = ./matrix-registration.age;

1
secrets/secrets.nix
View file

@ -16,6 +16,7 @@ in {
"transfer-sh.age".publicKeys = keys;
"password.age".publicKeys = keys;
"dcbot.age".publicKeys = keys;
"bread-dcbot.age".publicKeys = keys;
"matrix-registration.age".publicKeys = keys;
"cloudflare-acme.age".publicKeys = keys;
"mail-admin.age".publicKeys = keys;

13
system/server/default.nix
View file

@ -1,4 +1,15 @@
{lib, ...}: {
imports = [./caddy.nix ./index ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix ./forgejo.nix ./temp.nix];
imports = [
./bot.nix
./caddy.nix
./derekBot.nix
./forgejo.nix
./immich.nix
./index
./mail.nix
./matrix.nix
./seafile.nix
./temp.nix
];
options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
}

77
system/server/derekBot.nix Normal file
View file

@ -0,0 +1,77 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.niksos.server;
userGroup = "bread-dcbot";
gitRepo = "https://github.com/The-Breadening/Breadener";
bash = lib.getExe pkgs.bash;
varLib = "/var/lib/";
mainDir =
varLib
+ (
if !cfg
then ""
else userGroup
)
+ "/";
programDir = mainDir + "program";
denoDir = mainDir + "deno";
tokenDir = mainDir + "Breadener-token";
path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
in {
config = lib.mkIf config.niksos.server {
systemd.services.${userGroup} = {
enable = true;
after = ["network.target"];
wantedBy = ["default.target"];
description = userGroup;
environment = {
"DENO_DIR" = denoDir;
"PATH" = lib.mkForce path;
};
preStart = ''
export PATH=${path}
cd "${mainDir}"
chown -R ${userGroup}:${userGroup} ${mainDir}* || echo
rm -rf "${tokenDir}" || echo
mkdir -p "${denoDir}" "${tokenDir}"
ln -s "${config.age.secrets.${userGroup}.path}" "${tokenDir}/prodBot.json"
if [ ! -d "${programDir}" ]; then
git clone "${gitRepo}" "${programDir}"
fi
chmod -R 750 ${mainDir}* || echo
cd "${programDir}"
git fetch
git reset --hard HEAD
DENO_DIR=${denoDir} deno i
'';
serviceConfig = {
StateDirectory = userGroup;
ExecStart = "${bash} -c 'cd ${programDir} && deno run prod'";
User = userGroup;
Group = userGroup;
Restart = "always";
RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s
};
};
users.groups.${userGroup} = {};
users.users.${userGroup} = {
group = userGroup;
isSystemUser = true;
};
};
}