Merge pull request 'derek-discordbot' (#1) from derek-discordbot into master

Reviewed-on: #1

secrets/bread-dcbot.age

@@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-ed25519 GQzYWA oxKOXLokaA47vSPUhCobKZnSJSmTXY5HFbOm72XcLho
+RhWCfWMIgacKpR0Yy9m7PN+e0aUx2qp73YQKoMsvq7Y
+-> ssh-ed25519 MfR7VA mUCKaE6KtLwEqx1HUJLCdwLCLE/JmbrsluWFCNnE0zc
+XW8ixc5VPYSiBvtFtOG1SIayrmR7smu0Y+WSChqIrOI
+-> ssh-ed25519 +cvRTg Z5EeXPZ4uK9qpTn3X9QkNgmqVSScY+5SNyW1ff+a9WI
+QTgv8WV+pM32OeAR7IdAIeqdYSyjGRz3DiOT+hP7qzc
+-> ssh-ed25519 WCPLrA 6d7Tu27YChuazPy+A1a58nLCIIIK7aFimMSCW18Wahg
+4XaJsMe97L0y3TH6ytrHa8YJIIXQMPV60Omp6RaepPs
+-> ssh-ed25519 7/ziYw 7L1sXK+Cd2hLne2Vdr0dslWgmZJH0gRWlSPyxDxy8Ro
+reoZzk6rUDLwIUXIz2mlIwRsEJoJp0KGmdZNXVN7/VQ
+-> ssh-ed25519 VQy60Q n1Yq+hoUwjirJusbHSXhAlJDQFE8hLwouFfh8bPcTUc
+YRVEgRbG2lEJ5pz6V1owgQ5etWnh81zwunUvQRzegQM
+--- az5zrd8PDMTJJW//qtDTp1qw0M0ePTBZwYRnD4UJgxs
+‡µÃfЦ¯0"Œ=ÜÁk
+ÕÚf‹bPJ¶ž½JcÂR–å}sP¤‘–	î±þÚ׶÷ÖÓafƒLÇ*ˆ‰ÔÃó;»U	]ywÞø:—ÌžéŪç%A,€oÊFTM¦-Vµì{ó\ÍÁßi]6alg2é6¬½øl2ÏžN>èÇÖsq2U#˜0<CB9C>ò<EFBFBD>ïA¼,“pâ¤xYúÝg›»RÌ{²ê<C2B2>Âö<C382>à÷ÛÛÐ<C39B>ÁVS£ÈI~Y‹ ^P(é¿?•š±²
þ7›D46å6ßEu«¬œÔQ¹ôåÙ<C3A5>€¾zrm_¬–Íü9f1&y¥;Ï/—Ï÷—>˜2Äì«—³£lé><3E>ë+¡Nµ¯5Š¼˜Lo€\hצ463ó0³?

secrets/default.nix

@@ -13,6 +13,13 @@ in {
         then serviceUser "dcbot" # "dcbot" doesn't exist on e.g laptop.
         else "root";
     };
+    bread-dcbot = {
+      file = ./bread-dcbot.age;
+      owner =
+        if config.niksos.server
+        then serviceUser "bread-dcbot" # "dcbot" doesn't exist on e.g laptop.
+        else "root";
+    };
     password.file = ./password.age;
     matrix-registration = {
       file = ./matrix-registration.age;

secrets/secrets.nix

@@ -16,6 +16,7 @@ in {
   "transfer-sh.age".publicKeys = keys;
   "password.age".publicKeys = keys;
   "dcbot.age".publicKeys = keys;
+  "bread-dcbot.age".publicKeys = keys;
   "matrix-registration.age".publicKeys = keys;
   "cloudflare-acme.age".publicKeys = keys;
   "mail-admin.age".publicKeys = keys;

system/server/default.nix

@@ -1,4 +1,15 @@
 {lib, ...}: {
-  imports = [./caddy.nix ./index ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix ./forgejo.nix ./temp.nix];
+  imports = [
+    ./bot.nix
+    ./caddy.nix
+    ./derekBot.nix
+    ./forgejo.nix
+    ./immich.nix
+    ./index
+    ./mail.nix
+    ./matrix.nix
+    ./seafile.nix
+    ./temp.nix
+  ];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }

system/server/derekBot.nix

@@ -0,0 +1,77 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.niksos.server;
+  userGroup = "bread-dcbot";
+  gitRepo = "https://github.com/The-Breadening/Breadener";
+
+  bash = lib.getExe pkgs.bash;
+  varLib = "/var/lib/";
+  mainDir =
+    varLib
+    + (
+      if !cfg
+      then ""
+      else userGroup
+    )
+    + "/";
+  programDir = mainDir + "program";
+  denoDir = mainDir + "deno";
+  tokenDir = mainDir + "Breadener-token";
+  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
+in {
+  config = lib.mkIf config.niksos.server {
+    systemd.services.${userGroup} = {
+      enable = true;
+      after = ["network.target"];
+      wantedBy = ["default.target"];
+      description = userGroup;
+
+      environment = {
+        "DENO_DIR" = denoDir;
+        "PATH" = lib.mkForce path;
+      };
+
+      preStart = ''
+        export PATH=${path}
+
+        cd "${mainDir}"
+        chown -R ${userGroup}:${userGroup} ${mainDir}* || echo
+
+        rm -rf "${tokenDir}" || echo
+        mkdir -p "${denoDir}" "${tokenDir}"
+        ln -s "${config.age.secrets.${userGroup}.path}" "${tokenDir}/prodBot.json"
+
+        if [ ! -d "${programDir}" ]; then
+          git clone "${gitRepo}" "${programDir}"
+        fi
+        chmod -R 750 ${mainDir}* || echo
+
+
+        cd "${programDir}"
+        git fetch
+        git reset --hard HEAD
+
+        DENO_DIR=${denoDir} deno i
+      '';
+
+      serviceConfig = {
+        StateDirectory = userGroup;
+        ExecStart = "${bash} -c 'cd ${programDir} && deno run prod'";
+        User = userGroup;
+        Group = userGroup;
+        Restart = "always";
+        RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s
+      };
+    };
+
+    users.groups.${userGroup} = {};
+    users.users.${userGroup} = {
+      group = userGroup;
+      isSystemUser = true;
+    };
+  };
+}