feat(ops/meta01): deploy irccat

This deploys irccat, connected to the #snix channel. We drop the custom irccat third_party, it's 2 years older than the latest version in nixpkgs. The irccat.nix module file contains some of the code present in the TVL version, it however moves the secrets merging to ExecStartPre=, given https://github.com/systemd/systemd/issues/19604#issuecomment-989279884 has been fixed for almost a year. Contrary to the setup there, we don't let irccat connect to ZNC, but hackint directly (so make use of the secrets logic). We also drop the network-online.target, and make this overall more tolerant by using Restart=on-failure. Change-Id: Ieac3b744b7ea58b8dddf1cdc37a8bc057b205b1b Reviewed-on: https://cl.snix.dev/c/snix/+/30504 Autosubmit: Florian Klink <flokli@flokli.de> Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz> Tested-by: besadii
2025-03-21 01:33:17 +00:00 · 2025-03-21 01:33:17 +00:00 · c9a77e5b58
commit c9a77e5b58
parent 5d16817f80
5 changed files with 91 additions and 17 deletions
--- a/ops/modules/irccat.nix
+++ b/ops/modules/irccat.nix
@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.irccat;
+  description = "irccat - forward messages to IRC";
+
+  # irccat expects to read its configuration from the *current
+  # directory*, and its configuration contains secrets.
+  #
+  # To make this work we construct the JSON configuration file and
+  # then recursively merge it with an on-disk secret using jq on
+  # service launch.
+  configJson = pkgs.writeText "irccat.json" (builtins.toJSON cfg.config);
+in
+{
+  options.services.irccat = {
+    enable = lib.mkEnableOption description;
+
+    config = lib.mkOption {
+      type = lib.types.attrsOf lib.types.anything; # varying value types
+      description = "Configuration structure (unchecked!)";
+    };
+
+    secretsFile = lib.mkOption {
+      type = lib.types.str;
+      description = "Path to the secrets file to be merged";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.irccat = {
+      inherit description;
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      wants = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStartPre = (pkgs.writeShellScript "merge-irccat-config" ''
+          if [ ! -f "$CREDENTIALS_DIRECTORY/secrets" ]; then
+            echo "irccat secrets file is missing"
+            exit 1
+          fi
+
+          # jq's * is the recursive merge operator
+          ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configJson} "$CREDENTIALS_DIRECTORY/secrets" \
+            > /var/lib/irccat/irccat.json
+        '');
+
+        ExecStart = "${pkgs.irccat}/bin/irccat";
+        DynamicUser = true;
+        StateDirectory = "irccat";
+        WorkingDirectory = "/var/lib/irccat";
+        LoadCredential = "secrets:${cfg.secretsFile}";
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+  };
+}
+