maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/nixos/clbot.nix
Luke Granger-Brown b35e358eb5 refactor(ops/nixos): migrate to depot module arg 
Previously the depot argument was provided as config.depot, but the "new
way" of doing things (which is more like the args list provided in the
rest of the depot) is to provide this as the "depot" NixOS module
argument instead.

Change-Id: Ib48b1c7c1bdff9c1eb0618c6cbacc22b651f5f98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2763
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-02 18:00:14 +00:00

75 lines
1.9 KiB
Nix
Raw Blame History

# Module that configures CLBot, our Gerrit->IRC info bridge.
{ depot, config, lib, pkgs, ... }:
let
inherit (builtins) attrValues concatStringsSep mapAttrs readFile;
inherit (pkgs) runCommandNoCC;
inherit (lib)
listToAttrs
mkEnableOption
mkIf
mkOption
removeSuffix
types;
description = "Bot to forward CL notifications";
cfg = config.services.depot.clbot;
mkFlags = flags:
concatStringsSep " "
(attrValues (mapAttrs (key: value: "-${key} \"${toString value}\"") flags));
# Escapes a unit name for use in systemd
systemdEscape = name: removeSuffix "\n" (readFile (runCommandNoCC "unit-name" {} ''
${pkgs.systemd}/bin/systemd-escape '${name}' >> $out
''));
mkUnit = flags: channel: {
name = "clbot-${systemdEscape channel}";
value = {
description = "${description} to ${channel}";
wantedBy = [ "multi-user.target" ];
script = "${depot.fun.clbot}/bin/clbot ${mkFlags (cfg.flags // {
irc_channel = channel;
})} -alsologtostderr";
serviceConfig = {
User = "clbot";
EnvironmentFile = "/etc/secrets/clbot";
Restart = "always";
};
};
};
in {
options.services.depot.clbot = {
enable = mkEnableOption description;
flags = mkOption {
type = types.attrsOf types.str;
description = "Key value pairs for command line flags";
};
channels = mkOption {
type = with types; listOf str;
description = "Channels in which to post (generates one unit per channel)";
};
};
config = mkIf cfg.enable {
# This does not use DynamicUser because we need to make some files
# (notably the SSH private key) readable by this user outside of
# the module.
users = {
groups.clbot = {};
users.clbot = {
group = "clbot";
isNormalUser = false;
};
};
systemd.services = listToAttrs (map (mkUnit cfg.flags) cfg.channels);
};
}
Reference in a new issue View git blame Copy permalink