nixos-config/config/services/matrix-media-repo.nix

75 lines
2.5 KiB
Nix
Raw Normal View History

2022-04-29 16:34:08 +00:00
{ config, pkgs, lib, ... }:
let
matrix-media-repo = pkgs.callPackage ../../packages/matrix/matrix-media-repo.nix { };
2022-04-29 16:42:18 +00:00
config-yml = pkgs.writeText "matrix-media-repo.yaml" (lib.generators.toYAML { } {
2022-04-29 16:34:08 +00:00
repo = {
bindAddress = "127.0.0.1";
port = 8008;
};
2022-04-29 20:11:01 +00:00
database.postgres = "postgresql:///matrix_media_repo?sslmode=disable&host=/run/postgresql";
2022-04-29 16:34:08 +00:00
homeservers = [{
name = "chir.rs";
csApi = "https://matrix.chir.rs";
}];
admins = [ "@lotte:chir.rs" ];
datastores = [{
type = "s3";
enabled = true;
forKinds = [ "all" ];
opts = {
tempPath = "/tmp/mediarepo_s3_upload";
endpoint = "s3.us-west-000.backblazeb2.com";
accessKeyId = "#ACCESS_KEY_ID#";
2022-04-29 20:00:21 +00:00
accessSecret = "#SECRET_ACCESS_KEY#";
2022-04-29 16:34:08 +00:00
ssl = true;
bucketName = "matrix-chir-rs";
region = "us-west-000";
};
}];
});
in
{
systemd.services.matrix-media-repo = {
description = "Matrix Media Repo";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ matrix-media-repo ];
preStart = ''
akid=$(cat ${config.sops.secrets."services/matrix-media-repo/access-key-id".path})
sak=$(cat ${config.sops.secrets."services/matrix-media-repo/access-key-id".path})
2022-04-29 16:42:18 +00:00
cat ${config-yml} > /var/lib/matrix-media-repo/config.yml
2022-04-29 16:46:43 +00:00
sed -i "s|#ACCESS_KEY_ID#|$akid|g" /var/lib/matrix-media-repo/config.yml
sed -i "s|#SECRET_ACCESS_KEY#|$sak|g" /var/lib/matrix-media-repo/config.yml
2022-04-29 16:34:08 +00:00
'';
serviceConfig = {
Type = "simple";
User = "matrix-media-repo";
Group = "matrix-media-repo";
Restart = "always";
ExecStart = "${matrix-media-repo}/bin/media_repo -config /var/lib/matrix-media-repo/config.yml";
};
};
sops.secrets."services/matrix-media-repo/access-key-id".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/secret-access-key".owner = "matrix-media-repo";
users.users.matrix-media-repo = {
description = "Matrix Media Repository";
home = "/var/lib/matrix-media-repo";
useDefaultShell = true;
group = "matrix-media-repo";
isSystemUser = true;
};
users.groups.matrix-media-repo = { };
systemd.tmpfiles.rules = [
"d '/var/lib/matrix-media-repo' 0750 matrix-media-repo matrix-media-repo - -"
];
2022-04-29 20:00:21 +00:00
services.postgresql.ensureDatabases = [
"matrix_media_repo"
2022-04-29 20:00:21 +00:00
];
services.postgresql.ensureUsers = [{
name = "matrix-media-repo";
ensurePermissions = {
2022-04-29 20:04:51 +00:00
"DATABASE matrix_media_repo" = "ALL PRIVILEGES";
2022-04-29 20:00:21 +00:00
};
}];
2022-04-29 16:34:08 +00:00
}