nixpkgs/nixos/modules/services/matrix/pantalaimon.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.pantalaimon-headless;

  iniFmt = pkgs.formats.ini { };

  mkConfigFile =
    name: instanceConfig:
    iniFmt.generate "pantalaimon.conf" {
      Default = {
        LogLevel = instanceConfig.logLevel;
        Notifications = false;
      };

      ${name} = (
        lib.recursiveUpdate {
          Homeserver = instanceConfig.homeserver;
          ListenAddress = instanceConfig.listenAddress;
          ListenPort = instanceConfig.listenPort;
          SSL = instanceConfig.ssl;

          # Set some settings to prevent user interaction for headless operation
          IgnoreVerification = true;
          UseKeyring = false;
        } instanceConfig.extraSettings
      );
    };

  mkPantalaimonService =
    name: instanceConfig:
    lib.nameValuePair "pantalaimon-${name}" {
      description = "pantalaimon instance ${name} - E2EE aware proxy daemon for matrix clients";
      wants = [ "network-online.target" ];
      after = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        ExecStart = ''${pkgs.pantalaimon-headless}/bin/pantalaimon --config ${mkConfigFile name instanceConfig} --data-path ${instanceConfig.dataPath}'';
        Restart = "on-failure";
        DynamicUser = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateTmp = true;
        ProtectHome = true;
        ProtectSystem = "strict";
        StateDirectory = "pantalaimon-${name}";
      };
    };
in
{
  options.services.pantalaimon-headless.instances = lib.mkOption {
    default = { };
    type = lib.types.attrsOf (lib.types.submodule (import ./pantalaimon-options.nix));
    description = ''
      Declarative instance config.

      Note: to use pantalaimon interactively, e.g. for a Matrix client which does not
      support End-to-end encryption (like `fractal`), refer to the home-manager module.
    '';
  };

  config = lib.mkIf (config.services.pantalaimon-headless.instances != { }) {
    systemd.services = lib.mapAttrs' mkPantalaimonService config.services.pantalaimon-headless.instances;
  };

  meta = {
    maintainers = with lib.maintainers; [ jojosch ];
  };
}
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`let`
			`cfg = config.services.pantalaimon-headless;`

			`iniFmt = pkgs.formats.ini { };`

treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`mkConfigFile =`
			`name: instanceConfig:`
			`iniFmt.generate "pantalaimon.conf" {`
			`Default = {`
			`LogLevel = instanceConfig.logLevel;`
			`Notifications = false;`
			`};`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`${name} = (`
			`lib.recursiveUpdate {`
			`Homeserver = instanceConfig.homeserver;`
			`ListenAddress = instanceConfig.listenAddress;`
			`ListenPort = instanceConfig.listenPort;`
			`SSL = instanceConfig.ssl;`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`# Set some settings to prevent user interaction for headless operation`
			`IgnoreVerification = true;`
			`UseKeyring = false;`
			`} instanceConfig.extraSettings`
			`);`
			`};`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`mkPantalaimonService =`
			`name: instanceConfig:`
nixos/services.pantalaimon-headless: remove `with lib;` 2024-08-24 22:05:37 +02:00			`lib.nameValuePair "pantalaimon-${name}" {`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`description = "pantalaimon instance ${name} - E2EE aware proxy daemon for matrix clients";`
			`wants = [ "network-online.target" ];`
			`after = [ "network-online.target" ];`
			`wantedBy = [ "multi-user.target" ];`

			`serviceConfig = {`
			`ExecStart = ''${pkgs.pantalaimon-headless}/bin/pantalaimon --config ${mkConfigFile name instanceConfig} --data-path ${instanceConfig.dataPath}'';`
			`Restart = "on-failure";`
			`DynamicUser = true;`
			`NoNewPrivileges = true;`
			`PrivateDevices = true;`
			`PrivateTmp = true;`
			`ProtectHome = true;`
			`ProtectSystem = "strict";`
			`StateDirectory = "pantalaimon-${name}";`
			`};`
			`};`
			`in`
			`{`
nixos/services.pantalaimon-headless: remove `with lib;` 2024-08-24 22:05:37 +02:00			`options.services.pantalaimon-headless.instances = lib.mkOption {`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`default = { };`
nixos/services.pantalaimon-headless: remove `with lib;` 2024-08-24 22:05:37 +02:00			`type = lib.types.attrsOf (lib.types.submodule (import ./pantalaimon-options.nix));`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 14:54:15 +02:00			`description = ''`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`Declarative instance config.`

			`Note: to use pantalaimon interactively, e.g. for a Matrix client which does not`
nixos/*: automatically convert option docs 2022-08-05 19:39:00 +02:00			support End-to-end encryption (like `fractal`), refer to the home-manager module.
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`'';`
			`};`

treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 0128fbb0a58f0c85aeaf316b0dfa343246b929c2 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:29:24 +01:00			`config = lib.mkIf (config.services.pantalaimon-headless.instances != { }) {`
			`systemd.services = lib.mapAttrs' mkPantalaimonService config.services.pantalaimon-headless.instances;`
			`};`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00
			`meta = {`
nixos/services.pantalaimon-headless: remove `with lib;` 2024-08-24 22:05:37 +02:00			`maintainers = with lib.maintainers; [ jojosch ];`
nixos/pantalaimon: init 2021-05-30 17:32:10 +02:00			`};`
			`}`