diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 082b2732cc58..df071473f077 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -175,7 +175,7 @@ dnsmasq = 141; uhub = 142; yandexdisk = 143; - #collectd = 144; #unused + mxisd = 144; # was once collectd consul = 145; mailpile = 146; redmine = 147; @@ -483,7 +483,7 @@ #dnsmasq = 141; # unused uhub = 142; #yandexdisk = 143; # unused - #collectd = 144; # unused + mxisd = 144; # was once collectd #consul = 145; # unused mailpile = 146; redmine = 147; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2b7ee13ef71e..b97758ee6fb3 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -559,6 +559,7 @@ ./services/networking/miredo.nix ./services/networking/mstpd.nix ./services/networking/murmur.nix + ./services/networking/mxisd.nix ./services/networking/namecoind.nix ./services/networking/nat.nix ./services/networking/ndppd.nix diff --git a/nixos/modules/services/networking/mxisd.nix b/nixos/modules/services/networking/mxisd.nix new file mode 100644 index 000000000000..0aa6d0d9ecd3 --- /dev/null +++ b/nixos/modules/services/networking/mxisd.nix @@ -0,0 +1,125 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.mxisd; + + server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; } + // optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; }; + + baseConfig = { + matrix.domain = cfg.matrix.domain; + key.path = "${cfg.dataDir}/signing.key"; + storage = { + provider.sqlite.database = "${cfg.dataDir}/mxisd.db"; + }; + } // optionalAttrs (server != {}) { inherit server; }; + + # merges baseConfig and extraConfig into a single file + fullConfig = recursiveUpdate baseConfig cfg.extraConfig; + + configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig); + +in { + options = { + services.mxisd = { + enable = mkEnableOption "mxisd matrix federated identity server"; + + package = mkOption { + type = types.package; + default = pkgs.mxisd; + defaultText = "pkgs.mxisd"; + description = "The mxisd package to use"; + }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/mxisd"; + description = "Where data mxisd uses resides"; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + description = "Extra options merged into the mxisd configuration"; + }; + + matrix = { + + domain = mkOption { + type = types.str; + description = '' + the domain of the matrix homeserver + ''; + }; + + }; + + server = { + + name = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Public hostname of mxisd, if different from the Matrix domain. + ''; + }; + + port = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + HTTP port to listen on (unencrypted) + ''; + }; + + }; + + }; + }; + + config = mkIf cfg.enable { + users.users = [ + { + name = "mxisd"; + group = "mxisd"; + home = cfg.dataDir; + createHome = true; + shell = "${pkgs.bash}/bin/bash"; + uid = config.ids.uids.mxisd; + } + ]; + + users.groups = [ + { + name = "mxisd"; + gid = config.ids.gids.mxisd; + } + ]; + + systemd.services.mxisd = { + description = "a federated identity server for the matrix ecosystem"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + # mxisd / spring.boot needs the configuration to be named "application.yaml" + preStart = '' + config=${cfg.dataDir}/application.yaml + cp ${configFile} $config + chmod 444 $config + ''; + + serviceConfig = { + Type = "simple"; + User = "mxisd"; + Group = "mxisd"; + ExecStart = "${cfg.package}/bin/mxisd --spring.config.location=${cfg.dataDir}/ --spring.profiles.active=systemd --java.security.egd=file:/dev/./urandom"; + WorkingDirectory = cfg.dataDir; + PermissionsStartOnly = true; + SuccessExitStatus = 143; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nixos/tests/mxisd.nix b/nixos/tests/mxisd.nix new file mode 100644 index 000000000000..3d03a5a53e38 --- /dev/null +++ b/nixos/tests/mxisd.nix @@ -0,0 +1,21 @@ +import ./make-test.nix ({ pkgs, ... } : { + + name = "mxisd"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mguentner ]; + }; + + nodes = { + server_mxisd = args : { + services.mxisd.enable = true; + services.mxisd.matrix.domain = "example.org"; + }; + }; + + testScript = '' + startAll; + $server_mxisd->waitForUnit("mxisd.service"); + $server_mxisd->waitForOpenPort(8090); + $server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"") + ''; +})