summaryrefslogtreecommitdiffstats
path: root/2configs/nix-community/mediawiki-matrix-bot.nix
diff options
context:
space:
mode:
Diffstat (limited to '2configs/nix-community/mediawiki-matrix-bot.nix')
-rw-r--r--2configs/nix-community/mediawiki-matrix-bot.nix22
1 files changed, 12 insertions, 10 deletions
diff --git a/2configs/nix-community/mediawiki-matrix-bot.nix b/2configs/nix-community/mediawiki-matrix-bot.nix
index 6dff64121..919bfcea7 100644
--- a/2configs/nix-community/mediawiki-matrix-bot.nix
+++ b/2configs/nix-community/mediawiki-matrix-bot.nix
@@ -1,8 +1,12 @@
-{ pkgs, ... }:
-let
- seccfg = toString <secrets/mediawikibot-config.json>;
- statecfg = "/var/lib/mediawiki-matrix-bot/config.json";
-in {
+{ pkgs, config, ... }:
+
+{
+ sops.secrets."mediawikibot-config.json" = {
+ mode = "0440";
+ group = config.users.groups.mediawiki.name;
+ };
+ users.groups.mediawiki = {};
+
systemd.services.mediawiki-matrix-bot = {
description = "Mediawiki Matrix Bot";
after = [ "network-online.target" ];
@@ -12,11 +16,9 @@ in {
RestartSec = "60s";
DynamicUser = true;
StateDirectory = "mediawiki-matrix-bot";
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "mediawikibot-copy-config" ''
- install -D -m644 ${seccfg} ${statecfg}
- '';
- ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${statecfg}";
+ SupplementaryGroups = [ config.users.groups.mediawiki.name ];
+
+ ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${config.sops.secrets."mediawikibot-config.json".path}";
PrivateTmp = true;
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 17:25:38 +0000