blob: 51574a9b59e30a486bc10e3db5e1a184e8ea9b45 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# somewhat copied from the nixpkgs module (2020-06-15).
# uses tmux instead of screen and gets rid of the strange suid wrapper.
# Usage is `mosh weechat@host` and it will ForceCommand
# you to the weechat tmux session.
# Should you kill the tmux session, it will restart it after
# a few seconds.
{ config, lib, pkgs, ... }:
let
cfg = config.vuizvui.programs.profpatsch.weechat;
weechatDataDir = "/var/lib/weechat";
sessionName = "weechat";
userName = "weechat";
inherit (pkgs.vuizvui.profpatsch)
writeExecline
getBins
;
bins = getBins pkgs.tmux [ "tmux" ]
// getBins pkgs.weechat [ "weechat" ]
// getBins pkgs.dash [ "dash" ]
// getBins pkgs.s6-portable-utils [ "s6-sleep" ]
// getBins pkgs.mosh [ "mosh-server" ]
;
until = { delaySec }: writeExecline "until" {} [
"if" "-tn" [ "$@" ]
bins.s6-sleep (toString delaySec)
# recurse back into until here
"$0" "$@"
];
startWeechatTmuxSession = wrapper: writeExecline "start-weechat-tmux-session" {} [
"if" ([
bins.tmux
"new-session"
# detach immediately
"-d"
"-s" sessionName
] ++ wrapper ++ [
bins.weechat
])
(until { delaySec = 3; })
# negate has-session
"if" "-n" [
bins.tmux "has-session"
"-t" sessionName
]
];
attachWeechatTmuxSession = writeExecline "attach-weechat-tmux-session" {} [
# make sure that we can use mosh here
bins.mosh-server "--"
bins.tmux
"attach-session"
"-t" sessionName
];
in
{
options.vuizvui.programs.profpatsch.weechat = {
enable = lib.mkEnableOption "weechat";
authorizedKeys = lib.mkOption {
description = "ssh keys that should be able to connect to the weechat tmux session";
type = lib.types.listOf lib.types.str;
};
wrapExecStart = lib.mkOption {
description = "bernstein-chaining command wrapped around weechat";
type = lib.types.listOf lib.types.str;
default = [];
};
};
config = lib.mkIf cfg.enable {
users = {
groups.weechat = {};
users.${userName} = {
isSystemUser = true;
createHome = true;
shell = bins.dash;
group = "weechat";
home = weechatDataDir;
openssh.authorizedKeys.keys = cfg.authorizedKeys;
# give this user access to the bitlbee group and socket
# TODO: should not be here I guess.
extraGroups = [ "bitlbee" ];
};
};
# make sure the only use-case for this account
# is attaching the tmux session.
services.openssh.extraConfig = ''
Match User ${userName}
ForceCommand ${attachWeechatTmuxSession}
'';
systemd.services.weechat = {
environment.WEECHAT_HOME = weechatDataDir;
serviceConfig = {
ExecStart = startWeechatTmuxSession cfg.wrapExecStart;
Restart = "always";
RestartSec = "3s";
User = userName;
Group = "weechat";
};
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
};
# This enables “lingering” for the CI user.
# Inspired by the discussion (and linked code)
# in https://github.com/NixOS/nixpkgs/issues/3702
# This should just be a NixOS option really.
system.activationScripts = {
enableLingering = ''
# remove all existing lingering users
rm -r /var/lib/systemd/linger
mkdir /var/lib/systemd/linger
# enable for the subset of declared users
touch /var/lib/systemd/linger/${userName}
'';
};
};
}
|
