Skip to content

Commit

Permalink
refactor(nixos): added pass bot configuration via secret files
Browse files Browse the repository at this point in the history
  • Loading branch information
Wittano committed Aug 22, 2024
1 parent 63c2832 commit ac2dd37
Show file tree
Hide file tree
Showing 6 changed files with 52 additions and 50 deletions.
1 change: 0 additions & 1 deletion .envrc

This file was deleted.

1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,4 @@ api
# Sqlit
*.sqlite
sql
.envrc
41 changes: 32 additions & 9 deletions bot/config/types.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package config

import (
"errors"
"fmt"
"os"
)
Expand All @@ -12,21 +13,43 @@ type BotProperties struct {
}

func NewBotProperties() (prop BotProperties, err error) {
var ok bool

prop.Token, ok = os.LookupEnv("DISCORD_BOT_TOKEN")
if !ok || prop.Token == "" {
err = fmt.Errorf("missing DISCORD_BOT_TOKEN variable")
prop.Token, err = loadEnv("DISCORD_BOT_TOKEN")
if err != nil {
return
}

prop.AppID, ok = os.LookupEnv("APPLICATION_ID")
if !ok || prop.AppID == "" {
err = fmt.Errorf("missing APPLICATION_ID variable")
prop.AppID, err = loadEnv("APPLICATION_ID")
if err != nil {
return
}

prop.ServerGUID = os.Getenv("SERVER_GUID")
prop.ServerGUID, _ = loadEnv("SERVER_GUID")

return
}

func loadEnv(name string) (env string, err error) {
if value, ok := os.LookupEnv(name + "_PATH"); ok {
return loadFromFile(value)
} else {
return loadFromEnvVar(name)
}
}

func loadFromEnvVar(name string) (env string, err error) {
env, ok := os.LookupEnv(name)
if !ok || env == "" {
return "", fmt.Errorf("missing %s variable", name)
}

return
}

func loadFromFile(path string) (env string, err error) {
if _, err = os.Stat(path); errors.Is(err, os.ErrNotExist) {
return
}

b, err := os.ReadFile(path)
return string(b), err
}
6 changes: 3 additions & 3 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

41 changes: 15 additions & 26 deletions nixos.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
with lib;
let
cfg = config.komputer;

komputer = pkgs.callPackage ./default.nix { };
in
{
Expand All @@ -12,27 +11,17 @@ in
package = mkOption {
type = types.package;
default = komputer;
description = "komputer package";
};
guildID = mkOption {
type = types.nullOr types.str;
default = null;
description = "Discord server id, that you deploy bot";
};
applicationID = mkOption {
type = types.str;
applicationIDSecretPath = mkOption {
type = types.path;
description = "Application ID for you local version of komputer bot";
};
token = mkOption {
type = types.str;
description = ''
Discord token for bot.
<REMEMBER!>
Your token never shouldn't be publish on any public git repository e.g. Github or Gitlab
'';
tokenSecretPath = mkOption {
type = types.path;
description = "Path to file, that contain discord token for bot";
};
mongodbURI = mkOption {
type = types.str;
mongodbURISecretPath = mkOption {
type = types.path;
description = "Connection URI to your instance of mongodb";
};
};
Expand All @@ -41,28 +30,28 @@ in
config = mkIf (cfg.enable) {
assertions = [
{
assertion = cfg.token != "";
assertion = cfg.tokenSecretPath != "";
message = "Option komputer.token is empty";
}
{
assertion = cfg.applicationID != "";
assertion = cfg.applicationIDSecretPath != "";
message = "Option komputer.applicationID is empty";
}
{
assertion = cfg.mongodbURI != "";
assertion = cfg.mongodbURISecretPath != "";
message = "Option komputer.mongodbURI is empty";
}
];

systemd.services.komputer = {
description = "Komputer - Discord bot behave as like 'komputer'. One of character in Star Track parody series created by Dem3000";
wantedBy = [ "multi-user.target" ];
path = cfg.package.propagatedBuildInputs or [];
path = cfg.package.propagatedBuildInputs or [ ];
environment = {
DISCORD_BOT_TOKEN = cfg.token;
APPLICATION_ID = cfg.applicationID;
MONGODB_URI = cfg.mongodbURI;
} // (attrsets.optionalAttrs (cfg ? guildID && cfg.guildID != null) { SERVER_GUID = cfg.guildID; });
DISCORD_BOT_TOKEN_PATH = cfg.tokenSecretPath;
APPLICATION_ID_PATH = cfg.applicationIDSecretPath;
MONGODB_URI_PATH = cfg.mongodbURISecretPath;
};
script = "${cfg.package}/bin/komputer";
};
};
Expand Down
12 changes: 1 addition & 11 deletions shell.nix
Original file line number Diff line number Diff line change
Expand Up @@ -3,30 +3,20 @@
, gopls
, ffmpeg
, nixfmt-classic
, protoc-gen-go
, protobuf
, protoc-gen-go-grpc
, act
, go-migrate
, sqlc
, ...
}: mkShell {
hardeningDisable = [ "all" ];
nativeBuildInputs = [
go
protobuf
go-migrate
sqlc
act
];

buildInputs = [
gopls
protoc-gen-go-grpc
protoc-gen-go
ffmpeg
nixfmt-classic
];

GOROOT = "${go}/share/go";

}

0 comments on commit ac2dd37

Please sign in to comment.