From 7b81c1105558fdad28cd2555fa24cb06453e6ad6 Mon Sep 17 00:00:00 2001
From: Nathan Perry <np@nathanperry.dev>
Date: Wed, 30 Nov 2022 00:40:37 -0500
Subject: nix: move init script to file

---
 flake.nix     | 96 ++++++++++++++++++++++++++++++++++-------------------------
 nix/dbinit.sh | 49 ++++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+), 41 deletions(-)
 create mode 100755 nix/dbinit.sh

diff --git a/flake.nix b/flake.nix
index cba1330..d83334b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -98,6 +98,7 @@
       devShells.default = pkgs.mkShell {
         buildInputs = (with pkgs; [
           devToolchain
+          shellcheck
         ]) ++ (deps pkgs);
 
         RUST_SRC_PATH = "${devToolchain}/lib/rustlib/src/rust";
@@ -108,7 +109,6 @@
         type = "app";
         program = "${pkg}/bin/thulani";
       };
-
     }) // {
       hydraJobs.thulani.x86_64-linux = self.packages.x86_64-linux.default;
 
@@ -125,11 +125,21 @@
           self.nixosModules.default
           "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
 
-          ({ lib, ... }: {
+          ({ config, lib, pkgs, ... }: {
             nixpkgs.overlays = [
               self.overlays.default
             ];
 
+            environment.systemPackages = with pkgs; [
+              (writeShellScriptBin "jl" ''
+                journalctl -eu thulani | cat
+              '')
+
+              (writeShellScriptBin "s" ''
+                exec systemctl status thulani $@
+              '')
+            ];
+
             users = {
               mutableUsers = false;
 
@@ -148,6 +158,8 @@
               groups.test = {};
             };
 
+            security.sudo.wheelNeedsPassword = false;
+
             virtualisation = {
               cores = 8;
               graphics = false;
@@ -159,6 +171,17 @@
             services.thulani = {
               enable = true;
 
+              environment = {
+                STEAM_API_KEY = "";
+                SHEETS_API_KEY = "";
+                SPREADSHEET_ID = "";
+                THULANI_CLIENT_ID = "1";
+                THULANI_TOKEN = "";
+                VOICE_CHANNEL = "1";
+                OWNER_ID = "1";
+                TARGET_GUILD = "1";
+              };
+
               postgres = {
                 enable = true;
               };
@@ -181,16 +204,7 @@
 
           environment = mkOption {
             description = "literal environment to include";
-            type = attrsOf str;
-
-            default = {
-              RUST_BACKTRACE = "1";
-              MAX_HIST = "30";
-              DEFAULT_HIST = "5";
-              MAX_SHEET_COLUMN = "ZZZ";
-            } // (optionalAttrs cfg.postgres.enable {
-              DATABASE_URL = "postgres://${cfg.user}@/${cfg.postgres.db}";
-            });
+            type = attrs;
           };
 
           envFiles = mkOption {
@@ -211,6 +225,18 @@
             default = "thulani";
           };
 
+          userIdMappingFile = mkOption {
+            description = "user id mapping file";
+            type = nullOr path;
+            default = null;
+          };
+
+          restrictFile = mkOption {
+            description = "restrict file";
+            type = nullOr path;
+            default = null;
+          };
+
           postgres = mkOption {
             description = "local postgres server with automatic setup";
 
@@ -229,6 +255,20 @@
         };
 
         config = lib.mkIf cfg.enable {
+          services.thulani.environment = {
+            RUST_BACKTRACE = lib.mkDefault "1";
+            MAX_HIST = lib.mkDefault "30";
+            DEFAULT_HIST = lib.mkDefault "5";
+            MAX_SHEET_COLUMN = lib.mkDefault "ZZZ";
+            YTDL = lib.mkDefault "${pkgs.yt-dlp}/bin/yt-dlp";
+            FFMPEG = lib.mkDefault "${pkgs.ffmpeg_4}/bin/ffmpeg";
+
+            RESTRICT = lib.mkIf (cfg.restrictFile != null) "${cfg.restrictFile}";
+            USER_ID_MAPPING = lib.mkIf (cfg.userIdMappingFile != null) "${cfg.userIdMappingFile}";
+
+            DATABASE_URL = lib.mkIf cfg.postgres.enable "postgres://${cfg.user}@/${cfg.postgres.db}";
+          };
+
           systemd.services.thulani = {
             description = "thulani bot";
 
@@ -255,35 +295,9 @@
               Type = "exec";
               ExecStart = "${cfg.package}/bin/thulani";
               ExecStartPre = let
-                invokePsql = "${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql";
-                preStart = pkgs.writeShellScript "thulani-dbinit" ''
-                  set -euo pipefail
-
-                  ${invokePsql} <<'EOF'
-                  DO $$
-                  BEGIN
-                  CREATE ROLE ${cfg.user} WITH LOGIN;
-                  EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
-                  END
-                  $$;
-
-                  SELECT 'CREATE DATABASE ${cfg.postgres.db}'
-                  WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${cfg.postgres.db}')\gexec
-
-                  ALTER DATABASE ${cfg.postgres.db} OWNER TO ${cfg.user};
-                  EOF
-
-                  echo 'CREATE EXTENSION IF NOT EXISTS pgcrypto' | ${invokePsql} ${cfg.postgres.db}
-
-                  for tbl in $(${invokePsql} -qAt -c "select tablename from pg_tables where schemaname = 'public';" ${cfg.postgres.db}) \
-                             $(${invokePsql} -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" ${cfg.postgres.db}) \
-                             $(${invokePsql} -qAt -c "select table_name from information_schema.views where table_schema = 'public';" ${cfg.postgres.db}) ;
-                  do
-                      ${invokePsql} -c "alter table \"$tbl\" owner to ${cfg.user}" ${cfg.postgres.db};
-                  done
-                '';
-
-              in "+${preStart}";
+                preStart = pkgs.writeShellScript "thulani-dbinit" (builtins.readFile ./nix/dbinit.sh);
+
+              in lib.mkIf cfg.postgres.enable "+${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${preStart} ${config.services.postgresql.package}/bin/psql ${cfg.postgres.db} ${cfg.user}";
 
               EnvironmentFile = cfg.envFiles;
 
diff --git a/nix/dbinit.sh b/nix/dbinit.sh
new file mode 100755
index 0000000..9ca7481
--- /dev/null
+++ b/nix/dbinit.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+PSQL=$1
+DB=$2
+DB_USER=$3
+
+echo 'creating role, database, assigning owner...'
+
+"$PSQL" <<EOF
+DO \$\$
+BEGIN
+CREATE ROLE $DB_USER WITH LOGIN;
+EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
+END
+\$$;
+
+SELECT 'CREATE DATABASE $DB'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$DB')\gexec
+
+ALTER DATABASE $DB OWNER TO $DB_USER;
+EOF
+
+echo 'echo creating pgcrypto extension...'
+
+"$PSQL" -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;" "$DB"
+
+readarray -t TABLES    < <("$PSQL" -qAt -c "SELECT tablename      FROM pg_tables                    WHERE schemaname      = 'public';" "$DB")
+readarray -t SEQUENCES < <("$PSQL" -qAt -c "SELECT sequence_name  FROM information_schema.sequences WHERE sequence_schema = 'public';" "$DB")
+readarray -t VIEWS     < <("$PSQL" -qAt -c "SELECT table_name     FROM information_schema.views     WHERE table_schema    = 'public';" "$DB")
+
+cat <<EOF >&2
+patching owner:
+    tables:     ${TABLES[*]}
+    sequences:  ${SEQUENCES[*]}
+    views:      ${VIEWS[*]}
+EOF
+
+STMT=""
+
+for tbl in "${TABLES[@]}" "${SEQUENCES[@]}" "${VIEWS[@]}"; do
+    STMT+="ALTER TABLE \"$tbl\" OWNER TO $DB_USER;"
+    STMT+=$'\n'
+done
+
+"$PSQL" -c "$STMT" "$DB"
+
+echo "success"
-- 
cgit v1.3.1