thegeneralist01/infofeeder-bot
1
Fork 0
Code Issues Pull requests Activity

add resources flow and secure config

Browse source 
Document resources, extend list actions, and wire Nix settings/token handling to support new resource saves and UI tweaks.
This commit is contained in:
TheGeneralist 2026-02-03 09:05:29 +01:00
parent 47a712b4ae
commit 6f3c5a6894
Signed by: thegeneralist01
SSH key fingerprint: SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
4 changed files with 916 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

75
flake.nix
View file

@ -38,6 +38,16 @@
}:
let
cfg = config.services.readlater-bot;
tomlFormat = pkgs.formats.toml { };
defaultSettings = {
data_dir = "/var/lib/readlater-bot";
retry_interval_seconds = 30;
};
mergedSettings = defaultSettings // cfg.settings;
settingsFile = tomlFormat.generate "readlater-bot.toml" mergedSettings;
runtimeConfig = "/run/readlater-bot/config.toml";
useRuntimeConfig = cfg.configFile == null;
configPath = if useRuntimeConfig then runtimeConfig else cfg.configFile;
in
{
options.services.readlater-bot = {
@ -47,22 +57,81 @@
default = self.packages.${pkgs.system}.default;
description = "Package providing the bot binary.";
};
settings = lib.mkOption {
type = tomlFormat.type;
default = { };
description = "TOML settings without the token.";
};
tokenFile = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to a file containing the Telegram bot token.";
};
configFile = lib.mkOption {
type = lib.types.path;
description = "Path to TOML config file.";
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to a TOML config file (bypasses settings/tokenFile).";
};
user = lib.mkOption {
type = lib.types.str;
default = "readlater-bot";
description = "User account for the bot service.";
};
group = lib.mkOption {
type = lib.types.str;
default = "readlater-bot";
description = "Group for the bot service.";
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.configFile != null || cfg.tokenFile != null;
message = "services.readlater-bot: set tokenFile with settings, or provide configFile.";
}
{
assertion = !(cfg.settings ? token);
message = "services.readlater-bot: do not set settings.token; use tokenFile.";
}
{
assertion = cfg.configFile == null || (cfg.settings == { } && cfg.tokenFile == null);
message = "services.readlater-bot: when configFile is set, do not set settings or tokenFile.";
}
];
users.users = lib.mkIf (cfg.user == "readlater-bot") {
readlater-bot = {
isSystemUser = true;
group = cfg.group;
};
};
users.groups = lib.mkIf (cfg.group == "readlater-bot") {
readlater-bot = { };
};
systemd.services.readlater-bot = {
description = "Read Later Telegram bot";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
preStart = lib.optionalString useRuntimeConfig ''
umask 0077
{
printf 'token = "%s"\n' "$(cat ${cfg.tokenFile})"
cat ${settingsFile}
} > ${runtimeConfig}
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/readlater-bot --config ${cfg.configFile}";
ExecStart = "${cfg.package}/bin/readlater-bot --config ${configPath}";
Restart = "on-failure";
RestartSec = 5;
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "readlater-bot";
RuntimeDirectoryMode = "0700";
StateDirectory = "readlater-bot";
StateDirectoryMode = "0700";
};
};
};