diff --git a/nixosConfigurations/gerg-desktop/services/vocard/application.yml b/nixosConfigurations/gerg-desktop/services/vocard/application.yml index f10a688..92ce11b 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/application.yml +++ b/nixosConfigurations/gerg-desktop/services/vocard/application.yml @@ -12,41 +12,32 @@ plugins: # The clients to use for track loading. See below for a list of valid clients. # Clients are queried in the order they are given (so the first client is queried first and so on...) clients: - - MUSIC - TVHTML5EMBEDDED - - TV - - ANDROID_VR - - WEB - - WEBEMBEDDED oauth: enabled: true - refreshToken: "@refresh_token@" -# name: # Name of the plugin -# some_key: some_value # Some key-value pair for the plugin -# another_key: another_value + # Set with env vars + #refreshToken: "" lavalink: plugins: - dependency: "dev.lavalink.youtube:youtube-plugin:1.11.5" snapshot: false # setting "enabled: true" is the bare minimum to get OAuth working. enabled: true -# - dependency: "com.github.example:example-plugin:1.0.0" # required, the coordinates of your plugin -# repository: "https://maven.example.com/releases" # optional, defaults to the Lavalink releases repository by default -# snapshot: false # optional, defaults to false, used to tell Lavalink to use the snapshot repository instead of the release repository -# pluginsDir: "./plugins" # optional, defaults to "./plugins" -# defaultPluginRepository: "https://maven.lavalink.dev/releases" # optional, defaults to the Lavalink release repository -# defaultPluginSnapshotRepository: "https://maven.lavalink.dev/snapshots" # optional, defaults to the Lavalink snapshot repository + + # Set with env vars + #pluginsDir: "" server: - password: "@password@" + + # Set with env vars + #password: "" sources: - # The default Youtube source is now deprecated and won't receive further updates. Please use https://github.com/lavalink-devs/youtube-source#plugin instead. youtube: false bandcamp: true soundcloud: true twitch: true vimeo: true nico: true - http: true # warning: keeping HTTP enabled without a proxy configured could expose your server's IP address. + http: true local: false filters: # All filters are enabled by default volume: true @@ -95,14 +86,10 @@ metrics: sentry: dsn: "" environment: "" -# tags: -# some_key: some_value -# another_key: another_value logging: file: - path: ./logs/ - + path: null level: root: INFO lavalink: INFO @@ -116,7 +103,6 @@ logging: includePayload: true maxPayloadLength: 10000 - logback: rollingpolicy: max-file-size: 1GB diff --git a/nixosConfigurations/gerg-desktop/services/vocard/secrets.yaml b/nixosConfigurations/gerg-desktop/services/vocard/secrets.yaml index 1bcc7a4..ba4b672 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/secrets.yaml +++ b/nixosConfigurations/gerg-desktop/services/vocard/secrets.yaml @@ -1,11 +1,10 @@ vocard: - token: ENC[AES256_GCM,data:CCu4yOw4Fvwyx0KkYIikiz3VY2xTPbBx1q92W7FBTp+5fU+UP7yuAwZMWWZtzKdEyypzlk5uJ4tJRwUHqq62EnJqYj4wCVcr,iv:/Nxr9QPjEa67Xxn+tz3TRrcNG+cqEPVsqdjjxLp7R+k=,tag:LcVRrGorxvljJqpgs2bSoA==,type:str] - client_id: ENC[AES256_GCM,data:yd9vcUVxMpAKiPzl1hDI9EJhzA==,iv:dzB8ls0k5kWd+qtbSAkSfAXO0dxIUwdjppGYMkc+OHg=,tag:l1M4XTs79fszfNcFXSzVVg==,type:str] + token: ENC[AES256_GCM,data:aNRKBA94pqMCsRypIiVEmNMQK6cKCWa7pHC8dNpYSYGrn58i5PF+ByoR0k6AgGagBCtp//1fb9JzDHHLBKEbx5DH8J3B/D+F,iv:65zw7RZbFPvvBxz09OTnAci/dugbEvNj48ObxpYcmLE=,tag:Kcx0X+6mtm50S51c06oJ8g==,type:str] + client_id: ENC[AES256_GCM,data:E490VeSSfy4q7Ztc+7mng3LcAg==,iv:iLLhg7/okFFFGNSOPH7JmOGeMjcjzk1AdtkhgZbGx9Y=,tag:gWKPUjlqVTKqOzzdFHP+FQ==,type:str] spotify_client_id: ENC[AES256_GCM,data:uwqtWL7JZnN6FsPfTxtBjEgjE7qwGcKbDnloO6SNWs4=,iv:HMZ42J2oXavE4NZCmP1MUVZ+s9Px4XBDRWIbCcl6dYs=,tag:iO8hn8mlNGS1dcLBwwl/AQ==,type:str] spotify_client_secret: ENC[AES256_GCM,data:YnfLj7RPTaucpZCqnel2gStd8oBcbWnL4/+KnkyT4u0=,iv:W6gXch7jH5jFp0PJy0LZ7vq1yCtO1NLbCTR3N6r47nQ=,tag:ct5Y786N6qVkZCts6pZniQ==,type:str] -lavalink: - refresh_token: ENC[AES256_GCM,data:xiPmWhJTQ4OBIeB98t8qtDVQ7e/KVcThTmw5KE0VCIPfm6g7sOzXt7f91nSXX3wBvmy3tX+xii9/rp4dAg3b3/NYL4uHnLsKjM1wGTSH+KuCkbmJZDNYEk2OMSOlAK2x0yAMvpFB,iv:IdITL9x+yfVzf9yqDgJPUBok0Zn/CtN0CVF4AGIcgj8=,tag:DvQChj3Mng47LvNBYd6NAg==,type:str] - password: ENC[AES256_GCM,data:boIoVKGcXWAaKx6rOH1w1awTGfc=,iv:mX8WaaeeQXqyVuM5oA5tUUG7h7C0rV9QAVoHW/InyPc=,tag:Q/P3T5o1CMlbxe+UWyOP3A==,type:str] + password: ENC[AES256_GCM,data:7yGTh6LPtoZvJgSvLvbZQ5Gx0Xw=,iv:UKy14fJZhn5EwtMxd6vZ5X55Tk3iOW7UUF9GVXyhup8=,tag:bKoNLltZQPgmT2mv7kDSQw==,type:str] +lavalink: ENC[AES256_GCM,data:Ub5baoxk8fOtchrOKR1YRwgrv/ja8e/9BY1Qaf+njDnvATSrRTcsvNZYU+YZb7OnJjfGRC5qytZo7T0ZBqHSFEdqvZToBHj0nVDTrXnbCm5o+NLKegCkofMG0c3D7JOB6lsc/0zBh8DF+i2M/Z5PNfmeE5Woe8Ev4gZEKyXQmFswULC5tsUqtnf7itQinf+FPDYqKA8Fi90JRWADt/XM1xRRZ4k5QthJ3kIQjYLa4+EOiSTAwIGxAvljl8c=,iv:cdpyakU0/eolOnamevITA4CKpNkU8lRYsOYFOUW8mO8=,tag:dT5lGvsUZDO5Esjyrn77Dg==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +20,8 @@ sops: WC9NVmdtWjlWSWN6dUwwMFdPRmpxWG8Ka0i27kBbA4p835RWsEPIghFTwxo4elOz PL0TnuMNnl66TJiD0x6oRMn8tb6wQIAqGxBt9Jb2lj24eXCtzfGbEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-26T22:57:12Z" - mac: ENC[AES256_GCM,data:mb/kTo9zPyLbDJlvh6+P9GTzTVzVt7RMBnzS/qMDUvUR9OAP+zSt1Vf80oXnO3WqRncgRrIi1k3oKeipKHdTxmzXae+jefh7oOMGCeXI51IlnOhkA0MBgrN/jSMwEinYmqDGemzB7ff9quATtm8N/SoxepkR1ddikgEX6Zfr0mw=,iv:yTm2at3lgb1uWCsETw/XpDdrfKv5/8b1oxU2Eq89tbk=,tag:AP8vrUHejq2gsnkSBWHKyA==,type:str] + lastmodified: "2025-03-02T22:44:35Z" + mac: ENC[AES256_GCM,data:dwm0LX9/56Vy2r962RrQx+NNUoTBOs80Jvo25+ZKnixZUPuUdeNS0VXdFRMXLQiUEBzTIBhfVYOzAjSq3XwFvR1q+sQyYizmCLowHnPcicu/0j9qlNRtIItMRk21LMwytG57OgRFLs1RGnvhAYanLyGrqm2mHUWlKKd6C8BdgiE=,iv:UBIYoZyMp2A1hKiWd9+akuxnnAg/TTHYSaiWkInso0I=,tag:Mcfykfj9aKzpf47Pr2XExw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix index 3062f6b..0fa1967 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix +++ b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix @@ -6,82 +6,66 @@ { sops = { secrets = - builtins.mapAttrs - ( - _: v: - v - // { - sopsFile = ./secrets.yaml; - } - ) - { - "vocard/token" = { }; - "vocard/client_id" = { }; - "vocard/spotify_client_id" = { }; - "vocard/spotify_client_secret" = { }; - "lavalink/refresh_token" = { }; - "lavalink/password" = { }; - + { + lavalink = { + sopsFile = ./secrets.yaml; + restartUnits = [ + "vocard.service" + "lavalink.service" + ]; }; - templates = { - vocard = { - path = "/persist/services/vocard/settings.json"; - restartUnits = [ - "vocard.service" - "lavalink.service" - ]; - content = - builtins.replaceStrings - [ - "@token@" - "@client_id@" - "@spotify_client_id@" - "@spotify_client_secret@" - "@password@" - ] - [ - config.sops.placeholder."vocard/token" - config.sops.placeholder."vocard/client_id" - config.sops.placeholder."vocard/spotify_client_id" - config.sops.placeholder."vocard/spotify_client_secret" - config.sops.placeholder."lavalink/password" - ] - (builtins.readFile ./settings.json); - }; + } + // builtins.listToAttrs ( + map + (x: { + name = "vocard/${x}"; + value.sopsFile = ./secrets.yaml; + }) + [ + "token" + "client_id" + "spotify_client_id" + "spotify_client_secret" + "password" + ] + ); - lavalink = { - path = "/persist/services/lavalink/application.yml"; - restartUnits = [ - "vocard.service" - "lavalink.service" - ]; - content = - builtins.replaceStrings - [ - "@refresh_token@" - "@password@" - ] - [ - config.sops.placeholder."lavalink/refresh_token" - config.sops.placeholder."lavalink/password" - ] - (builtins.readFile ./application.yml); - }; + templates.vocard = { + restartUnits = [ + "vocard.service" + "lavalink.service" + ]; + content = + builtins.replaceStrings + [ + "@token@" + "@client_id@" + "@spotify_client_id@" + "@spotify_client_secret@" + "@password@" + ] + (builtins.attrValues { + inherit (config.sops.placeholder) + "vocard/token" + "vocard/client_id" + "vocard/spotify_client_id" + "vocard/spotify_client_secret" + "vocard/password" + ; + }) + (builtins.readFile ./settings.json); }; }; - systemd.tmpfiles.rules = [ - "d /persist/services/vocard - - - - -" - "d /persist/services/lavalink - - - - -" - ]; - systemd.services = { vocard = { wantedBy = [ "multi-user.target" ]; - wants = [ + + bindsTo = [ "lavalink.service" ]; + + requires = [ "network-online.target" - "lavalink.service" "ferretdb.service" ]; after = [ @@ -92,7 +76,8 @@ ]; serviceConfig = { ExecStart = lib.getExe self'.packages.vocard; - WorkingDirectory = "/persist/services/vocard"; + DynamicUser = true; + LoadCredential = "settings.json:${config.sops.templates.vocard.path}"; Restart = "on-failure"; RestartSec = "30s"; }; @@ -104,9 +89,13 @@ "syslog.target" "network-online.target" ]; + + environment.LAVALINK_PLUGINS_DIR = self'.packages.lavalinkPlugins; + serviceConfig = { - ExecStart = lib.getExe self'.packages.lavalink; - WorkingDirectory = "/persist/services/lavalink"; + ExecStart = "${lib.getExe self'.packages.lavalink} --spring.config.location='file:${./application.yml}'"; + DynamicUser = true; + EnvironmentFile = config.sops.secrets.lavalink.path; Restart = "on-failure"; RestartSec = "30s"; }; @@ -114,4 +103,15 @@ }; services.ferretdb.enable = true; + + systemd.mounts = [ + { + what = "/persist/services/ferretdb"; + where = "/var/lib/private/ferretdb"; + wantedBy = [ "ferretdb.service" ]; + bindsTo = [ "ferretdb.service" ]; + type = "none"; + options = "bind"; + } + ]; } diff --git a/packages/lavalink/package.nix b/packages/lavalink/package.nix index 301cae8..64104ea 100644 --- a/packages/lavalink/package.nix +++ b/packages/lavalink/package.nix @@ -14,24 +14,17 @@ stdenvNoCC.mkDerivation (finalAttrs: { hash = "sha256-G4a9ltPq/L0vcazTQjStTlOOtwrBi37bYUNQHy5CV9Y="; }; - plugin = fetchurl { - url = "https://github.com/lavalink-devs/youtube-source/releases/download/1.11.5/youtube-plugin-1.11.5.jar"; - hash = "sha256-Zz4S5mWcsVFWGmN41L34GqZeCOswt/CAn+1PN1XJtbk="; - }; - dontUnpack = true; nativeBuildInputs = [ makeBinaryWrapper ]; buildCommand = '' install -Dm644 "$src" "$out/lib/Lavalink.jar" - install -Dm644 "$plugin" "$out/plugins/youtube-plugin.jar" - mkdir -p $out/bin - makeWrapper ${lib.getExe zulu17} $out/bin/lavalink \ - --add-flags "-jar -Xmx4G $out/lib/Lavalink.jar" + mkdir -p "$out/bin" + makeWrapper '${lib.getExe zulu17}' "$out/bin/lavalink" \ + --add-flags "-jar $out/lib/Lavalink.jar" ''; meta.mainProgram = "lavalink"; - }) diff --git a/packages/lavalinkPlugins/package.nix b/packages/lavalinkPlugins/package.nix new file mode 100644 index 0000000..acb8327 --- /dev/null +++ b/packages/lavalinkPlugins/package.nix @@ -0,0 +1,13 @@ +{ + fetchurl, + linkFarm, +}: +linkFarm "lavalinkPlugins" [ + { + name = "youtube-plugin-1.11.5.jar"; + path = fetchurl { + url = "https://github.com/lavalink-devs/youtube-source/releases/download/1.11.5/youtube-plugin-1.11.5.jar"; + hash = "sha256-Zz4S5mWcsVFWGmN41L34GqZeCOswt/CAn+1PN1XJtbk="; + }; + } +] diff --git a/packages/vocard/package.nix b/packages/vocard/package.nix index 5dc17c5..3f07993 100644 --- a/packages/vocard/package.nix +++ b/packages/vocard/package.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation { runHook postBuild ''; - patches = [ ./use_cwd.patch ]; + patches = [ ./useLoadCredential.patch ]; nativeBuildInputs = [ makeBinaryWrapper diff --git a/packages/vocard/use_cwd.patch b/packages/vocard/useLoadCredential.patch similarity index 89% rename from packages/vocard/use_cwd.patch rename to packages/vocard/useLoadCredential.patch index 84617ca..32c90f4 100644 --- a/packages/vocard/use_cwd.patch +++ b/packages/vocard/useLoadCredential.patch @@ -1,5 +1,6 @@ + diff --git a/function.py b/function.py -index 6e09f5e..f0f6a11 100644 +index 6e09f5e..0c8bfa4 100644 --- a/function.py +++ b/function.py @@ -18,7 +18,7 @@ from motor.motor_asyncio import ( @@ -7,7 +8,7 @@ index 6e09f5e..f0f6a11 100644 ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) -if not os.path.exists(os.path.join(ROOT_DIR, "settings.json")): -+if not os.path.exists(os.path.join(os.getcwd(), "settings.json")): ++if not os.path.exists(os.path.join(os.getenv("CREDENTIALS_DIRECTORY"), "settings.json")): raise Exception("Settings file not set!") #--------------- Cache Var --------------- @@ -57,19 +58,21 @@ index 6e09f5e..f0f6a11 100644 if len(keys) == 1: return LANGS.get(lang, {}).get(keys[0], "Language pack not found!") diff --git a/main.py b/main.py -index e2c6b9e..4ff7de6 100644 +index e2c6b9e..98dc34b 100644 --- a/main.py +++ b/main.py -@@ -81,12 +81,6 @@ class Vocard(commands.Bot): +@@ -80,13 +80,7 @@ class Vocard(commands.Bot): + await self.ipc.connect() except Exception as e: func.logger.error(f"Cannot connected to dashboard! - Reason: {e}") - +- - if not func.settings.version or func.settings.version != update.__version__: - func.update_json("settings.json", new_data={"version": update.__version__}) - - await self.tree.set_translator(Translator()) - await self.tree.sync() - ++ await self.tree.sync() async def on_ready(self): func.logger.info("------------------") func.logger.info(f"Logging As {self.user}") @@ -78,7 +81,7 @@ index e2c6b9e..4ff7de6 100644 # Loading settings and logger -func.settings = Settings(func.open_json("settings.json")) -+func.settings = Settings(func.open_json(os.path.join(os.getcwd(),"settings.json"))) ++func.settings = Settings(func.open_json(os.path.join(os.getenv("CREDENTIALS_DIRECTORY"),"settings.json"))) LOG_SETTINGS = func.settings.logging if (LOG_FILE := LOG_SETTINGS.get("file", {})).get("enable", True):