nixos-config/config/service/mabel.nix

{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.fudo.services.mabel;

  hostname = config.instance.hostname;

  isMqtt = config.fudo.services.mqtt.enable;

  isMabel = hostname == cfg.mabel-host;

  hostSecrets = config.fudo.secrets.host-secrets."${hostname}";

  mqtt-password-file =
    pkgs.lib.passwd.stablerandom-passwd-file "mabel-mqtt-passwd"
    config.instance.build-seed;

in {
  options.fudo.services.mabel = with types; {
    enable = mkEnableOption "Enable Mabel camera monitor.";

    verbose = mkEnableOption "Enable verbose output.";

    mabel-host = mkOption {
      type = str;
      description = "Host on which to run Mabel.";
    };

    mqtt = {
      username = mkOption {
        type = str;
        description = "User as which to connect to MQTT server.";
        default = "mabel-bot";
      };
    };

    matrix = {
      domain = mkOption {
        type = str;
        description = "Matrix domain on which to connect.";
      };

      username = mkOption {
        type = str;
        description = "User as which to connect to Matrix.";
      };

      token-file = mkOption {
        type = str;
        description = "Authentication for connecting to Matrix.";
      };

      channel = mkOption {
        type = str;
        description = "Channel on which to send notifications.";
      };
    };
  };

  config = mkIf cfg.enable {
    fudo = {
      secrets.host-secrets."${hostname}" = {
        mabel-mqtt-passwd = mkIf isMabel {
          source-file = mqtt-password-file;
          target-file = "/run/mabel-mqtt/passwd";
        };

        mabel-matrix-token = mkIf isMabel {
          source-file = cfg.matrix.token-file;
          target-file = "/run/mabel/matrix.token";
        };
      };

      services.mqtt = mkIf isMqtt {
        private = {
          enable = true;
          users."${cfg.mqtt.username}" = {
            password-file = mqtt-password-file;
            acl = [ "read frigate/#" ];
          };
        };
      };
    };

    services.mabel = mkIf isMabel {
      enable = true;
      verbose = cfg.verbose;
      mqtt = {
        host = config.fudo.services.mqtt.mqtt-hostname;
        port = config.fudo.services.mqtt.private.port;
        username = cfg.mqtt.username;
        password-file = hostSecrets.mabel-mqtt-passwd.target-file;
      };
      matrix = {
        domain = cfg.matrix.domain;
        username = cfg.matrix.username;
        password-file = hostSecrets.mabel-matrix-token.target-file;
        channel-alias = cfg.matrix.channel;
      };
    };
  };
}