From df8fa7a95f647b434d5af91ad628cf7b4701deea Mon Sep 17 00:00:00 2001
From: Kyren223 <Kyren223@proton.me>
Date: Tue, 22 Jul 2025 17:37:54 +0300
Subject: [PATCH] Added eko module and replaced it with the systemd service for
 eko

---
 flake.lock           | 128 ++++++++++++++++++++++++++++++++++++++-----
 flake.nix            |   4 +-
 nixosModules/eko.nix | 105 ++++++++++++++++++-----------------
 3 files changed, 172 insertions(+), 65 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0d00ff7..1032c04 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750903843,
-        "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
+        "lastModified": 1753140376,
+        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
+        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
         "type": "github"
       },
       "original": {
@@ -20,18 +20,88 @@
         "type": "github"
       }
     },
-    "nixpkgs": {
+    "eko": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nix-filter": "nix-filter",
+        "nixpkgs": "nixpkgs"
+      },
       "locked": {
-        "lastModified": 1751349533,
-        "narHash": "sha256-5XRh0mB06/7WYDLu9ZXsx1GhyvvNVZDtPyg34sUCLJs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "bdfd0f2afcf764e531d0960c821ab070a6174b15",
+        "lastModified": 1753195028,
+        "narHash": "sha256-vtRYW8RaxK3ldRT8HIueIEyfbPtUQW2aqH2jMEqLj2E=",
+        "owner": "kyren223",
+        "repo": "eko",
+        "rev": "4a3adc88c27260cf941dee1f243badd84b7abd7b",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "owner": "kyren223",
+        "ref": "dev",
+        "repo": "eko",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nix-filter": {
+      "locked": {
+        "lastModified": 1731533336,
+        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
+        "owner": "numtide",
+        "repo": "nix-filter",
+        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "nix-filter",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753100475,
+        "narHash": "sha256-FF53JgK0MHjCkaac+GMnikfnK9dJkwHaqXfgKrtDkhs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "bb65d58d5f5a779df1d018b0e3418969ba530628",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -53,6 +123,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1753091883,
+        "narHash": "sha256-oVZt8VRJkO2Gytc7D2Pfqqy7wTnSECzdKPnoL9z8iFA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2baf8e1658cba84a032c3a8befb1e7b06629242a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1689413807,
         "narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=",
@@ -71,13 +157,14 @@
     "root": {
       "inputs": {
         "disko": "disko",
-        "nixpkgs": "nixpkgs",
+        "eko": "eko",
+        "nixpkgs": "nixpkgs_2",
         "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
@@ -94,6 +181,21 @@
         "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81",
         "type": "github"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 60c1e3d..2923bd4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,14 +4,16 @@
     disko.url = "github:nix-community/disko";
     disko.inputs.nixpkgs.follows = "nixpkgs";
     sops-nix.url = "github:Mic92/sops-nix/bd695cc4d0a5e1bead703cc1bec5fa3094820a81";
+    eko.url = "github:kyren223/eko/dev";
   };
 
-  outputs = { nixpkgs, disko, sops-nix, ... }: {
+  outputs = { nixpkgs, disko, sops-nix, eko, ... }: {
     nixosConfigurations.default = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
         disko.nixosModules.disko
         sops-nix.nixosModules.sops
+        eko.nixosModules.eko
         ./host/configuration.nix
         ./host/hardware-configuration.nix
       ];
diff --git a/nixosModules/eko.nix b/nixosModules/eko.nix
index 7a4bb5f..99fd91f 100644
--- a/nixosModules/eko.nix
+++ b/nixosModules/eko.nix
@@ -21,62 +21,65 @@
 
     sops.secrets.eko-server-cert-key = { owner = "eko"; };
 
+    services.eko.enable = true;
+    services.eko.certFile = config.sops.secrets.eko-server-cert-key.path;
+
     environment.etc = {
       "eko/tos.md".text = builtins.readFile ./eko-tos.md;
       "eko/privacy.md".text = builtins.readFile ./eko-privacy.md;
     };
 
-    systemd.services.eko = {
-      description = "Eko - a secure terminal-based social media";
-
-      wants = [ "network-online.target" ];
-      after = [ "network-online.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      # restartTriggers = [ "/var/lib/eko/eko-server" ];
-      reloadTriggers = lib.mapAttrsToList (_: v: v.source or null) (
-        lib.filterAttrs (n: _: lib.hasPrefix "eko/" n) config.environment.etc
-      );
-
-      environment = {
-        EKO_SERVER_CERT_FILE = config.sops.secrets.eko-server-cert-key.path;
-        EKO_SERVER_LOG_DIR = "/var/log/eko";
-        EKO_SERVER_TOS_FILE = "/etc/eko/tos.md";
-        EKO_SERVER_PRIVACY_FILE = "/etc/eko/privacy.md";
-      };
-
-      serviceConfig = {
-        Restart = "on-failure";
-        RestartSec = "10s";
-
-        ExecStart = "%S/eko/eko-server";
-        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
-
-        ConfigurationDirectory = "eko";
-        StateDirectory = "eko";
-        LogsDirectory = "eko";
-        WorkingDirectory = "%S/eko";
-        Type = "simple";
-
-        User = "eko";
-        Group = "eko";
-
-        # Hardening
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectProc = "invisible";
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-          "AF_UNIX"
-        ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-      };
-    };
+    # systemd.services.eko = {
+    #   description = "Eko - a secure terminal-based social media";
+    #
+    #   wants = [ "network-online.target" ];
+    #   after = [ "network-online.target" ];
+    #   wantedBy = [ "multi-user.target" ];
+    #
+    #   # restartTriggers = [ "/var/lib/eko/eko-server" ];
+    #   reloadTriggers = lib.mapAttrsToList (_: v: v.source or null) (
+    #     lib.filterAttrs (n: _: lib.hasPrefix "eko/" n) config.environment.etc
+    #   );
+    #
+    #   environment = {
+    #     EKO_SERVER_CERT_FILE = config.sops.secrets.eko-server-cert-key.path;
+    #     EKO_SERVER_LOG_DIR = "/var/log/eko";
+    #     EKO_SERVER_TOS_FILE = "/etc/eko/tos.md";
+    #     EKO_SERVER_PRIVACY_FILE = "/etc/eko/privacy.md";
+    #   };
+    #
+    #   serviceConfig = {
+    #     Restart = "on-failure";
+    #     RestartSec = "10s";
+    #
+    #     ExecStart = "%S/eko/eko-server";
+    #     ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
+    #
+    #     ConfigurationDirectory = "eko";
+    #     StateDirectory = "eko";
+    #     LogsDirectory = "eko";
+    #     WorkingDirectory = "%S/eko";
+    #     Type = "simple";
+    #
+    #     User = "eko";
+    #     Group = "eko";
+    #
+    #     # Hardening
+    #     ProtectHostname = true;
+    #     ProtectKernelLogs = true;
+    #     ProtectKernelModules = true;
+    #     ProtectKernelTunables = true;
+    #     ProtectProc = "invisible";
+    #     RestrictAddressFamilies = [
+    #       "AF_INET"
+    #       "AF_INET6"
+    #       "AF_UNIX"
+    #     ];
+    #     RestrictNamespaces = true;
+    #     RestrictRealtime = true;
+    #     RestrictSUIDSGID = true;
+    #   };
+    # };
 
     # Enable metrics/logging
     grafana.enable = true;