From 48b21f661c6dc1f388b640b4fcef4d52de8cdd44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 3 Jun 2022 03:07:11 +0200
Subject: [PATCH] nixos/asf: add ipcPasswordFile option, only delete bot
 configs when managed by nixos, make preStart clearer

---
 nixos/modules/services/games/asf.nix | 44 ++++++++++++++++++----------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/services/games/asf.nix b/nixos/modules/services/games/asf.nix
index ea2bfd40fff..32294d23e90 100644
--- a/nixos/modules/services/games/asf.nix
+++ b/nixos/modules/services/games/asf.nix
@@ -13,6 +13,8 @@ let
     # is in theory not needed as this is already the default for default builds
     UpdateChannel = 0;
     Headless = true;
+  } // lib.optionalAttrs (cfg.ipcPasswordFile != "") {
+    IPCPassword = "#ipcPassword#";
   });
 
   ipc-config = format.generate "IPC.config" cfg.ipcSettings;
@@ -92,6 +94,11 @@ respectively `0` because NixOS takes care of updating everything.
       default = { };
     };
 
+    ipcPasswordFile = mkOption {
+      type = types.path;
+      description = "Path to a file containig the password. The file must be readable by the <literal>asf</literal> user/group.";
+    };
+
     ipcSettings = mkOption {
       type = format.type;
       description = ''
@@ -202,26 +209,33 @@ respectively `0` because NixOS takes care of updating everything.
           }
         ];
 
-        preStart = ''
-          mkdir -p config
-          rm -f www
-          rm -f config/{*.json,*.config}
-
-          ln -s ${asf-config} config/ASF.json
-
-          ${strings.optionalString (cfg.ipcSettings != {}) ''
-            ln -s ${ipc-config} config/IPC.config
-          ''}
-
-          ln -s ${pkgs.runCommandLocal "ASF-bots" {} ''
+        preStart = let
+          createBotsScript = pkgs.runCommandLocal "ASF-bots" {} ''
             mkdir -p $out/lib/asf/bots
+            # clean potential removed bots
+            rm -rf $out/lib/asf/bots/*.json
             for i in ${strings.concatStringsSep " " (lists.map (x: "${getName x},${x}") (attrsets.mapAttrsToList mkBot cfg.bots))}; do IFS=",";
               set -- $i
-              ln -s $2 $out/lib/asf/bots/$1
+              ln -fs $2 $out/lib/asf/bots/$1
             done
-          ''}/lib/asf/bots/* config/
+          '';
+          replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
+        in ''
+          mkdir -p config
 
-          ${strings.optionalString cfg.web-ui.enable ''
+          cp --no-preserve=mode ${asf-config} config/ASF.json
+          ${replaceSecretBin} '#ipcPassword#' '${cfg.ipcPasswordFile}' config/ASF.json
+
+          ${optionalString (cfg.ipcSettings != {}) ''
+            ln -fs ${ipc-config} config/IPC.config
+          ''}
+
+          ${optionalString (cfg.ipcSettings != {}) ''
+            ln -fs ${createBotsScript}/lib/asf/bots/* config/
+          ''}
+
+          rm -f www
+          ${optionalString cfg.web-ui.enable ''
             ln -s ${cfg.web-ui.package}/lib/dist www
           ''}
         '';