1
Fork 0
satellite/hosts/nixos/lapetus/services/pounce.nix

50 lines
1.2 KiB
Nix
Raw Permalink Normal View History

2024-01-31 21:59:11 +01:00
{ config, ... }:
2024-01-31 23:22:55 +01:00
let
user = config.services.pounce.user;
# Helper template for networks
makeNetworkConfig = host: port: join: secret: {
content = ''
sasl-plain = prescientmoon:${config.sops.placeholder.${secret}}
nick = prescientmoon
host = ${host}
port = ${toString port}
join = ${join}
'';
owner = user;
};
2024-01-31 21:59:11 +01:00
in
{
2024-01-31 23:22:55 +01:00
# Generate cert
2024-01-31 21:59:11 +01:00
security.acme.certs."wildcard-irc.moonythm.dev" = {
2024-01-31 23:22:55 +01:00
group = user;
2024-01-31 21:59:11 +01:00
domain = "*.irc.moonythm.dev";
};
2024-01-31 23:22:55 +01:00
# Handle secrets using sops
2024-01-31 21:59:11 +01:00
sops.secrets.tilde_irc_pass.sopsFile = ../secrets.yaml;
sops.templates."pounce-tilde.cfg" = makeNetworkConfig "eu.tilde.chat" 6697 "#meta" "tilde_irc_pass";
2024-01-31 23:22:55 +01:00
# Configure pounce
2024-01-31 22:09:04 +01:00
services.pounce = {
enable = true;
2024-07-08 03:06:27 +02:00
externalHost = "irc.${config.satellite.dns.domain}";
bindHost = "irc.${config.satellite.dns.domain}";
2024-01-31 22:09:04 +01:00
certDir = "/var/lib/acme/wildcard-irc.moonythm.dev";
networks.tilde.config = config.sops.templates."pounce-tilde.cfg".path;
};
2024-07-08 03:06:27 +02:00
satellite.dns.records = [
{
type = "CNAME";
at = "*.irc";
to = "irc";
}
{
type = "CNAME";
at = "irc";
to = config.networking.hostName;
}
];
2024-01-31 21:59:11 +01:00
}