diff --git a/hosts/nixos/lapetus/services/pounce.nix b/hosts/nixos/lapetus/services/pounce.nix index be62bea..3d81295 100644 --- a/hosts/nixos/lapetus/services/pounce.nix +++ b/hosts/nixos/lapetus/services/pounce.nix @@ -1,23 +1,35 @@ { config, ... }: -let makeNetworkConfig = host: port: join: secret: { - content = '' - sasl-plain = prescientmoon:${config.sops.placeholder.${secret}} - nick = prescientmoon - host = ${host} - port = ${toString port} - join = ${join} - ''; - owner = config.services.pounce.user; -}; +let + user = config.services.pounce.user; + + # Helper template for networks + makeNetworkConfig = host: port: join: secret: { + content = '' + sasl-plain = prescientmoon:${config.sops.placeholder.${secret}} + nick = prescientmoon + save = /persist/var/lib/pounce/${host} + host = ${host} + port = ${toString port} + join = ${join} + ''; + owner = user; + }; in { + # Create save directory for messages + systemd.tmpfiles.rules = [ "d /persist/state/var/lib/pounce 0755 ${user} ${user} -" ]; + + # Generate cert security.acme.certs."wildcard-irc.moonythm.dev" = { - group = config.services.pounce.user; + group = user; domain = "*.irc.moonythm.dev"; }; + # Handle secrets using sops sops.secrets.tilde_irc_pass.sopsFile = ../secrets.yaml; sops.templates."pounce-tilde.cfg" = makeNetworkConfig "eu.tilde.chat" 6697 "#meta" "tilde_irc_pass"; + + # Configure pounce services.pounce = { enable = true; externalHost = "irc.moonythm.dev";