1
Fork 0
satellite/hosts/nixos/lapetus/services/pounce.nix
2024-01-31 23:22:55 +01:00

41 lines
1.1 KiB
Nix

{ config, ... }:
let
user = config.services.pounce.user;
# Helper template for networks
makeNetworkConfig = host: port: join: secret: {
content = ''
sasl-plain = prescientmoon:${config.sops.placeholder.${secret}}
nick = prescientmoon
save = /persist/var/lib/pounce/${host}
host = ${host}
port = ${toString port}
join = ${join}
'';
owner = user;
};
in
{
# Create save directory for messages
systemd.tmpfiles.rules = [ "d /persist/state/var/lib/pounce 0755 ${user} ${user} -" ];
# Generate cert
security.acme.certs."wildcard-irc.moonythm.dev" = {
group = user;
domain = "*.irc.moonythm.dev";
};
# Handle secrets using sops
sops.secrets.tilde_irc_pass.sopsFile = ../secrets.yaml;
sops.templates."pounce-tilde.cfg" = makeNetworkConfig "eu.tilde.chat" 6697 "#meta" "tilde_irc_pass";
# Configure pounce
services.pounce = {
enable = true;
externalHost = "irc.moonythm.dev";
bindHost = "irc.moonythm.dev";
certDir = "/var/lib/acme/wildcard-irc.moonythm.dev";
networks.tilde.config = config.sops.templates."pounce-tilde.cfg".path;
};
}