From d232d8be33be0f702733aa12d5e3d4888973850c Mon Sep 17 00:00:00 2001
From: kat <kat@inskip.me>
Date: Fri, 7 Oct 2022 15:12:52 -0700
Subject: [PATCH] feat(pounce): hmm

---
 modules/nixos/pounce.nix | 69 ++++++++++++++++++++++++++++++++++++++++
 tf                       |  2 +-
 2 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 modules/nixos/pounce.nix

diff --git a/modules/nixos/pounce.nix b/modules/nixos/pounce.nix
new file mode 100644
index 00000000..d251b5ef
--- /dev/null
+++ b/modules/nixos/pounce.nix
@@ -0,0 +1,69 @@
+{ config, lib, pkgs, tf, ... }: let
+  inherit (lib.types) unspecified isType;
+  inherit (lib.options) mkEnableOption mkOption;
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) mapAttrs' nameValuePair mapAttrsToList;
+  inherit (lib.strings) concatStringsSep;
+  cfg = config.services.pounce;
+in {
+  options.services.pounce = {
+    enable = mkEnableOption "Pounce BNC";
+    servers = mkOption {
+      type = unspecified;
+      default = {};
+    };
+  };
+  config = mkIf (cfg.enable) {
+    #services.pounce.servers = builtins.fromJSON tf.variables."pounce-config".import;
+    secrets = {
+      variables = (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-cert" {
+          path = "gensokyo/pounce";
+          field = "${server}-cert";
+        }
+      ) cfg.servers) // (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-password" {
+          path = "gensokyo/pounce";
+          field = "${server}-password";
+        }
+      ) cfg.servers) // {
+        "pounce-config" = {
+          path = "gensokyo/pounce";
+          field = "notes";
+        };
+      };
+      files = (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-config" {
+          text = concatStringsSep "\n" (mapAttrsToList (key: value: if (builtins.typeOf value == "bool") then "${key}"
+            else if (builtins.typeOf value == "int") then "${key} = ${builtins.toString value}"
+            else if (builtins.typeOf value == "list") then "${key} = ${concatStringsSep "," value}" else "${key} = ${value}") config);
+          owner = "pounce";
+          group = "pounce";
+        }
+      ) cfg.servers) // (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-cert" {
+          text = tf.variables."pounce-${server}-cert".ref;
+          owner = "pounce";
+          group = "domain-auth";
+        }
+      ) cfg.servers);
+    };
+    users.users.pounce = {
+      uid = 1501;
+      isSystemUser = true;
+      group = "domain-auth";
+    };
+    systemd.services = mapAttrs' (name: text: nameValuePair "pounce-${name}" {
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        ExecStart = "${pkgs.pounce}/bin/pounce ${config.secrets.file."pounce-${name}-config".path}";
+        WorkingDirectory = "/var/lib/pounce";
+        User = "pounce";
+        Group = "domain-auth";
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+    }) cfg.servers;
+  };
+}
diff --git a/tf b/tf
index 71bc9843..5ce8affe 160000
--- a/tf
+++ b/tf
@@ -1 +1 @@
-Subproject commit 71bc984387b2b901f430a6271964973550e101c7
+Subproject commit 5ce8affee5346b7ab4d89060ea398212f9ca4630