feat(pounce): hmm

2026-02-09 20:39:18 -08:00 · 2022-10-07 15:12:52 -07:00 · 2022-10-07 15:12:52 -07:00 · d232d8be33
commit d232d8be33
parent bf0ce96fce
2 changed files with 70 additions and 1 deletions
--- a/modules/nixos/pounce.nix
+++ b/modules/nixos/pounce.nix
@ -0,0 +1,69 @@
+{ config, lib, pkgs, tf, ... }: let
+  inherit (lib.types) unspecified isType;
+  inherit (lib.options) mkEnableOption mkOption;
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) mapAttrs' nameValuePair mapAttrsToList;
+  inherit (lib.strings) concatStringsSep;
+  cfg = config.services.pounce;
+in {
+  options.services.pounce = {
+    enable = mkEnableOption "Pounce BNC";
+    servers = mkOption {
+      type = unspecified;
+      default = {};
+    };
+  };
+  config = mkIf (cfg.enable) {
+    #services.pounce.servers = builtins.fromJSON tf.variables."pounce-config".import;
+    secrets = {
+      variables = (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-cert" {
+          path = "gensokyo/pounce";
+          field = "${server}-cert";
+        }
+      ) cfg.servers) // (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-password" {
+          path = "gensokyo/pounce";
+          field = "${server}-password";
+        }
+      ) cfg.servers) // {
+        "pounce-config" = {
+          path = "gensokyo/pounce";
+          field = "notes";
+        };
+      };
+      files = (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-config" {
+          text = concatStringsSep "\n" (mapAttrsToList (key: value: if (builtins.typeOf value == "bool") then "${key}"
+            else if (builtins.typeOf value == "int") then "${key} = ${builtins.toString value}"
+            else if (builtins.typeOf value == "list") then "${key} = ${concatStringsSep "," value}" else "${key} = ${value}") config);
+          owner = "pounce";
+          group = "pounce";
+        }
+      ) cfg.servers) // (mapAttrs' (server: config:
+        nameValuePair "pounce-${server}-cert" {
+          text = tf.variables."pounce-${server}-cert".ref;
+          owner = "pounce";
+          group = "domain-auth";
+        }
+      ) cfg.servers);
+    };
+    users.users.pounce = {
+      uid = 1501;
+      isSystemUser = true;
+      group = "domain-auth";
+    };
+    systemd.services = mapAttrs' (name: text: nameValuePair "pounce-${name}" {
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        ExecStart = "${pkgs.pounce}/bin/pounce ${config.secrets.file."pounce-${name}-config".path}";
+        WorkingDirectory = "/var/lib/pounce";
+        User = "pounce";
+        Group = "domain-auth";
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+    }) cfg.servers;
+  };
+}