infrastructure/modules/nixos/pounce.nix

{ config, lib, pkgs, tf, ... }: let
  inherit (lib.types) unspecified isType;
  inherit (lib.options) mkEnableOption mkOption;
  inherit (lib.modules) mkIf;
  inherit (lib.attrsets) mapAttrs' nameValuePair mapAttrsToList;
  inherit (lib.strings) concatStringsSep;
  cfg = config.services.pounce;
in {
  options.services.pounce = {
    enable = mkEnableOption "Pounce BNC";
    servers = mkOption {
      type = unspecified;
      default = {};
    };
  };
  config = mkIf (cfg.enable) {
    #services.pounce.servers = builtins.fromJSON tf.variables."pounce-config".import;
    secrets = {
      variables = (mapAttrs' (server: config:
        nameValuePair "pounce-${server}-cert" {
          path = "gensokyo/pounce";
          field = "${server}-cert";
        }
      ) cfg.servers) // (mapAttrs' (server: config:
        nameValuePair "pounce-${server}-password" {
          path = "gensokyo/pounce";
          field = "${server}-password";
        }
      ) cfg.servers) // {
        "pounce-config" = {
          path = "gensokyo/pounce";
          field = "notes";
        };
      };
      files = (mapAttrs' (server: config:
        nameValuePair "pounce-${server}-config" {
          text = concatStringsSep "\n" (mapAttrsToList (key: value: if (builtins.typeOf value == "bool") then "${key}"
            else if (builtins.typeOf value == "int") then "${key} = ${builtins.toString value}"
            else if (builtins.typeOf value == "list") then "${key} = ${concatStringsSep "," value}" else "${key} = ${value}") config);
          owner = "pounce";
          group = "pounce";
        }
      ) cfg.servers) // (mapAttrs' (server: config:
        nameValuePair "pounce-${server}-cert" {
          text = tf.variables."pounce-${server}-cert".ref;
          owner = "pounce";
          group = "domain-auth";
        }
      ) cfg.servers);
    };
    users.users.pounce = {
      uid = 1501;
      isSystemUser = true;
      group = "domain-auth";
    };
    systemd.services = mapAttrs' (name: text: nameValuePair "pounce-${name}" {
      serviceConfig = {
        Type = "simple";
        Restart = "always";
        ExecStart = "${pkgs.pounce}/bin/pounce ${config.secrets.file."pounce-${name}-config".path}";
        WorkingDirectory = "/var/lib/pounce";
        User = "pounce";
        Group = "domain-auth";
      };
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
    }) cfg.servers;
  };
}