8 files changed, 32 insertions, 8 deletions

diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 3ac79fb..a1937b0 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -45,6 +45,8 @@
     openFirewall = true;
   };
 
+  my.services.duksebot.enable = true;
+
   # Host <https://linus.onl>.
   my.modules."linus.onl" = {
     enable = true;
diff --git a/pkgs/default.nix b/pkgs/default.nix
index d8ba3f2..c47bb24 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,7 +1,7 @@
 pkgs:
 
 {
-  # duksebot = pkgs.callPackage ./duksebot { };
+  duksebot = pkgs.callPackage ./duksebot { };
 
   tcl-cmark = pkgs.callPackage ./tcl-cmark { };
 
diff --git a/pkgs/duksebot/default.nix b/pkgs/duksebot/default.nix
index 894158a..6908854 100644
--- a/pkgs/duksebot/default.nix
+++ b/pkgs/duksebot/default.nix
@@ -35,7 +35,7 @@ let
     owner = "linnnus";
     repo = "duksebot";
     rev = "0092e752610ec00b5080269721666d1b4c258119";
-    hash = "";
+    hash = "sha256-fGVULOdV1EWXMTJor0MqCYQlTFMUw5m7HOwdmqxViEM=";
   };
 in
 writeShellScriptBin "duksebot"
diff --git a/secrets/duksebot.env.age b/secrets/duksebot.env.age
new file mode 100644
index 0000000..0966b18
--- /dev/null
+++ b/secrets/duksebot.env.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 mPg9Wg yHqNeKclEcQW9LNTC7cK90ktFPFXrgdS9i0NEIf6sRc
+l946gRlb/DSaZDJisfI63i8bf7JpuE4vvc6Xp94SyyY
+-> ssh-rsa 5MROTA
+sV6O2pzXVBV8eF8oCE8seESQSOjh1co5leUtafw1/91vQ/ywOKRB1B/vg9zfLr90
+6O5ei04T6LVwnh+voMKRFhwywTfua3Auzp7JIiFa6n0kcgwcl9gWkBpZgh5gleb4
+XZDWtlbFBhcxhOkt6U1b4OhtZ+n5EUS2LD29aqBsnGSS/hTxJ6y2uox4YtqP7uKK
+V1JR/v6Rs4zwQHAf/l4HmuSPlF8Syp64lX+IZk1zoGuK83Lfju5ZJVQadzwIjib+
+s0cEEqYrnfM2XX8Zu8k7NdbSZU6GMF8Ji01A9R5UdMk10NeJo41TjKR/C1W8x2rB
+YDNm7VpWRfaUFmRrHEIZp+nvq0LL1PCQzMzQB3zN716UmGDo9z5ASbQs/h6616QV
+Aw5xZhc2tII7d4CLLiU0baKOzg3jkQVkV4OewaYN/k0HbD7RVG5Fuq1iNlZ5Wdg2
+hC7o/gvbcMDP9Tdj09SiU8AvGjaa34j8KuQkQcpfeIEMJNRyZ+is3bvaw7+BF1Yh
+VEPYcDOeV48rOMte38ASZ5Sej8eCgqlgiDf5FHr7qupXuX9pwdL/4UhY6Ow8qraB
+jj6NRktdvisBzNkH/NNtxTYC3J8YrYEHy8Hw5PeGTiAgJfSpLrsZFrN9k4AkuaBA
+y2lXYg5EoViWZZMHk/3rzGofKRIKBgZJHGvbeTGvu4M
+-> "IVEZN1}-grease
+KSY4yyS7Hxbl92joSZuCXEkVckpXKUD+MuVia/o+ysiYYAgmktNqoQXKiw
+--- 8q8UlTQuU3KD8sSOXDpuNFFtxE6ZWlcdXi9Ig+tIY8c
+�ϛ�A������OG��=��ӺOH*���0�����
�iS$����#vL+�(i|-�TƦ��||��nh���Yr�?q&�����V�-M��L��Wk����^�q��4����Zo�>�"c�T��:��>�D�V�)�.[q`4T@=�I�UP�=,*���KE\��
\ No newline at end of file
diff --git a/secrets/duksebot.env.example b/secrets/duksebot.env.example
new file mode 100644
index 0000000..7f94920
--- /dev/null
+++ b/secrets/duksebot.env.example
@@ -0,0 +1,3 @@
+# These values should be extracted from the "Webhook URL".
+WEBHOOK_ID=1937492739202080434
+WEBHOOK_TOKEN=w9fkks9nfpQ1EZ6-6r8nNwT-FMKhsmA9jsmksbnFcV43kCQrpamKsASqkmZacJnmuYxV
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b705edf..2a5f13f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,4 +7,5 @@ let
 in
 {
   "cloudflare-ddns-token.env.age".publicKeys = publicKeys;
+  "duksebot.env.age".publicKeys = publicKeys;
 }
diff --git a/services/default.nix b/services/default.nix
index 458fe4e..995ca27 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -8,5 +8,6 @@
   imports =
     [
       ./on-demand-minecraft
+      ./duksebot
     ];
 }
diff --git a/services/duksebot/default.nix b/services/duksebot/default.nix
index f05202c..7e7a3f7 100644
--- a/services/duksebot/default.nix
+++ b/services/duksebot/default.nix
@@ -28,11 +28,9 @@ in
     };
     users.groups.duksebot = { };
 
-    my.secrets.duksebot = {
-      source = ./secrets.env;
-      dest = "/run/keys/duksebot.env";
-      owner = "duksebot";
-      group = "duksebot";
+    age.secrets.duksebot-env = {
+      file = ../../secrets/duksebot.env.age;
+      # TODO: configure permissions
     };
 
     # Create a service which simply runs script. This will be invoked by our timer.
@@ -47,7 +45,7 @@ in
       };
       script = ''
         # Load the secret environment variables.
-        export $(grep -v '^#' /run/keys/duksebot.env | xargs)
+        export $(grep -v '^#' ${config.age.secrets.duksebot-env.path} | xargs)
         # Kick off.
         exec "${cfg.package}"/bin/duksebot
       '';