4 files changed, 22 insertions, 2 deletions

diff --git a/config/nix.org b/config/nix.org
index 9111d2d..eb37f90 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -1149,10 +1149,12 @@ because they enhance security.
     users.groups.nginx = lib.mkDefault {};
     users.groups.git = lib.mkDefault {};
     users.groups.ircd = lib.mkDefault {};
+    users.groups.ngircd = lib.mkDefault {};
 
     users.users = {
       ngircd = {
         isSystemUser = lib.mkDefault true;
+        group = "ngircd";
         extraGroups = [ "acme" "nginx" ];
       };
 
@@ -2356,8 +2358,15 @@ the yaml file specified. Yes, this is safe to include in the repo.
           format = "yaml";
           path = "${config.sops.defaultSymlinkPath}/dn42";
         };
+        znc = {
+          format = "yaml";
+          path = "${config.sops.defaultSymlinkPath}/znc";
+        };
+        matrix_bridge = {
+          format = "yaml";
+          path = "${config.sops.defaultSymlinkPath}/matrix_bridge";
+        };
       };
-
       defaultSymlinkPath = "/run/user/1000/secrets";
       defaultSecretsMountPoint = "/run/user/1000/secrets.d";
     };
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index ad244b8..4bbe1bb 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -317,10 +317,12 @@
   users.groups.nginx = lib.mkDefault {};
   users.groups.git = lib.mkDefault {};
   users.groups.ircd = lib.mkDefault {};
+  users.groups.ngircd = lib.mkDefault {};
 
   users.users = {
     ngircd = {
       isSystemUser = lib.mkDefault true;
+      group = "ngircd";
       extraGroups = [ "acme" "nginx" ];
     };
 
diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix
index 2f8defc..943f41f 100644
--- a/nix/modules/secrets.nix
+++ b/nix/modules/secrets.nix
@@ -22,8 +22,15 @@
         format = "yaml";
         path = "${config.sops.defaultSymlinkPath}/dn42";
       };
+      znc = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/znc";
+      };
+      matrix_bridge = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/matrix_bridge";
+      };
     };
-
     defaultSymlinkPath = "/run/user/1000/secrets";
     defaultSecretsMountPoint = "/run/user/1000/secrets.d";
   };
diff --git a/nix/systems/spontaneity/default.nix b/nix/systems/spontaneity/default.nix
index b023414..776149d 100644
--- a/nix/systems/spontaneity/default.nix
+++ b/nix/systems/spontaneity/default.nix
@@ -44,7 +44,9 @@
           "mail.${config.monorepo.vars.remoteHost}" = {};
 
           "nullring.xyz" = {};
+          "matrix.nullring.xyz" = {};
           "talk.nullring.xyz" = {};
+          "mail.nullring.xyz" = {};
           "ret2pop.nullring.xyz" = {};
         };
       };