From 4fae68764cc881d0dd537b062c7dbe846043e3fa Mon Sep 17 00:00:00 2001
From: yukkop <hectic.yukkop@gmail.com>
Date: Sun, 26 Apr 2026 22:04:35 +0000
Subject: [PATCH] =?UTF-8?q?feat(`hectic-lab`):=20enable=20sentin=C3=A8lla?=
 =?UTF-8?q?=20watcher=20service?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enable the p2p watcher alongside the existing probe. Peers are discovered
via DNS name peers.hectic-lab.com. TG credentials are loaded from a SOPS
secret sentinèlla/watcher/environment (to be populated with TG_TOKEN and
TG_CHAT_ID).
---
 nixos/system/hectic-lab/sentinèlla.nix | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/nixos/system/hectic-lab/sentinèlla.nix b/nixos/system/hectic-lab/sentinèlla.nix
index fd20c22..17a4c71 100644
--- a/nixos/system/hectic-lab/sentinèlla.nix
+++ b/nixos/system/hectic-lab/sentinèlla.nix
@@ -5,17 +5,31 @@
   domain,
   sslOpts,
   ...
-}: let
+}: { config, ... }: let
   port = 5869;
 in {
-  hectic = {
-    services."sentinèlla".probe = {
+  hectic.services."sentinèlla" = {
+    probe = {
       enable = true;
       inherit port;
     };
+    watcher = {
+      enable              = true;
+      peersDns            = "peers.${domain}";
+      peersPort           = port;
+      pollingIntervalSec  = 60;
+      # TG_TOKEN= and TG_CHAT_ID= are set via this environment file
+      # Add the following to sus/hectic-lab.yaml under sentinèlla/watcher/:
+      #   environment: |
+      #     TG_TOKEN=<bot-token>
+      #     TG_CHAT_ID=<chat-id>
+      environmentFile = config.sops.secrets."sentinèlla/watcher/environment".path;
+    };
   };
 
-  services.nginx =  {
+  sops.secrets."sentinèlla/watcher/environment" = {};
+
+  services.nginx = {
     virtualHosts."probe.${domain}" = sslOpts // {
       forceSSL = true;
       locations."/" = {