added lndconnet

modules/core/sovran-hub.nix

@@ -43,6 +43,10 @@ let
         { label = "URL"; file = "/var/lib/domains/btcpayserver"; prefix = "https://"; }
         { label = "Note"; value = "Create your admin account on first visit"; }
       ]; }
+      { name = "Zeus Connect";       unit = "zeus-connect-setup.service"; type = "system"; icon = "zeus";   enabled = cfg.services.bitcoin;  category = "bitcoin-apps"; credentials = [
+        { label = "Connection URL"; file = "/var/lib/secrets/zeus-connect-url"; }
+        { label = "How to Connect"; value = "1. Download Zeus from App Store or Google Play\n2. Open Zeus → Scan Node Config\n3. Copy and paste the Connection URL above"; }
+      ]; }
       { name = "Mempool";            unit = "mempool.service";      type = "system"; icon = "mempool";      enabled = cfg.features.mempool;  category = "bitcoin-apps"; credentials = [
         { label = "Tor Access"; file = "/var/lib/tor/onion/mempool-frontend/hostname"; prefix = "http://"; }
         { label = "Local Network"; file = "/var/lib/secrets/internal-ip"; prefix = "http://"; suffix = ":60847"; }
@@ -237,4 +241,4 @@ in
     # ── Open firewall port ─────────────────────────────────────
     networking.firewall.allowedTCPPorts = [ 8937 ];
   };
-}
+}

modules/credentials-pdf.nix

@@ -68,7 +68,7 @@ in
         echo "║                                                      ║"
         echo "║  'passwd free' only updates /etc/shadow.             ║"
         echo "║  The Hub and Magic Keys PDF will NOT be updated.     ║"
-        echo "╚════════════════════════════════════════<EFBFBD><EFBFBD>═════════════╝"
+        echo "╚════════════════════════════<EFBFBD><EFBFBD>═════════════════════════╝"
         echo ""
         return 1
       end
@@ -116,6 +116,47 @@ in
     '';
   };
 
+  # ── 1c. Save Zeus/lndconnect URL for hub credentials ────────
+  systemd.services.zeus-connect-setup = {
+    description = "Save Zeus lndconnect URL";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "lnd.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    path = [ pkgs.coreutils "/run/current-system/sw" ];
+    script = ''
+      SECRET_FILE="/var/lib/secrets/zeus-connect-url"
+      mkdir -p /var/lib/secrets
+
+      URL=""
+      if command -v lndconnect >/dev/null 2>&1; then
+        URL=$(lndconnect --url 2>/dev/null || true)
+      elif command -v lnconnect-clnrest >/dev/null 2>&1; then
+        URL=$(lnconnect-clnrest --url 2>/dev/null || true)
+      fi
+
+      if [ -n "$URL" ]; then
+        echo "$URL" > "$SECRET_FILE"
+        chmod 600 "$SECRET_FILE"
+        echo "Zeus connect URL saved."
+      else
+        echo "No lndconnect URL available yet."
+      fi
+    '';
+  };
+
+  # ── Refresh Zeus URL periodically (certs/macaroons may rotate)
+  systemd.timers.zeus-connect-setup = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnBootSec = "2min";
+      OnUnitActiveSec = "30min";
+      Unit = "zeus-connect-setup.service";
+    };
+  };
+
   # ── 2. Timer: Check every 5 minutes ────────────────────────
   systemd.timers.generate-credentials-pdf = {
     description = "Periodically check if Magic Keys PDF needs regenerating";
@@ -172,7 +213,8 @@ in
         /var/lib/secrets/wordpress-admin \
         /var/lib/secrets/vaultwarden/vaultwarden.env \
         /var/lib/domains/vaultwarden \
-        /var/lib/domains/btcpayserver; do
+        /var/lib/domains/btcpayserver \
+        /var/lib/secrets/zeus-connect-url; do
         if [ -f "$f" ]; then
           SECRET_SOURCES="$SECRET_SOURCES$(cat "$f")"
         fi