From d2318bae7c3cca28d39bd8d92bef18c3c8d8178b Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Sat, 24 Aug 2024 01:34:35 +1000
Subject: [PATCH] chore(nix): add nextcloud age permissions

---
 profiles/nextcloud.nix | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix
index eb3d409..fb0c98a 100644
--- a/profiles/nextcloud.nix
+++ b/profiles/nextcloud.nix
@@ -1,11 +1,26 @@
 # NixOps configuration for the hosts running Nextcloud
 {
-  age ? config.age,
   config,
   pkgs,
   lib,
   ...
 }: {
+  age.secrets = {
+    nextcloud-dbpass = {
+      file = ../../secrets/nextcloud-dbpass.age;
+      path = "/run/keys/nextcloud-dbpass";
+      mode = "0640";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    nextcloud-adminpass = {
+      file = ../../secrets/nextcloud-adminpass.age;
+      path = "/run/keys/nextcloud-adminpass";
+      mode = "0640";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
   services.nextcloud = {
     enable = true; # Enable Nextcloud
     hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
@@ -16,8 +31,8 @@
       dbname = "nextcloud"; # Set the database name
       dbhost = "/run/postgresql"; # Set the database connection
       dbuser = "nextcloud"; # Set the database user
-      dbpassFile = age.secrets.nextcloud.dbpass; # Where to find the database password
-      adminpassFile = age.secrets.nextcloud.adminpass; # Where to find the admin password
+      dbpassFile = config.age.secrets.nextcloud-dbpass.path;
+      adminpassFile = config.age.secrets.nextcloud-adminpass.path;
       adminuser = "root"; # Set the admin user name
     };
     autoUpdateApps = {