From dbf7a334bbabbd7f781e20bc9611f972d2a32585 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Sat, 24 Aug 2024 00:18:23 +1000
Subject: [PATCH] chore(nix): add nextcloud secrets

---
 profiles/nextcloud.nix          |  7 +++----
 secrets/nextcloud-adminpass.age | 35 +++++++++++++++++++++++++++++++++
 secrets/nextcloud-dbpass.age    | 35 +++++++++++++++++++++++++++++++++
 secrets/secrets.nix             |  2 ++
 4 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 secrets/nextcloud-adminpass.age
 create mode 100644 secrets/nextcloud-dbpass.age

diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix
index b1e27f3..eb3d409 100644
--- a/profiles/nextcloud.nix
+++ b/profiles/nextcloud.nix
@@ -1,12 +1,11 @@
 # NixOps configuration for the hosts running Nextcloud
 {
+  age ? config.age,
   config,
   pkgs,
   lib,
   ...
 }: {
-  imports = [../secrets/nextcloud.nix];
-
   services.nextcloud = {
     enable = true; # Enable Nextcloud
     hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
@@ -17,8 +16,8 @@
       dbname = "nextcloud"; # Set the database name
       dbhost = "/run/postgresql"; # Set the database connection
       dbuser = "nextcloud"; # Set the database user
-      dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
-      adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
+      dbpassFile = age.secrets.nextcloud.dbpass; # Where to find the database password
+      adminpassFile = age.secrets.nextcloud.adminpass; # Where to find the admin password
       adminuser = "root"; # Set the admin user name
     };
     autoUpdateApps = {
diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age
new file mode 100644
index 0000000..51d164d
--- /dev/null
+++ b/secrets/nextcloud-adminpass.age
@@ -0,0 +1,35 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBlK2lF
+RHorTEwvNGIrQjA4YmlMM3U3UTV4WGZzZ1RvZHRKT0xhN0s1TVJRCmZaaithSTZZ
+QmM0RHBkZHhYelZ5dHc4OXRNMkVGM1REcGVwbi9kaVJaUHcKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIGhmaGNtNDJKa2F2UWszOWZRNnpLVHpqNzZJdTkwMmZVeGtTVmpJ
+YzdiUWMKT0ZtNWtidGE1UGJTTDd1R0RCNjh4aStDY09zMFZ4OGxiM1Z6RXozZDdD
+SQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgL2hCQnFVU0VXd3NMVHpab0dWK1ZFWGFx
+TTZ1UGVmSU9ZVlU4TCtWOWRYbwo2UmtKellzYnBuYUVYZnpxdUN6bHhRSkU1UW5Q
+eFBhZVFZS2oxa0N1c29ZCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBTT0REVTFEdjVS
+d0dyR0N6R3J4aU9CdkhzR043UHdidUFaNlh3aFNKSW1zCjFpM0FLS292eWJidy9N
+UzBtQ3Z3cUpZYWtiZzhxbU1wS2ZNeE9hTWloUE0KLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IHB2RFNQYVNkdGRMUEJrZGI3bTUwTW1Wb28vV2xDamdtUGI0cnliWHUzajgK
+L3RDeFBNcXk5Y2Jua1N4dGxmRktsSkFoOVowYUlVTndnbEdiNlgzRmtCdwotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgT3YxblhjMWphNFQzWmdhZjFhK0NZWUxsbC9PbWNt
+Q1VFeTRVZU95eUJnUQpkQmRrQndoZWdBcWEvYURPR1FNWmdGcDJlc042QjF6VUNM
+blR3Mm5BOGRFCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA1Vk9ObVpqZFhwOXd6azJ2
+UXd3STRkZzNlNXJ4VVhGNmM4a0x2ZkR1Q1FrCndaVmNqMWRYd21OVVkxMEhhSTdo
+b21TYWFKL1dSczg2eU8wTi9FUE9kUkEKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIDNL
+N1J5M2tYN3cwT1piMitpRnR3dU1RbDczSldObmZLbkRlTXRMcEd0MUEKSjlselpF
+WnQzbXd3aXJDbUs0QzZ5d3UzSlp0cHlGRlpTYUhsdXhXSHVFNAotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgOXJGWDk2STBqaTFFbVRqMDFvVlh3NTJDemR3N1U0c0IrT2tx
+aStraGJ3NApCSHFQZVlzbWtTdkFWbytnS1dyd2Y5LzJIakMrRDZQK2pwZWpEKzlk
+bDdnCi0+IHNzaC1lZDI1NTE5IHVsMGt4USAwcmFsc0xIQzVObWNDeTU3YXVuVjd4
+Yy9jRnZmT09DOHhnYlJIQUtOYnpnCkYrVzcrZkFsTURkUzlYbDhNR1hCZFFZaklH
+blo0TytUcFBINTRqTE5JM28KLT4gc3NoLWVkMjU1MTkgWnc1SGt3IE9pN29ic0FI
+TUJlT3o0cUs1YlNOUEdWcllWZmlrVGVFRG9TTzF3OHJwaE0KTzFhVEtxb0hmVXNG
+R25lZVNKbkQ3TVhoRjlWR2JlQ016ZWVNVTZKSWlnSQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgRC84ZDIyc3BId1NROVNodDNLNXJjaUN1ZDI3bTk4Q0lmelMzbUZHc1ds
+awpzTjdqeXJwWTBRd2xlK3FrODVRZm9oZkdRMnJWUVgvL3luMXZEaExGYWxRCi0+
+IEApTS1ncmVhc2UgQ1xxMyBeT1tDTnxPID0KWmVJdTR2all6K2t1TnZlLzhYYUtS
+R1Y4YTFQb2RaZnlFQzEzT0JNMjU1VWhYYkxCVWg2K1M4RmJNUVNjUk0xMQpkckND
+MzJrTXlPUjJhQUY1WFQ0UE1OaUdtRk52SmdrK0NNdU5adHkxCi0tLSA0TUU2L1J2
+QkdRWmppaTI5L2twaGttUUlURE1MY3ZXVnVxZEVHNTJSK3BBCucjRXVgU2KZE8S3
+P695DXvhJHlpWrKEvjZAooTzzW26s1Z2Yk4sclXQEOFQaXx+aBHkeovdxi/gUA==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/nextcloud-dbpass.age b/secrets/nextcloud-dbpass.age
new file mode 100644
index 0000000..1d64fdb
--- /dev/null
+++ b/secrets/nextcloud-dbpass.age
@@ -0,0 +1,35 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBBZ2dt
+WkdZWDlDNkRRZkZZL2J0aFRUZm1ZUnBDbUNqUVhEK1I2UVBPaWg4CmoxSDVVR3RP
+WmoySkcrMHBkd0dnLzZNbTgvUDlLSnZTUzRmK0FqelJtOVEKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIFpzc0gvTHJUVmxLbGh5RnNWZGdtdGg2aWp3U2hncllPZm05Yi8x
+YWpXeEUKM1lBMXluSDh3YXJYajlQUVJ6R3FqRWZ0UzYrNXJHd0VhUXRNVHJJK1Q0
+NAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgc2E0dHhWVXZUSVJSdGFrTXpxeFpHcU1u
+Q2RRVXBnTHByZ2c1WlpIMTYxdwpWUkJUTWxEcGNGUGhnKzNVTk94OXN0YWRKTnJM
+b3U4VFp6WEVsaXZ5d21vCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBOUFlRb3BXQ1Nu
+dEhieTRwMW44NGRyVFhKVm9UNUtROWFDbWVsNWcwV2xvCnN6SzcvbWFoUWE5Mk01
+ejRIU25QUTNXZWtERXJxSEpXMnV6MjJHVlVJTHcKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IEp3dEgwQkloS2c4dTBDZHdENGZvd3JwSG44aHUzdVkzMjg2SWo4SEFrRUEK
+Tm1OakVtbDRLMDh6cCt4YmdxK25uaGV4UmhsWGI3MG9DOFo3bGdJNmx4WQotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgdWtKQVN6R2o3OXVXQTB3WWYxSWg1bmgxbnk3M1Ux
+U001RGZqb2tYNjR4Zwp0MFFwVDBta2NXRmNpWlJKZSt2SXA1YVhiR1dHSWlaWFpn
+TVIxck5pMjNnCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBWZGgyY0F1NjhQME5XNzdS
+N0hwSmxZRnFkZmh4S0syMUdXaXhpYURMVGg0CkZpb3RvSExUNWJmVWtzL3krdzhB
+U1RGVFM3SzlFengrTGFJUnBqYllTUlUKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEtL
+ZlAvM2xUTkQvTFExdmpIRWp0dDBrNjNnSitQaGFtSlVhQ0daVVJ0azgKamdJSzR0
+WWxHOVVZYytkS29IbG1YY0hvdkZmTnhodXEyN3VPK0djcE1CSQotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgYmJwcHFpWmo5aXhBRjNlQnpCWUxlbStOMVA4WklqOVFpdW5X
+QnNmOWl6SQpUS3l4WEsxaVo3ZjgzZmpQR0RuZ0ZoMVRzTmErZDB3L3ZESUdXS2s0
+QWwwCi0+IHNzaC1lZDI1NTE5IHVsMGt4USA1ZmZiWnNTRUtwV2p5NGU2V1UwR1hG
+OVdZTXAxc0dya0hXYVhjbVBzT1MwCmRzOGxzUGs4UkNSY3l5cTVZajdQV0liRjFF
+UTZZaGtsdStqQ0RDdkhjOWMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGN4OGtraWJG
+ZmVsdlJOdGJEY1JQWm1BeUtyMzJFeUxtTG1HN1JFZVRoaEkKclBYNms5ZDZFMzFw
+ekxVdlVzd29JOERwY1NyV3RnN0xyZVFJTXdPZU5uRQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgWXVLNE1UZGFXS2lsSXMxN2o4aXdaR2ZMY0kvTDUxN0NDSHRyandvUWFG
+YwpwdnNwL01QR0VxTE9aOHkxV1VqTG56MFdxMDNEYkZFRW1VaVdnWGlRSjRBCi0+
+IHc1dVV8Mn0tZ3JlYXNlIEpuNmsgclU5TQpRNVRsbmIxaU5CeVlWaDhiYnlkRzQ1
+Y2lIR0l4eUFTNFFQdk5JekVFQ2N3Q0JJK2grK2IwN0M2Sy9LbUJKNHEzCmxyTHlU
+VGZVbU1Edmx3QXFuR2s4VXBWcDdnazFVMVM3b0lKUmR6WQotLS0gR1k3QUFEN3JU
+Z3M5RFNoeW5tRVU5U1Q3ODNKRzR0OUVHc3Z4OEN5OHNRawrkiowgC6QAagO6PpAG
+1ZTfpxGEOWCMhBTN1v2TIiIGdGrTARto03jq1MocduDJQCcpZx8uGY9o0EA=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5c3c3ac..14ece9d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -43,4 +43,6 @@ in {
   "hamish.age".publicKeys = ops ++ systems;
   "logan.age".publicKeys = ops ++ systems;
   "xander.age".publicKeys = ops ++ systems;
+  "nextcloud-dbpass.age".publicKeys = ops ++ systems;
+  "nextcloud-adminpass.age".publicKeys = ops ++ systems;
 }