A sops test in practice, not tested yet

2023-11-20 15:36:39 +01:00 · 2023-11-20 15:36:39 +01:00 · e0ea1c9f06
commit e0ea1c9f06
parent 0896f3fb01
3 changed files with 27 additions and 2 deletions
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@ -122,6 +122,7 @@
      extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
      shell = pkgs.zsh;
    };
+    nextcloud.extraGroups = [config.sops.secrets.queen-Lillian."nextcloudadmin" config.sops.secrets.queen-Lillian."nextclouddb"];
  };

  # Enable completion of system packages by zsh
--- a/nixos/queen/nextcloud.nix
+++ b/nixos/queen/nextcloud.nix
@ -42,6 +42,8 @@
    # Set what time makes sense for you
    autoUpdateApps.startAt = "05:00:00";

+    configureRedis = true;
+
    config = {
      # Further forces Nextcloud to use HTTPS
      overwriteProtocol = "https";
@ -51,10 +53,10 @@
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
-      dbpassFile = "/var/nextcloud-db-pass";
+      dbpassFile = config.sops.secrets.queen-Lillian."nextclouddb".path;

      #TODO: work with sops to set this instead of a file & make sure the db setup is the same as on the previous server for easy migration
-      adminpassFile = "/var/nextcloud-admin-pass";
+      adminpassFile = config.sops.secrets.queen-Lillian."nextcloudadmin".path;
      adminuser = "admin";
    };
  };