From c2aa9993eca54af23264c1a7af8d64f98741a16c Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Sun, 10 Sep 2023 15:29:51 +0200
Subject: [PATCH] Update nextcloud service and configure for sops.

---
 services/nextcloud.nix | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 9c683bc..8c08cd0 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, fn, ... }:
 
 with lib;
 
@@ -14,15 +14,15 @@ mkIf (elem "nextcloud" config.machine.services) {
       hostName = domain;
       https = true;
       maxUploadSize = "1024M";
-      package = pkgs.nextcloud25;
+      package = pkgs.nextcloud27;
       config = {
         adminuser = mkDefault (elemAt cfg.administrators 0).name;
-        adminpassFile = "${cfg.secretPath}/nextcloud_admin";
+        adminpassFile = config.sops.secrets."services/nextcloud/adminPass".path;
         dbtype = "mysql";
         dbhost = "localhost";
         dbport = "3306";
         dbuser = "nextcloud";
-        dbpassFile = "${cfg.secretPath}/nextcloud_db";
+        dbpassFile = config.sops.secrets."services/nextcloud/dbPass".path;
         dbname = "nextcloud";
         dbtableprefix = "oc_";
         extraTrustedDomains = cfg.extraDomains;
@@ -49,17 +49,9 @@ mkIf (elem "nextcloud" config.machine.services) {
         no-multicast-peers
       '';
     };
-
-    mysql = let
-      cfg = config.services.nextcloud.config;
-    in {
-      ensureDatabases = [ cfg.dbname ];
-      ensureUsers = [{
-        name = cfg.dbuser;
-        ensurePermissions = {
-          "${cfg.dbname}.*" = "ALL PRIVILEGES";
-        };
-      }];
-    };
   };
+  sops.secrets = (fn.sopsHelper
+    (name: "services/nextcloud/${name}")
+    [ "adminPass" "dbPass" ]
+    { owner = "nextcloud"; group = "nextcloud"; });
 }