From c2aa9993eca54af23264c1a7af8d64f98741a16c Mon Sep 17 00:00:00 2001 From: derped Date: Sun, 10 Sep 2023 15:29:51 +0200 Subject: [PATCH] Update nextcloud service and configure for sops. --- services/nextcloud.nix | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 9c683bc..8c08cd0 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, fn, ... }: with lib; @@ -14,15 +14,15 @@ mkIf (elem "nextcloud" config.machine.services) { hostName = domain; https = true; maxUploadSize = "1024M"; - package = pkgs.nextcloud25; + package = pkgs.nextcloud27; config = { adminuser = mkDefault (elemAt cfg.administrators 0).name; - adminpassFile = "${cfg.secretPath}/nextcloud_admin"; + adminpassFile = config.sops.secrets."services/nextcloud/adminPass".path; dbtype = "mysql"; dbhost = "localhost"; dbport = "3306"; dbuser = "nextcloud"; - dbpassFile = "${cfg.secretPath}/nextcloud_db"; + dbpassFile = config.sops.secrets."services/nextcloud/dbPass".path; dbname = "nextcloud"; dbtableprefix = "oc_"; extraTrustedDomains = cfg.extraDomains; @@ -49,17 +49,9 @@ mkIf (elem "nextcloud" config.machine.services) { no-multicast-peers ''; }; - - mysql = let - cfg = config.services.nextcloud.config; - in { - ensureDatabases = [ cfg.dbname ]; - ensureUsers = [{ - name = cfg.dbuser; - ensurePermissions = { - "${cfg.dbname}.*" = "ALL PRIVILEGES"; - }; - }]; - }; }; + sops.secrets = (fn.sopsHelper + (name: "services/nextcloud/${name}") + [ "adminPass" "dbPass" ] + { owner = "nextcloud"; group = "nextcloud"; }); }