server: add secrets to nextcloud and postgresql

2022-12-27 09:25:23 +01:00
parent 92a56bff1c
commit 211e8cbca2
6 changed files with 66 additions and 8 deletions
--- a/modules/services/server/nextcloud.nix
+++ b/modules/services/server/nextcloud.nix
@@ -12,10 +12,20 @@
            dbname = "nextclouddb";
            dbport = 
            adminuser = "kabbone"; 
-            #adminpassFile = "secret123";
+            adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
+            dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
        };
    };

+    age.secrets."services/nextcloud/dbpassFile" = {
+        file = ../../../secrets/services/nextcloud/dbpassFile.age;
+        owner = "nextcloud";
+    };
+    age.secrets."services/nextcloud/adminpassFile" = {
+        file = ../../../secrets/services/nextcloud/adminpassFile.age;
+        owner = "nextcloud";
+    };
+
    systemd.services."nextcloud-setup" = {
        requires = ["postgresql.service"];
        after = ["postgresql.service"];
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@@ -21,18 +21,16 @@
        timezone = "Europe/Berlin";
    };
    authentication = pkgs.lib.mkOverride 14 ''
-        local all        postgres                  peer
+        #local all        postgres                  peer
        host  giteadb     gitea           samehost scram-sha-256
        host  nextclouddb nextcloud       samehost scram-sha-256
-        host  synapsedb   synapse_user    samehost scram-sha-256
+        host  synapsedb   synapse         samehost scram-sha-256
        host  whatsappdb  mautrixwa       samehost scram-sha-256
        host  telegramdb  mautrixtele     samehost scram-sha-256
        host  signaldb    mautrixsignal   samehost scram-sha-256
-        #host  facebookdb  mautrixfacebook samehost scram-sha-256
-        #host  xmppdb      ejabberd        samehost scram-sha-256
-        #host  prosodydb   prosody         samehost scram-sha-256
        host  keycloakdb  keycloak        samehost scram-sha-256
    '';
+    initialScript = config.age.secrets."services/postgresql/initScript".path;
    ensureDatabases = [
        "giteadb"
        "nextclouddb"
@@ -90,4 +88,9 @@

  services.postgresqlBackup.enable = true;

+  age.secrets."services/postgresql/initScript" = {
+      file = ../../../secrets/services/postgresql/initScript.age;
+      owner = "postgres";
+  };
+
 }