From 5c83ffc2523a74a12b6352f3f960775758fd3f71 Mon Sep 17 00:00:00 2001
From: Stefan Ellmauthaler <stefan.ellmauthaler@tu-dresden.de>
Date: Fri, 10 Jun 2022 16:59:02 +0200
Subject: [PATCH] Add nextcloud server file, add server secrets

---
 .sops.yaml                   |  6 ++++
 modules/secrets.nix          |  1 +
 modules/server/nextcloud.nix | 25 +++++++++++++++--
 secrets/server.yaml          | 53 ++++++++++++++++++++++++++++++++++++
 4 files changed, 83 insertions(+), 2 deletions(-)
 create mode 100644 secrets/server.yaml

diff --git a/.sops.yaml b/.sops.yaml
index fe724a7..8e3fdbd 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,3 +9,9 @@ creation_rules:
           - *stefan_ellmauthaler
           - *stel-xps
           - *nucturne
+  - path_regec: secrets/server\.yaml
+    key_groups:
+      - pgp:
+          - *stefan_ellmauthaler
+          - *nucturne
+          
diff --git a/modules/secrets.nix b/modules/secrets.nix
index d8b12f2..bd6163f 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -13,6 +13,7 @@ with lib; {
           ../secrets/keys/users
           ../secrets/keys/hosts
         ];
+        secrets.example_key.format = "yaml";
       };
     };
 }
diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix
index 52c14b8..feb8e0e 100644
--- a/modules/server/nextcloud.nix
+++ b/modules/server/nextcloud.nix
@@ -1,3 +1,24 @@
-{ ... }:
-{
+{ config, pkgs, lib, ... }:
+with lib;{
+  config =
+    let
+      cfg = config.elss.server.nextcloud;
+    in
+      mkIf cfg.enable {
+        elss.server.sql.enable = mkDefault;
+        services.nextcloud = {
+          enable = true;
+          hostName = "cloudstore.ellmauthaler.net";
+          https = true;
+          config = {
+            dbtype = "mysql";
+            dbuser = "cloudstore_user";
+            dbpassFile = "/run/secrets/cloudstore_user";
+            adminuser = "storemin";
+            adminpassFile = "/run/secrets/storemin";
+          };
+        };
+
+        
+      };
 }
diff --git a/secrets/server.yaml b/secrets/server.yaml
new file mode 100644
index 0000000..400afd4
--- /dev/null
+++ b/secrets/server.yaml
@@ -0,0 +1,53 @@
+storemin: ENC[AES256_GCM,data:oCFpGrb+fLkVuHPgUkVi5MFbnCJiJyT4Vac6keNU,iv:5HS/xlS+sHCyRcn8ImpzbRmwpjZicq1U5C3fiuKoclY=,tag:6wbXHzDt9MApTzyIyss+qQ==,type:str]
+cloudstore_user: ENC[AES256_GCM,data:Ist58mJGxnvQA8xQ9s4SBC+3cGnQKqAm/g7nbmv5,iv:2DG0iR6trxoDmc2dxAVo0DAauzAaQc4MLmifii4MuXQ=,tag:jkpcZtX7gwr6fG0qd1+Y9w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-06-10T14:46:40Z"
+    mac: ENC[AES256_GCM,data:8mWlqOJnnipK6MOsaXtI++XGWOLnvgykfuBOqu4KZWRZPMnNjVe6a76RKARt8IcvUNwktb7oazVPBTWrMelJoXPIMLqBq2h9pbh5eZ1BsvSB/m4Y4MAongz2FItw3xVKUi8v58unoqKrtQwRiuURKXVv7AV/dQ03laOuc3c9YeU=,iv:a5H93RHqEL9cCRpqkp9XaNahEYgHvzIh9dCpPMSQoh0=,tag:yY2TodoAsn3GrU7Zc0pDLA==,type:str]
+    pgp:
+        - created_at: "2022-06-10T14:41:46Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzhsLR+kpSPjAQ/7BMI5ycEDKMg4Qeiy8vKZd6pkiiMTZkATCbINqtWsHxKY
+            PG1u1QL38kXEmQ85oEzc8cYLRtawuhkW3gWaiIdw5zbba+n5z3by8GA2hc4Rk+t8
+            a7DEtYwHIC8wKjYtH66oKgG6NYXUKaIHUhDX7TSDxiC+EMtu8NcgXCgzW1wtAJgA
+            CbEFJHVH/ReLNY2nCcG7S1juRQFDEL3zkSAhqL+M+uOug8Uo2+t2PA0C57zr38fK
+            BtYbgF0xYR1YoVfGnu0DznGg32gM8htpNSQhv/P8+NufgrPUK+HzNu0be/tK5G3D
+            u/ecROr7sgQEmhhKxu+0IySmts74NUCf2O77Qw0tQTulZTZQkta4JOE2w8B0/kvJ
+            d6FOjG/8DmjhWH6mkVQxvBAmUZwNiQKkK8byU1DRhAZJXPD8quWpCpluy844dI5E
+            maPPnu0TYOofdmKrlmd75wE1HItg5o/ddHUMWM4ZDpjG+4Do3r2FPMxZWIjtUHSV
+            7FONQyKmHhhc0Zeyp5fYDJ/2DZXPeLyN+ljXWelH1au4Xy9dCBRVwMaHQTUgtvUe
+            vnNYmadz/sK869l/nlUvA9l/CxOgrMu4eDne0Fko/I/ng3Ur5gAXncI7pJzL/ysx
+            ceMpDVUT9BWqNwEFesy6B/VbUi2kBQsOQ9lDIcniKgn2pX3b26dZux92IaTXiyDS
+            XgG67dqv3yK+qyOD2h7nqudCwFDbYUO96P2u2oRlvXEKFT5h03Ox35UTPy5Q8+Dj
+            hSrUYmMiAbKMuSg7JgF6mk2BDkAFUhO1cyGwgKFiJMsYEi9mEOgFJDtI3R6dllQ=
+            =3O8N
+            -----END PGP MESSAGE-----
+          fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA
+        - created_at: "2022-06-10T14:41:46Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA8COMi97/ZKxAQ/5AZOF962SIoWwdSY3xNXam/eNocldbf7vPW9MTLdb9KJQ
+            hmMb557+BR1df5sMB0306/LG4DKan4L66D9Y0omVKJ2f6RyR1NmwO1QaEpGCFMgo
+            D4EgYiznlOD5VdH+f+McEaW8GWYX84Br6owYqoh7Ay+i2wgpGzOscs6cwbbq4Z0d
+            widJ69jz9J5ofeRRAT9hyNnhVGx6o93H0pbCl1ge0jpIbIcNHbWVCXxSV+rINRKS
+            JRFTqYw5g99qHfSZ4NERk1HJORc7whVUkYHj60wSpPgSBUAHaZAwFI9mLXxRjQJu
+            VFrnvslZBCpP/OXssJDdXkwD2ccC2NxnZBAOrBtVHdkjK1xuZ26uZRuetl9vA+gV
+            7FEUzRt2uKi0dehx2JvkJplGNPyWJdyWIKW4mDF7g+vf+q374nDHpMf3u5HNHbB2
+            jMBtgcIG9UABt1CSS9/inJ11P57CowRjNtHzHNYGPehd0QVwsNvIwNG7Xox6WJhu
+            h64ZFzoGW4yCYp+YBITyYHeVat6GTZz2Val0zBz1VVd0Y3EfDyy5V+54/WsiTpOX
+            2hO3C+kBF0PYIhd0RR1hYa4y6piypw5Z2u1O4i7fRT+8WwXvfS/qRIKmQkmsxh65
+            +dyd6bLfU30OpD403y4IZ67SNMKw8BUeNAYIdLX5hH0gRAbYXp043n/nqvSGMPzS
+            WAGwRTz0j4VWFP2X3+B47tBP/PIdsPGCahpKtk/zbufUy2ctDpWvv2mMWeSOEBGl
+            VIUxbBMWcZG01TrhAf6ZJdGX9E8g5EZd3OF/fetnoHVRwotGlgQ0/YE=
+            =Zx0K
+            -----END PGP MESSAGE-----
+          fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3