From 5f06ae8950901252f21ebd89d7b90548333a35e1 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 25 May 2024 23:15:59 +0200 Subject: [PATCH] nextcloud server encryption pt 1 --- modules/nextcloud.nix | 7 +++++++ secrets/nextcloud_server_key.age | 15 +++++++++++++++ secrets/secrets.nix | 1 + 3 files changed, 23 insertions(+) create mode 100644 secrets/nextcloud_server_key.age diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 5e54385..6be4866 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -21,6 +21,12 @@ in group = "nextcloud"; mode = "0600"; }; + nextcloud_server_key = { + file = ../secrets/nextcloud_server_key.age; + owner = "nextcloud"; + group = "nextcloud"; + mode = "0600"; + }; }; services.redis.servers.nextcloud = { @@ -58,6 +64,7 @@ in overwriteProtocol = "https"; defaultPhoneRegion = "DE"; filelocking.enabled = true; + sseCKeyFile = config.age.secrets.nextcloud_server_key; redis = { host = "localhost"; port = config.services.redis.servers.nextcloud.port; diff --git a/secrets/nextcloud_server_key.age b/secrets/nextcloud_server_key.age new file mode 100644 index 0000000..ba49a95 --- /dev/null +++ b/secrets/nextcloud_server_key.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa jWbwAg +EW2OpestxkkZYF5WNCujr37myuVlAkOboU7d5kW9z+3DAGoAVoLTYH4tPAD7sAtA +5ktZggY0NtugFIiACDAp2wwJrDoOHNCVv1HMOBQ46GbT40l7SXRiww24DCtEucd4 +q7tnZ14UNq1FrEJ3ejnIdS9plm3Q29Ij9cD30K8/+1JrS+6vIHPPVw2d6wN8gzWO +5nMynIViB2bQLHza+jjojGd5UQodTF6qrdcWE7dGmKLmprtHs2ZvXAXql7jhmgqt +z9wesRdkm+TGts3yGX4Eufo01Edb6SYcgUG+Zql4ULwTGL7mFIObUU+trxsxMSGG +CZdtnJh45maef2SW/Twv1XSJ2ZG/ms78JMWFPw/Z9fR/YShxpAHgQN43KFGrfzTO +BkFWW/ic8Vbob2jslVGB4ux0LI/hkEKsn5Df2dUX2Va80HsWx4cxsQ90E6SkrkHI +24aOvEA75I8eaEv70fw7xeoot6dt1RW+eV7jriG9WM6A7Y51kq8Cs7jIdRRJ3Mne +qrCalraWoKG0NM6s4Kxw9lnoLj87CVlv10MbTh67TkwPsHmTP+8Mp+W5JSKpQldT +LAooalxpRgHKzDn62oszkBHHE6smevVNqm/hHh2Cwwptw0DKsP95j3SBmS+tWLpH +t06cfrptVrBgeXonNjZZk00eOpyU2XwZuHXqa5NOC9w +--- QYkh6m2OgUThH/JoP97GqCbqwcn4DUNh6lJkkImPGKs +Ù¹o÷~‹…ñº´[¦/©©H‹¦f½ÎåßdÏÎnD†B:o"ÑhXÇpðSTÓy³'Ü¥Ìê+»ëqÿäÄ<®5@溜ßË[s \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d25ba25..b97d1fb 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,6 +14,7 @@ in # "duckdns_token.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ]; "openldap_admin.age".publicKeys = [ contabo_nix_pub ]; + "nextcloud_server_key.age".publicKeys = [ contabo_nix_pub ]; "keycloak_db_pass.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ];