nextcloud server encryption pt 1

modules/nextcloud.nix

@@ -21,6 +21,12 @@ in
       group = "nextcloud";
       mode = "0600";
     };
+   nextcloud_server_key = {
+      file = ../secrets/nextcloud_server_key.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "0600";
+    };
   };
 
   services.redis.servers.nextcloud = {
@@ -58,6 +64,7 @@ in
       overwriteProtocol = "https";
       defaultPhoneRegion = "DE";
       filelocking.enabled = true;
+      sseCKeyFile = config.age.secrets.nextcloud_server_key;
       redis = {
         host = "localhost";
         port = config.services.redis.servers.nextcloud.port;

secrets/nextcloud_server_key.age

@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa jWbwAg
+EW2OpestxkkZYF5WNCujr37myuVlAkOboU7d5kW9z+3DAGoAVoLTYH4tPAD7sAtA
+5ktZggY0NtugFIiACDAp2wwJrDoOHNCVv1HMOBQ46GbT40l7SXRiww24DCtEucd4
+q7tnZ14UNq1FrEJ3ejnIdS9plm3Q29Ij9cD30K8/+1JrS+6vIHPPVw2d6wN8gzWO
+5nMynIViB2bQLHza+jjojGd5UQodTF6qrdcWE7dGmKLmprtHs2ZvXAXql7jhmgqt
+z9wesRdkm+TGts3yGX4Eufo01Edb6SYcgUG+Zql4ULwTGL7mFIObUU+trxsxMSGG
+CZdtnJh45maef2SW/Twv1XSJ2ZG/ms78JMWFPw/Z9fR/YShxpAHgQN43KFGrfzTO
+BkFWW/ic8Vbob2jslVGB4ux0LI/hkEKsn5Df2dUX2Va80HsWx4cxsQ90E6SkrkHI
+24aOvEA75I8eaEv70fw7xeoot6dt1RW+eV7jriG9WM6A7Y51kq8Cs7jIdRRJ3Mne
+qrCalraWoKG0NM6s4Kxw9lnoLj87CVlv10MbTh67TkwPsHmTP+8Mp+W5JSKpQldT
+LAooalxpRgHKzDn62oszkBHHE6smevVNqm/hHh2Cwwptw0DKsP95j3SBmS+tWLpH
+t06cfrptVrBgeXonNjZZk00eOpyU2XwZuHXqa5NOC9w
+--- QYkh6m2OgUThH/JoP97GqCbqwcn4DUNh6lJkkImPGKs
+Ù¹o÷~‹…ñº´[¦/©©H‹¦f½ÎåßdÏÎnD†B:o"ÑhXÇpðSTÓy³'Ü¥Ìê+»ëqÿäÄ<®5@溜ßË[s

secrets/secrets.nix

@@ -14,6 +14,7 @@ in
   # "duckdns_token.age".publicKeys = [ contabo_nix_pub ];
   "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ];
   "openldap_admin.age".publicKeys = [ contabo_nix_pub ];
+  "nextcloud_server_key.age".publicKeys = [ contabo_nix_pub ];
   "keycloak_db_pass.age".publicKeys = [ contabo_nix_pub ];
 
   "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ];