From 5f06ae8950901252f21ebd89d7b90548333a35e1 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 25 May 2024 23:15:59 +0200 Subject: [PATCH 1/2] nextcloud server encryption pt 1 --- modules/nextcloud.nix | 7 +++++++ secrets/nextcloud_server_key.age | 15 +++++++++++++++ secrets/secrets.nix | 1 + 3 files changed, 23 insertions(+) create mode 100644 secrets/nextcloud_server_key.age diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 5e54385..6be4866 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -21,6 +21,12 @@ in group = "nextcloud"; mode = "0600"; }; + nextcloud_server_key = { + file = ../secrets/nextcloud_server_key.age; + owner = "nextcloud"; + group = "nextcloud"; + mode = "0600"; + }; }; services.redis.servers.nextcloud = { @@ -58,6 +64,7 @@ in overwriteProtocol = "https"; defaultPhoneRegion = "DE"; filelocking.enabled = true; + sseCKeyFile = config.age.secrets.nextcloud_server_key; redis = { host = "localhost"; port = config.services.redis.servers.nextcloud.port; diff --git a/secrets/nextcloud_server_key.age b/secrets/nextcloud_server_key.age new file mode 100644 index 0000000..ba49a95 --- /dev/null +++ b/secrets/nextcloud_server_key.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa jWbwAg +EW2OpestxkkZYF5WNCujr37myuVlAkOboU7d5kW9z+3DAGoAVoLTYH4tPAD7sAtA +5ktZggY0NtugFIiACDAp2wwJrDoOHNCVv1HMOBQ46GbT40l7SXRiww24DCtEucd4 +q7tnZ14UNq1FrEJ3ejnIdS9plm3Q29Ij9cD30K8/+1JrS+6vIHPPVw2d6wN8gzWO +5nMynIViB2bQLHza+jjojGd5UQodTF6qrdcWE7dGmKLmprtHs2ZvXAXql7jhmgqt +z9wesRdkm+TGts3yGX4Eufo01Edb6SYcgUG+Zql4ULwTGL7mFIObUU+trxsxMSGG +CZdtnJh45maef2SW/Twv1XSJ2ZG/ms78JMWFPw/Z9fR/YShxpAHgQN43KFGrfzTO +BkFWW/ic8Vbob2jslVGB4ux0LI/hkEKsn5Df2dUX2Va80HsWx4cxsQ90E6SkrkHI +24aOvEA75I8eaEv70fw7xeoot6dt1RW+eV7jriG9WM6A7Y51kq8Cs7jIdRRJ3Mne +qrCalraWoKG0NM6s4Kxw9lnoLj87CVlv10MbTh67TkwPsHmTP+8Mp+W5JSKpQldT +LAooalxpRgHKzDn62oszkBHHE6smevVNqm/hHh2Cwwptw0DKsP95j3SBmS+tWLpH +t06cfrptVrBgeXonNjZZk00eOpyU2XwZuHXqa5NOC9w +--- QYkh6m2OgUThH/JoP97GqCbqwcn4DUNh6lJkkImPGKs +Ù¹o÷~‹…ñº´[¦/©©H‹¦f½ÎåßdÏÎnD†B:o"ÑhXÇpðSTÓy³'Ü¥Ìê+»ëqÿäÄ<®5@溜ßË[s \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d25ba25..b97d1fb 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,6 +14,7 @@ in # "duckdns_token.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ]; "openldap_admin.age".publicKeys = [ contabo_nix_pub ]; + "nextcloud_server_key.age".publicKeys = [ contabo_nix_pub ]; "keycloak_db_pass.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ]; From ba837aaa1723bba1cecc8c4061c255d2fbf39bfa Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 25 May 2024 23:18:29 +0200 Subject: [PATCH 2/2] niv update --- nix/sources.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index e5b5235..1419a53 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -29,10 +29,10 @@ "homepage": "https://nyx.chaotic.cx", "owner": "chaotic-cx", "repo": "nyx", - "rev": "f3685d816317958caf2bce128f80d02fee65b163", - "sha256": "1nklhkwfsyxilyzls6rw2cw9sdhlni5jnq4llj1m2w2ggw83d0wv", + "rev": "fef678d1e1dbefdfbbf72eb6ef28b534af0bc403", + "sha256": "0sic6ick1pc7xicyyjwfbcgc0lynd1kc2plffxa9iskcl6czpw61", "type": "tarball", - "url": "https://github.com/chaotic-cx/nyx/archive/f3685d816317958caf2bce128f80d02fee65b163.tar.gz", + "url": "https://github.com/chaotic-cx/nyx/archive/fef678d1e1dbefdfbbf72eb6ef28b534af0bc403.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "glibc-eac": { @@ -56,7 +56,7 @@ "lix-pkg": { "branch": "main", "repo": "https://git.lix.systems/lix-project/lix.git", - "rev": "2b397c66297bab65c2b5719367a414f9a2efb7e7", + "rev": "dd53bce476805b41f2e9858e64e38574a88db77f", "type": "git" }, "nixos-mailserver": { @@ -83,10 +83,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", - "sha256": "1rai87jwpfly0bpkhiaq56n3rvzhb15h72n61s42q1mpnw3vf4zh", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "sha256": "0zyny8h62hqfix4mrk6nf3qdvmhs49v9pkrnq80q28ji4j2qhd73", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5710852ba686cc1fd0d3b8e22b3117d43ba374c2.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/bfb7a882678e518398ce9a31a881538679f6f092.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } }