From 0614be7afb5f4265b27c10e54a41a50d2c63f9aa Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 7 Aug 2022 23:38:46 +0200
Subject: [PATCH] VEGAS/nextcloud: rekey secrets and move to Patroni database

---
 hosts/VEGAS/services/nextcloud/default.nix |  10 ++++++----
 secrets/nextcloud-adminpass.age            | Bin 630 -> 731 bytes
 secrets/nextcloud-dbpass.age               | Bin 478 -> 839 bytes
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hosts/VEGAS/services/nextcloud/default.nix b/hosts/VEGAS/services/nextcloud/default.nix
index 013fbfe..1d0f5a7 100644
--- a/hosts/VEGAS/services/nextcloud/default.nix
+++ b/hosts/VEGAS/services/nextcloud/default.nix
@@ -1,6 +1,8 @@
-{ config, lib, pkgs, tools, ... }:
+{ cluster, config, lib, pkgs, tools, ... }:
 let
   cfg = config.services.nextcloud.config;
+
+  patroni = cluster.config.links.patroni-pg-access;
 in
 {
   age.secrets = {
@@ -35,16 +37,16 @@ in
     };
 
     config = {
-      dbhost = "/run/postgresql";
+      dbhost = patroni.tuple;
       dbtype = "pgsql";
       dbname = "storage";
       dbuser = "storage";
-      dbpassFile = config.age.secrets.nextcloud-adminpass.path;
+      dbpassFile = config.age.secrets.nextcloud-dbpass.path;
 
       overwriteProtocol = "https";
 
       adminuser = "sa";
-      adminpassFile = config.age.secrets.nextcloud-dbpass.path;
+      adminpassFile = config.age.secrets.nextcloud-adminpass.path;
     };
   };
   services.postgresql.authentication = "local ${cfg.dbname} ${cfg.dbuser} md5";
diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age
index c9a80c6a21c577161d3a25e9a3674a62e3ebcdbf..4f7e98371789fb5c744bb47a12184fdb42064d3f 100644
GIT binary patch
delta 679
zcmV;Y0$Ba_1lt9WEProgK{sehH%xACbZ1j^W>QT>L`HULb7NCzaWZ)|aC%l`S5`)7
zO=UtdZwfSIL@zW|QF>2Pc5pCfS41msX-#TPHg0-3HbrJpdNfH(M|Dm~cWHJ-RSGRW
zAaiqQEoEdfH8n9gAT=*~R4{iSW=LT}H)>-+Yjj#Mb}MXWK}JV8X+dj8D{(VfR5eUB
zMM^nZF?o15c`IsF3Nd9hY<4j>a6@KPGILmZMs{aeOK)RnYHu|*Wo2SAVL4J~S9D2i
zbTxG_k?|LQOm%lRN>x~BWmjlcNOp8<MqyVlcXUH^FHA2{W=%3$cv3<^LTFhlLNiqg
zT0wC*ZbMN)YfpM^SVvJSGE#Loae7*FLvl!HR7_zvZaGFYM0!hFPjpENEj}Pfc|j{J
zXL4m>b7cx^FiI~<NNQ_HGi7cyG&pE@FIs7Ec|vi2PC*JSEiE89XmLhxYc*qGSXXvU
zGHYpCaAjj@O;>qqVMI4|X<1=*G)qZHWil^SG%yM@o!;kd2)U>k7@;&C=6Bf&*+LxH
zZ2tr!vTUizzHEr<82yVO-2w^;=LK0BK4uRIa#5zl*?1T^liC?6T|OV}juezVSyQK|
zFtU4pMu2(7=Qd$+M-q)W4AK(bA*en@BUs-JFLlkMpN`*Y5Hb==o{-333>F4r5g|_K
z+o*|3S$s6B@4@K-KSL^a98nk#2RK-qGjaO9NW6|?C3d^265rfo?6;({yo`kByT1#4
z;yu9Jh>?Ro`7q9PuFmWtr1suU(0p(h<?D@B5>>Q`Ba6Sml%6VJPA(5(Wr5zGs6otP
z;u4*}-}HggO_#n+7E9x1{e2ws<nVLrC&xaG3y$p%oy9_Ue;;nRFW;(Y1$<&5M54ob
N(~YAGYFXDj-=q2;37r4{

delta 577
zcmWm9O>5I&003YSMTj7>i`SyUCS6F<CQIIf!qO&b(k5-1Y$owy(=}O=wfRnyco^tG
zHx#A^58`!RWG8P5f_PI9Mf9@Egn@b)8^{nmC_ew-**$%HYHNNSBz=J_jIiua(i-Wa
zNTf=PV1gxix~hnvJ81$w2Gwl5#z1|7ZTUmfj@Ass>GMp{o`^C%j`_T;N<?dbS9P5*
zq}&L72)<T{<5hUHQX>cqR0yP0(P>5Xt!~OTFckIF8Wsl%D~#(!GGa1cW}6`^yMuB8
zcRLhdaLClWL}3CPQ71sQ3c^{@EH22ZRShGOI>l19EA>b|AFAHNqYLY)fKahy*d|E5
zf(+UM*A?2B;Snhz5yV<qEa+)%sbARM6snpHuFo}?R3b~h)1e*PVgNDdsbZqxktSk;
z#pZx?DZIr0Pi|avVLKWP;!))$#4t_YHXEZ(Ov_q3Fh(R2N};x{WEL9q%!PVn*?MCc
z=(*m?ovJ;h#jeu}nM_cIs+`j$#AP@};!V(2f)zWKWY^=Rj_S&KR~hErluu}VX;Bj)
z7=|muK|P7HyyhaUWb8A53e{=B)FjGEYf-Ne_nHOm8=Qm&oDG%Oaem^X{B8Hg-ML@v
z&cQkK)7LZm)&u|Z%kTL0zv>2Z>6x)N^M2;?Jy2|Kf{o$Ml_$5~+}WlcJ15!u)}Pt4
uGy5OBSI)cHt;6u=`J)4CZ}+Wu?J$jAz*oP_N6W?2N57wM-a2@l&;0{?Xwa_!

diff --git a/secrets/nextcloud-dbpass.age b/secrets/nextcloud-dbpass.age
index ec5dd017a789ab3ad2088ea39d7a8cffeb154b78..4888934ce0bccfa0e75e38c9ca9a25810dc21095 100644
GIT binary patch
delta 788
zcmV+v1MB?W1IGrCEPrWob$Bs)F<EkSXH`jQP+~=NbyrS#P*P7+RWdPdP-bXkZAVH*
zHgtA*Sqfn?cXdK=X<1cwIayUhSTj(1a5YIra7uAZH*-W$S6NPJb5(14Id*byNeV4K
zAaiqQEoEdfH8n9gAT=*~R4{iSOl&fBc}`4jL0L;ULQ!LDMMifpS!6PHFG)8`N@i<M
zS7l6TNJDK}V=-$m3Q%HMFLGB<QfFj(P;*B~G%Hp{bVf9GGfsJANi=bCQDtyJYh!sr
zY*#~3k?|LQK}%0aMr2q;cX>EQWk+LGHElCgdT~=~T5M-HSy6RQRZ(eUW@$lbI7Cef
zcylphbaX;9dNXoxPf}KPb2u<)bT)EOIbw29d2~==a(YTdN?JihY*#o6Ej}QAL2qkg
zEoX9NVRL05RX9~iMm~NZXd-M1Ff>>=Z)a;&Z%TQ8cxOslX=GweH*siVdN+D(PIh%g
zYd38~ab-4aR4`X7K{-lcOJy)@b}M*yWoB<qPisPDO$t&sOlxFqMrcVfacnR$N^n^=
zbyqJ>IZaVzMrcE6adTr@R91InMrlEAR%BRAH!@OqF=9z?XJ`s7EiE8MD?@WbH%L`b
zFHSgrcVjnMX=y}KVq#8dXKF$;SyMP#K}AV0Zh1~IOgBLaIq29iODIEuY7>E$zIB&t
zN|sLPQ(p`Q())=5BigdQ+5t|$8VZoZ+%}sB{3xMJoqV%4n}-hR`;Sq-x6ezLycPP!
zt^hTWdcFz*=0p|dm@P&|wud~lpvkGJ`?9}(jTu}Qw?tc^&Cry7)zYP!B}O_5Fe&${
z%lNhBl&|9NOR6TwkyabSB}h_F6G&~`H2dJ-;Yw%AF(>86r4PX5vGO4J_Ph#jwg(u|
z0=j8{flK?M{*b*5@7*FaVEa<3q0$;#TA%^rz0}Y&Ov0OWg>SY(FGN}l4Fn>>m@NTA
zBn6*)X^|cTuQ78jBwR>jk=0?nF7io%NgP#4jFTJNkuvR4dipWhJ)BM8%9he(KX;F9
Sa6_3UK40q7Pu`+UoK?jA3N#P^

delta 424
zcmWm9JCBn9007`b;|=6S6K^s&r~?w9ya!D{9;Lv+l~Nvw1Lge^S}3I~w>dazqSMVr
z2N(Z=CK?x4SN#PJ4sH&{?;m_$Pkvl~@!)cRTtU{&DHh458YEYp=!hn!DJhvYAR(<v
zTK|a9axhDQkVDyJ$RyZQh0NAaQYEMu9$y$;SLi<P&y~Y2?Db9A902$c*mW5kM>CSd
zSdc`f6?y<iCV*T`kezaDy*)jTq;wK|PS7ao$aDBoQAVRStNDz<JYd)?j9o;bMOkPe
zVsD+HvUnN~`hi$iac;0?eylGReJ^$|f8V;){cT0rWwutM%s>+Mu_dJhzE}0JsZHE&
zM1rYJI}($l2Xq9c%H~8jqU4YDdBVw0eThJWmTg>9Y$-lZEit>uxPAD4vWi_FPIqz8
z#o%3#^qx3Cm_q_)NCz9IRt13qumi(jZmk_C;p=?wYOzA8i%q4T&tp0^CA8?&O#sPO
zwrqMm@PKQ-kgIQhk!NpD+xs6s-2SAsuRjm>Zv46V<?QtN_w4G<JL%2Ohwoqg1K%N!
AKL7v#