From ad65ad500e19f4ad3d87f5d767ca047a9a1cd495 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 11 Aug 2024 01:29:19 +0200
Subject: [PATCH] cluster/services/storage: define snakeoil passphrase for
 heresy, ensure encryption

---
 cluster/services/storage/default.nix                      | 2 ++
 cluster/services/storage/heresy.nix                       | 1 +
 .../storage/simulacrum/snakeoil-heresy-passphrase.nix     | 8 ++++++++
 3 files changed, 11 insertions(+)
 create mode 100644 cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix

diff --git a/cluster/services/storage/default.nix b/cluster/services/storage/default.nix
index a4c5b72..bc5de89 100644
--- a/cluster/services/storage/default.nix
+++ b/cluster/services/storage/default.nix
@@ -32,6 +32,8 @@ in
       heresy = [
         ./heresy.nix
         ./s3ql-upgrades.nix
+      ] ++ lib.optionals config.simulacrum [
+        ./simulacrum/snakeoil-heresy-passphrase.nix
       ];
       garage = [
         ./garage.nix
diff --git a/cluster/services/storage/heresy.nix b/cluster/services/storage/heresy.nix
index ace3343..ed428d7 100644
--- a/cluster/services/storage/heresy.nix
+++ b/cluster/services/storage/heresy.nix
@@ -11,6 +11,7 @@
       unitDescription = "Heresy Filesystem";
       authFile = ./secrets/heresy-encryption-key.age;
       underlay = "heresy";
+      encrypt = true;
     };
   };
 }
diff --git a/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix b/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix
new file mode 100644
index 0000000..bcfb410
--- /dev/null
+++ b/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix
@@ -0,0 +1,8 @@
+{
+  environment.etc."dummy-secrets/storageAuth-heresy".text = ''
+    [local]
+    storage-url: local://
+    fs-passphrase: simulacrum
+  '';
+}
+