feat(etesync): migrate to server2

7 files changed, 33 insertions, 22 deletions

diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix
index 20b375b..7a6e5b2 100644
--- a/hosts/by-name/server1/configuration.nix
+++ b/hosts/by-name/server1/configuration.nix
@@ -13,7 +13,6 @@
       privatePassword = ./secrets/backuppass.age;
       user = "u384702-sub2";
     };
-    etesync.enable = true;
     nginx.enable = true;
     openssh.enable = true;
     postgresql.enable = true;
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index 7bdb4d0..de9fc4d 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -27,6 +27,10 @@
       privatePassword = ./secrets/backuppass.age;
       user = "u384702-sub3";
     };
+    etesync = {
+      enable = true;
+      secretFile = ./secrets/etesync/secret_file.age;
+    };
     fail2ban.enable = true;
     git-server = {
       enable = true;
diff --git a/hosts/by-name/server2/secrets/etesync/secret_file.age b/hosts/by-name/server2/secrets/etesync/secret_file.age
new file mode 100644
index 0000000..ac578a4
--- /dev/null
+++ b/hosts/by-name/server2/secrets/etesync/secret_file.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheEs5eGhURk1DY2RpczNV
+RUNzREpUdFZpdXBzMlhMbW8zT3BGUzJMT0ZBClBqRUhEdU9VY1FzYkxnN3NpY3Ew
+Wk1tRmVxaDJoL1dySDBKWndmOGNtaGsKLT4gWDI1NTE5IHJXWk5mYjFBczVyWnNN
+S1B5WWVnaGdhVXRXMGxuY3NrL3VyQXJteUkvUncKSENKVkQramxwU2E1S3dvN0du
+cUFzQktMdFVGdjRuaFNaUHBxV3ZaWThvawotPiBzc2gtZWQyNTUxOSBYUG94RFEg
+Z2t3TVN6R1p5UDNHNS9LbklKKyszcUI3bHNTZjBOeGQ3ektNeGt6ekpWZwpoZ1Vo
+Z0laeStlMDFQRlE1T25Td1pGRFhlWVg5L1JxTG8wU3dwZXpQQlFRCi0+IFRWeScp
+KC1ncmVhc2UKbk14RXlNNW5lZXNFNXJoM1ptMHFWTTZmTk5LVnZOcGhRNVIvZjd2
+aTFhRHViWU0KLS0tICt2TnhuME1yUUxqckRacSthQThYOWxkbnl4R2tMc3B4TjRv
+WnJMZUhXWmsKwIbI3Wixb/DAac1pHDpRIf+kznq7RKoO/FrSeR6J3gjntMtS8lwW
+c+D2NWYqlURR68o5+kJ5dzCpa+oOHy3fnU9yV18fzhOaqz8bWjYpjl1pAxjEIDMO
+p5hNsry2WGegLe3dAFwj+c0f52qHCZhcqBvaizUssIN0wkugK6Uq+JtgHMOWMLxg
+2qJPc11soq/CfWJvKMzQWMN2ndnjD4s0ZOVLFHuL6/kSFnPlN/1SP3/3Z8cEerm0
+C4GEjDwRei7iHdBuILStgjneJoaxXLZth4ZdsgH/Jd0wmaERg+DytIDqE5ryRG6f
+Jo2VR/wUvq+UGgJuCAo6L6vGtBHuwTo7X5azQQwlRCdg
+-----END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix
index 4f241b6..b344fcd 100644
--- a/modules/by-name/co/constants/module.nix
+++ b/modules/by-name/co/constants/module.nix
@@ -36,6 +36,7 @@
       rspamd = 225;
       opendkim = 221;
       virtualMail = 5000;
+      etebase-server = 998;
 
       # As per the NixOS file, the uids should not be greater or equal to 400;
     };
@@ -57,6 +58,7 @@
       rspamd = 225;
       opendkim = 221;
       virtualMail = 5000;
+      etebase-server = 998;
 
       # The gid should match the uid. Thus should not be >= 400;
     };
diff --git a/modules/by-name/et/etesync/module.nix b/modules/by-name/et/etesync/module.nix
index b82baa2..bcabc8a 100644
--- a/modules/by-name/et/etesync/module.nix
+++ b/modules/by-name/et/etesync/module.nix
@@ -9,6 +9,10 @@ in {
     enable = lib.mkEnableOption ''
       a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes.
     '';
+    secretFile = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted globale etebase secretfile passed to agenix";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -25,7 +29,7 @@ in {
     };
 
     age.secrets.etebase-server = {
-      file = ./secret_file.age;
+      file = cfg.secretFile;
       mode = "700";
       owner = "etebase-server";
       group = "etebase-server";
@@ -68,5 +72,9 @@ in {
         };
       };
     };
+    users = {
+      users.etebase-server.uid = config.vhack.constants.ids.uids.etebase-server;
+      groups.etebase-server.gid = config.vhack.constants.ids.gids.etebase-server;
+    };
   };
 }
diff --git a/modules/by-name/et/etesync/secret_file.age b/modules/by-name/et/etesync/secret_file.age
deleted file mode 100644
index 14ec98f..0000000
--- a/modules/by-name/et/etesync/secret_file.age
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcVlGLytoT1VHYUROc0xT
-cURYOXlEYlBXcFpVb044L2FibUdTTjBGMTJ3Cm5PVEpWUUg0NTFocWFIL2RCOWxh
-SjY4Qk94WFJWcHdRSVgvVnZOd2k5NTAKLT4gWDI1NTE5IHQvNlJ1Ti9FeCszVEtl
-cUV4eHBKc0NUSDhzemYrMitPTlBpNGNqcm03UVEKaFNwWW5QdzNiL3V0TnQ2NTF4
-ZjQ0RHVsV25pTG8yWS9ZMnpxM01xN05IZwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg
-ZlJMd09iQXdQVjUxeEhXZjBqQ0lGYWhESEltaXhhNWpuQjFpR0k5Ni96WQpHcHR1
-cDBnQzBsRGNpOXlOWHJ6M1NxVXQ5R1ZObFpKK1lSQ0dQcVV3ZkEwCi0+IDtBREh8
-LWdyZWFzZSBLZFtrS0ggUmg6IGBjL31oOAo0dWZGWmVaNzNWa2F1L0h3bkpFdWQ3
-RjRxTlV2OGp0bGcyaWYxMlpQcVFhVmNKWjNkTnY0cXBESU9adzNPdHRJCi9TOTlt
-bVpQQ2dKNU1BZHo1dCtET2F6Rkw1QjBwd3pUa2h2NUFoZVAxN2VTUHZScUxBCi0t
-LSBvWVJERVRmYU82VHB2Uy9seEdROG1qWmMxcXJHM0pxYm5nRGc2N21SNDRjCvxO
-sER1H7+hqzci75/qZJqGyxtMmuR8IaiiexOQkmz0ZTfqTRGjdY2x6OwYtShvOWtH
-4grLGtPCuRcMjKIUnixB2vSaJ1Kso/oHfaT0Zkxvd2TwcqpHk+K+eHgU6f8/MlS1
-e1Mx+fjfb2SIQ3FaMJTCG0XpTrK2mHESLYB/ZWk2LZnYthDt/V4EadfZ03nnrVYN
-OGXaSbOhUeBGT0YrxVETRXrrlzAr92qUc/GH4pPCTIe0oe3kl7mHIcUXCgUVQ8DQ
-w+/CMqToQyhYN8oQ+PRr4N1+1SLLAHDbD6SM2KQvn4OxWVjQ8+RHaYDV3rP71qCF
-RNPk+gQ5axDQSYe/Ew7P6qVhFSoPCw==
------END AGE ENCRYPTED FILE-----
diff --git a/secrets.nix b/secrets.nix
index d3b6e51..aef461e 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -24,7 +24,6 @@ let
     server3HostKey
   ];
 in {
-  "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1;
   "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server3;
   "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server3;
   "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3;
@@ -36,6 +35,7 @@ in {
 
   "./hosts/by-name/server2/secrets/backuppass.age".publicKeys = server2;
   "./hosts/by-name/server2/secrets/backupssh.age".publicKeys = server2;
+  "./hosts/by-name/server2/secrets/etesync/secret_file.age".publicKeys = server2;
 
   "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3;