From 7e16fa24fce05962c3a741df8b58e82507ae8bfe Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Sat, 25 Jan 2025 22:05:41 +0100
Subject: feat(mastodon): make secrets configurable

---
 hosts/by-name/server3/configuration.nix         |  1 +
 hosts/by-name/server3/secrets/mastodon/mail.age | 14 ++++++++++++++
 modules/by-name/ma/mastodon/mail.age            | 14 --------------
 modules/by-name/ma/mastodon/module.nix          |  6 +++++-
 secrets.nix                                     |  2 +-
 5 files changed, 21 insertions(+), 16 deletions(-)
 create mode 100644 hosts/by-name/server3/secrets/mastodon/mail.age
 delete mode 100644 modules/by-name/ma/mastodon/mail.age

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index 7337148..2afc79f 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -17,6 +17,7 @@
       domain = "mastodon.vhack.eu";
       enableTLD = false;
       tld = "vhack.eu";
+      mailPwFile = ./secrets/mastodon/mail.age;
     };
     matrix = {
       enable = true;
diff --git a/hosts/by-name/server3/secrets/mastodon/mail.age b/hosts/by-name/server3/secrets/mastodon/mail.age
new file mode 100644
index 0000000..882ade9
--- /dev/null
+++ b/hosts/by-name/server3/secrets/mastodon/mail.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeTFoTjB6RTZHbDVzUzg2
+SzNnSE9aSi9yZUNSWWVKNlQxWUo1Y2M1R1h3CjR0RW8xdEtUTlBTcU9DWWE2OVVX
+WEJVVkF2bmtQaUxrK0Vpb21qSCtUcncKLT4gWDI1NTE5IG1JY25Jdmo3UWt4aXJK
+VTRFZVNja2R6MzlJcVMvdHhqZTY0WS91Vnp3Vk0KUG4xbVR2V3k0OFJCVFplODcw
+R0ZDSExRTzVpRWVyM0E4VVRvMXE5cHpWUQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+RFFHaXFrS0IyWnVYdDE5aFhHNnZFSFY3S1ZVZHovRTRrV3VKV3JBQnJVTQordzJ5
+V0hpZ3dsdDVHODluNnRzWlBHRFBBcnVya0dMNTU3T2Z3NkpVZHBvCi0+IFB7LX5l
+Vm5wLWdyZWFzZSA8NVIgV08zU3lBIGBZJSAnRQpwbDZTUTNqdVd4MHFNNVRVZ1pQ
+MG1qcUtjVGRreU9zMwotLS0gMVJ4eldEQlRTTmdraDJDM2pzbkZOY0t6Wnl6TDd1
+cFRXZXJmS1FTMEtyNApWNUWWIXokgwgI+2GT+sBkTzFbXM4CPpIq2QOGRWMrRMmw
+dHoK5NJEI7uw9mP9t6PI04THBqVL5YotJtZkAk1Sx00SWvyLPpZRsSBdH11YiRAb
+jIx0T573hbbFoMNlZHoJ
+-----END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/ma/mastodon/mail.age b/modules/by-name/ma/mastodon/mail.age
deleted file mode 100644
index 882ade9..0000000
--- a/modules/by-name/ma/mastodon/mail.age
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeTFoTjB6RTZHbDVzUzg2
-SzNnSE9aSi9yZUNSWWVKNlQxWUo1Y2M1R1h3CjR0RW8xdEtUTlBTcU9DWWE2OVVX
-WEJVVkF2bmtQaUxrK0Vpb21qSCtUcncKLT4gWDI1NTE5IG1JY25Jdmo3UWt4aXJK
-VTRFZVNja2R6MzlJcVMvdHhqZTY0WS91Vnp3Vk0KUG4xbVR2V3k0OFJCVFplODcw
-R0ZDSExRTzVpRWVyM0E4VVRvMXE5cHpWUQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
-RFFHaXFrS0IyWnVYdDE5aFhHNnZFSFY3S1ZVZHovRTRrV3VKV3JBQnJVTQordzJ5
-V0hpZ3dsdDVHODluNnRzWlBHRFBBcnVya0dMNTU3T2Z3NkpVZHBvCi0+IFB7LX5l
-Vm5wLWdyZWFzZSA8NVIgV08zU3lBIGBZJSAnRQpwbDZTUTNqdVd4MHFNNVRVZ1pQ
-MG1qcUtjVGRreU9zMwotLS0gMVJ4eldEQlRTTmdraDJDM2pzbkZOY0t6Wnl6TDd1
-cFRXZXJmS1FTMEtyNApWNUWWIXokgwgI+2GT+sBkTzFbXM4CPpIq2QOGRWMrRMmw
-dHoK5NJEI7uw9mP9t6PI04THBqVL5YotJtZkAk1Sx00SWvyLPpZRsSBdH11YiRAb
-jIx0T573hbbFoMNlZHoJ
------END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/ma/mastodon/module.nix b/modules/by-name/ma/mastodon/module.nix
index 5645014..895428d 100644
--- a/modules/by-name/ma/mastodon/module.nix
+++ b/modules/by-name/ma/mastodon/module.nix
@@ -25,10 +25,14 @@ in {
       default = null;
       example = "vhack.eu";
     };
+    mailPwFile = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted mail password file passed to agenix";
+    };
   };
   config = lib.mkIf cfg.enable {
     age.secrets.mastodonMail = {
-      file = ./mail.age;
+      file = cfg.mailPwFile;
       mode = "700";
       owner = "mastodon";
       group = "mastodon";
diff --git a/secrets.nix b/secrets.nix
index bf8cfaf..10608f4 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -17,7 +17,6 @@ let
     server3HostKey
   ];
 in {
-  "./modules/by-name/ma/mastodon/mail.age".publicKeys = server3;
   "./modules/by-name/ma/matrix/passwd.age".publicKeys = server3;
 
   "./hosts/by-name/server2/secrets/backuppass.age".publicKeys = server2;
@@ -26,6 +25,7 @@ in {
 
   "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3;
+  "./hosts/by-name/server3/secrets/mastodon/mail.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/miniflux/secrets/admin.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/peertube/general.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/peertube/smtp.age".publicKeys = server3;
-- 
cgit 1.4.1