From a9119f8e7d23047a08cfef26cd6b9c3139828e4f Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Sat, 25 Jan 2025 21:59:01 +0100
Subject: feat(miniflux): make secrets configurable

---
 hosts/by-name/server3/configuration.nix          |  1 +
 hosts/by-name/server3/secrets/miniflux/admin.age | 14 ++++++++++++++
 modules/by-name/mi/miniflux/module.nix           |  6 +++++-
 modules/by-name/mi/miniflux/secrets/admin.age    | 14 --------------
 secrets.nix                                      |  2 +-
 5 files changed, 21 insertions(+), 16 deletions(-)
 create mode 100644 hosts/by-name/server3/secrets/miniflux/admin.age
 delete mode 100644 modules/by-name/mi/miniflux/secrets/admin.age

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index 33dfd48..7337148 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -31,6 +31,7 @@
         "rss.vhack.eu"
         "miniflux.vhack.eu"
       ];
+      adminCredentialsFile = ./secrets/miniflux/admin.age;
     };
     murmur = {
       enable = true;
diff --git a/hosts/by-name/server3/secrets/miniflux/admin.age b/hosts/by-name/server3/secrets/miniflux/admin.age
new file mode 100644
index 0000000..12944a5
--- /dev/null
+++ b/hosts/by-name/server3/secrets/miniflux/admin.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NlhidUNjVkM2UjRxUTFU
+K0gzT1BoR0lTUWRpelo2cEU4UnI2YnZmOGhFCmJwTmh5bmVZVVoxSThucnNWY2dX
+NnBBTmFUcXR2TE1VT1ROaUFjeFpjRUkKLT4gWDI1NTE5IDZGUnRNYjFRSERwZlM5
+YnRETzY5MkVFaHpVdnFwTlpQQWxFVlc1dnVVV1kKMlFmVUZkYWhFNGpkMGp0NHQv
+Mnd3YTlhaFRGVGp3OXVSNDZCNys1cTZuawotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+ZTBYTGFncjZuRzVSZDFjL2IweCtQeExMOEEvcFhrREFTbTlnZm5kMnZpOApmcnRX
+MXVOMHpya1hlaHNMOUI0bmlTVXRwTVFhbGJid3FuUTJkK2NsdkZjCi0+IGx5QDor
+OCstZ3JlYXNlCkJ0TkJneDdrMTBxWXVYdk9zRFJCCi0tLSA0TEQvQWpTZldXQjZx
+NmlaZnJGL3hCbjM4UzVHTTlrTWJPTm5xRE9aMFMwClDs64cTlulCxY4R+9YtpxSA
+0WGrPCpKyS0JVhuO+WgXLm34k+xjSWSER0Uiqu+fotyiX3KSMyjZDAyWMsiDiAlq
+CaOHTlpbDZuIIqfmrHsqH5dM4MPHvwigL2zBrXcbarYxVagJk89k31ah+5YJhMsa
+kOmNpZlQK/CmrhqIKNFzVYZp+q5Sr6ZTJVo=
+-----END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/mi/miniflux/module.nix b/modules/by-name/mi/miniflux/module.nix
index ca6f476..0075bca 100644
--- a/modules/by-name/mi/miniflux/module.nix
+++ b/modules/by-name/mi/miniflux/module.nix
@@ -16,11 +16,15 @@ in {
       description = "Additional domains to serve miniflux on";
       default = [];
     };
+    adminCredentialsFile = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted admin credentials file passed to agenix";
+    };
   };
   config = lib.mkIf cfg.enable {
     age.secrets = {
       minifluxAdmin = {
-        file = ./secrets/admin.age;
+        file = cfg.adminCredentialsFile;
         mode = "700";
         owner = "root";
         group = "root";
diff --git a/modules/by-name/mi/miniflux/secrets/admin.age b/modules/by-name/mi/miniflux/secrets/admin.age
deleted file mode 100644
index 12944a5..0000000
--- a/modules/by-name/mi/miniflux/secrets/admin.age
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NlhidUNjVkM2UjRxUTFU
-K0gzT1BoR0lTUWRpelo2cEU4UnI2YnZmOGhFCmJwTmh5bmVZVVoxSThucnNWY2dX
-NnBBTmFUcXR2TE1VT1ROaUFjeFpjRUkKLT4gWDI1NTE5IDZGUnRNYjFRSERwZlM5
-YnRETzY5MkVFaHpVdnFwTlpQQWxFVlc1dnVVV1kKMlFmVUZkYWhFNGpkMGp0NHQv
-Mnd3YTlhaFRGVGp3OXVSNDZCNys1cTZuawotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
-ZTBYTGFncjZuRzVSZDFjL2IweCtQeExMOEEvcFhrREFTbTlnZm5kMnZpOApmcnRX
-MXVOMHpya1hlaHNMOUI0bmlTVXRwTVFhbGJid3FuUTJkK2NsdkZjCi0+IGx5QDor
-OCstZ3JlYXNlCkJ0TkJneDdrMTBxWXVYdk9zRFJCCi0tLSA0TEQvQWpTZldXQjZx
-NmlaZnJGL3hCbjM4UzVHTTlrTWJPTm5xRE9aMFMwClDs64cTlulCxY4R+9YtpxSA
-0WGrPCpKyS0JVhuO+WgXLm34k+xjSWSER0Uiqu+fotyiX3KSMyjZDAyWMsiDiAlq
-CaOHTlpbDZuIIqfmrHsqH5dM4MPHvwigL2zBrXcbarYxVagJk89k31ah+5YJhMsa
-kOmNpZlQK/CmrhqIKNFzVYZp+q5Sr6ZTJVo=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets.nix b/secrets.nix
index d2b2b51..bf8cfaf 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -17,7 +17,6 @@ let
     server3HostKey
   ];
 in {
-  "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3;
   "./modules/by-name/ma/mastodon/mail.age".publicKeys = server3;
   "./modules/by-name/ma/matrix/passwd.age".publicKeys = server3;
 
@@ -27,6 +26,7 @@ in {
 
   "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3;
+  "./hosts/by-name/server3/secrets/miniflux/secrets/admin.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/peertube/general.age".publicKeys = server3;
   "./hosts/by-name/server3/secrets/peertube/smtp.age".publicKeys = server3;
 }
-- 
cgit 1.4.1