diff --git a/configuration.nix b/configuration.nix index 3752784..8aef595 100755 --- a/configuration.nix +++ b/configuration.nix @@ -304,27 +304,7 @@ in owner = "matrix-synapse"; group = "matrix-synapse"; }; - - age.secrets.matrixdb = { - file = /var/lib/agenix-secrets/matrixdb.age; - mode = "770"; - owner = "postgres"; - group = "postgres"; - }; - - age.secrets.nextclouddb = { - file = /var/lib/agenix-secrets/nextclouddb.age; - mode = "770"; - owner = "postgres"; - group = "postgres"; - }; - - age.secrets.wordpressdb = { - file = /var/lib/agenix-secrets/wordpressdb.age; - mode = "770"; - owner = "mysql"; - group = "mysql"; - }; + ###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) ####### @@ -349,14 +329,14 @@ in services.postgresql.initialScript = pkgs.writeText "begin-init.sql" '' - CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.nextclouddb}'; + CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.age.secrets.nextclouddb.file}'; CREATE DATABASE "nextclouddb" WITH OWNER "ncusr" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.matrixdb}'; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.age.secrets.matrixdb.file}'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" @@ -367,7 +347,7 @@ in services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" '' CREATE DATABASE wordpressdb; - GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.wordpressdb}'; + GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.age.secrets.wordpressdb.file}'; FLUSH PRIVILEGES; '' ; diff --git a/modules/personalization.nix b/modules/personalization.nix index 05cac8c..544df7f 100755 --- a/modules/personalization.nix +++ b/modules/personalization.nix @@ -14,10 +14,10 @@ coturn_static_auth_secret = builtins.readFile /var/lib/secrets/turn; ## -matrixdb = builtins.readFile /var/lib/secrets/matrixdb; -nextclouddb = builtins.readFile /var/lib/secrets/nextclouddb; -wordpressdb = builtins.readFile /var/lib/secrets/wordpressdb; - +age.secrets.matrix_reg_secret.file = /var/lib/agenix-secrets/matrix_reg_secret.age; +age.secrets.matrixdb.file = /var/lib/agenix-secrets/matrixdb.age; +age.secrets.nextclouddb.file = /var/lib/agenix-secrets/nextclouddb.age; +age.secrets.wordpressdb.file = /var/lib/agenix-secrets/wordpressdb.age;