nixfiles/hosts/hetzner-arm/containers/caldav/secrets.nix

{pkgs, ...}: {
  services.secrets = {
    enable = true;

    packages = with pkgs; [
      apacheHttpd
    ];

    vaultLogin = {
      enable = true;
      loginUsername = "hetzner-arm-container-caldav";
    };

    autoSecrets = {
      enable = true;
    };

    requiredVaultPaths = [
      "api-keys/data/caldav"
      "api-keys/data/storage/restic/CalDAV"
      "private-public-keys/data/restic/CalDAV"
    ];

    secrets = {
      vault_password = {
        manual = true;
      };

      radicale_htpasswd = {
        user = "radicale";
        group = "radicale";
        fetchScript = ''
          if [ -f "$secretFile" ]; then
            rm "$secretFile"
          fi

          touch "$secretFile"

          data=$(kv_get "/api-keys/caldav" | base64)
          for username in $(echo "$data" | base64 -d | jq -r ".data.data | keys | .[]"); do
            password=$(echo "$data" | base64 -d | jq -r ".data.data.\"$username\"")
            htpasswd -bB "$secretFile" "$username" "$password" 2>/dev/null
          done
        '';
      };

      restic_password = {
        fetchScript = ''
          simple_get "/private-public-keys/restic/CalDAV" .password > "$secretFile"
        '';
      };
      restic_env = {
        fetchScript = ''
          RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/CalDAV" .restic)
          echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/CalDAV" > "$secretFile"
        '';
      };
    };
  };
}
add caldav/carddav server & redo some htpasswd stuff 2023-10-10 22:22:54 +01:00			`{pkgs, ...}: {`
			`services.secrets = {`
			`enable = true;`

			`packages = with pkgs; [`
			`apacheHttpd`
			`];`

			`vaultLogin = {`
			`enable = true;`
			`loginUsername = "hetzner-arm-container-caldav";`
			`};`

			`autoSecrets = {`
			`enable = true;`
			`};`

			`requiredVaultPaths = [`
			`"api-keys/data/caldav"`
			`"api-keys/data/storage/restic/CalDAV"`
			`"private-public-keys/data/restic/CalDAV"`
			`];`

			`secrets = {`
			`vault_password = {`
			`manual = true;`
			`};`

			`radicale_htpasswd = {`
			`user = "radicale";`
			`group = "radicale";`
			`fetchScript = ''`
			`if [ -f "$secretFile" ]; then`
			`rm "$secretFile"`
			`fi`

			`touch "$secretFile"`

			`data=$(kv_get "/api-keys/caldav" \| base64)`
			`for username in $(echo "$data" \| base64 -d \| jq -r ".data.data \| keys \| .[]"); do`
			`password=$(echo "$data" \| base64 -d \| jq -r ".data.data.\"$username\"")`
			`htpasswd -bB "$secretFile" "$username" "$password" 2>/dev/null`
			`done`
			`'';`
			`};`

			`restic_password = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/restic/CalDAV" .password > "$secretFile"`
			`'';`
			`};`
			`restic_env = {`
			`fetchScript = ''`
			`RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/CalDAV" .restic)`
			`echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/CalDAV" > "$secretFile"`
			`'';`
			`};`
			`};`
			`};`
			`}`