From 5579baecfbbb156ff81f5e1338eaffc59b6c4aaa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 25 Sep 2021 13:02:13 +0200
Subject: [PATCH] modules: services: nextcloud: use 'credentialsfile'

In preparation for the migration to agenix.
---
 machines/porthos/services.nix  |  3 ++-
 modules/services/nextcloud.nix | 11 +++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/machines/porthos/services.nix b/machines/porthos/services.nix
index e5d5eed..bd92b14 100644
--- a/machines/porthos/services.nix
+++ b/machines/porthos/services.nix
@@ -91,7 +91,8 @@ in
     # Nextcloud self-hosted cloud
     nextcloud = {
       enable = true;
-      password = my.secrets.nextcloud.password;
+      passwordFile =
+        builtins.toFile "nextcloud-pass.txt" my.secrets.nextcloud.password;
     };
     nginx = {
       enable = true;
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index b66b8ff..d1461b8 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -18,10 +18,13 @@ in
       example = "admin";
       description = "Name of the admin user";
     };
-    password = mkOption {
+    passwordFile = mkOption {
       type = types.str;
-      example = "password";
-      description = "The admin user's password";
+      example = "/var/lib/nextcloud/password.txt";
+      description = ''
+        Path to a file containing the admin's password, must be readable by
+        'nextcloud' user.
+      '';
     };
   };
 
@@ -34,7 +37,7 @@ in
       maxUploadSize = cfg.maxSize;
       config = {
         adminuser = cfg.admin;
-        adminpass = cfg.password; # Insecure, but I don't care
+        adminpassFile = cfg.passwordFile;
         dbtype = "pgsql";
         dbhost = "/run/postgresql";
         overwriteProtocol = "https"; # Nginx only allows SSL