From 76e6a1d9cc5f66482fabe09feab7339bea3caf9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laure=CE=B7t?= <laurent@fainsin.bzh>
Date: Sun, 19 Mar 2023 15:49:50 +0100
Subject: [PATCH] feat: setup gitea database secret

---
 flake.nix                        |  4 ++--
 hosts/hydrogen/configuration.nix | 12 +++++++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 2bd98e6..625c7b7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -22,7 +22,7 @@
     };
   };
 
-  outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }@inputs:
+  outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }:
 
     # Provide colmena
     (flake-utils.lib.eachDefaultSystem (system:
@@ -33,7 +33,7 @@
             pkgs.colmena
             pkgs.nixfmt
             pkgs.git
-            inputs.agenix.packages.${system}.ragenix
+            agenix.packages.${system}.ragenix
           ];
         };
       })) // {
diff --git a/hosts/hydrogen/configuration.nix b/hosts/hydrogen/configuration.nix
index 98e7b90..b1e8f09 100644
--- a/hosts/hydrogen/configuration.nix
+++ b/hosts/hydrogen/configuration.nix
@@ -144,12 +144,22 @@
 
   environment.systemPackages = with pkgs; [ htop ];
 
+  age.secrets.gitea = {
+    file = ../../secrets/gitea.age;
+    owner = "gitea";
+    group = "gitea";
+  };
+  age.identityPaths = [ "/root/.ssh/id_ed25519" ];
+
   services.gitea = {
     enable = true;
     domain = "git.fainsin.bzh";
     rootUrl = "https://git.fainsin.bzh";
     lfs.enable = true;
-    database.type = "postgres";
+    database = {
+      type = "postgres";
+      passwordFile = config.age.secrets.gitea.path;
+    };
     settings = {
       service = {
         "DEFAULT_KEEP_EMAIL_PRIVATE" = true;