From 94022737a054f1f6bce14d51944c2a8b7747d850 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= <theo.barnouin@protonmail.com>
Date: Wed, 8 Jan 2025 09:21:06 +0100
Subject: [PATCH] Add onlyoffice secret conf

---
 services/onlyoffice/default.nix | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/services/onlyoffice/default.nix b/services/onlyoffice/default.nix
index 4131d19..5540e48 100644
--- a/services/onlyoffice/default.nix
+++ b/services/onlyoffice/default.nix
@@ -11,6 +11,16 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
+    age.secrets = {
+      office-dbpass = {
+        file  = ./secrets/office-dbpass.age;
+        owner = "onlyoffice";
+      };
+      office-jwtpass = {
+        file  = ./secrets/office-jwtpass.age;
+        owner = "onlyoffice";
+      };
+    };
     services = {
       onlyoffice = {
         enable = true;
@@ -19,10 +29,10 @@ in
         postgresName = "onlyoffice";
         postgresHost = "${cfg.pgsql_ip}";
         postgresUser = "onlyoffice";
-        postgresPasswordFile = "/run/secrets/onlyoffice/office-dbpass";
-        jwtSecretFile = "/run/secrets/onlyoffice/office-jwtpass";
+        postgresPasswordFile = config.age.secrets.office-dbpass.path;
+        jwtSecretFile = config.age.secrets.office-jwtpass.path;
       };
     };
-    networking.firewall.allowedTCPPorts = [ 8000 ];
+    networking.firewall.allowedTCPPorts = [ 80 4369 5432 5672 6379 8000 8080 ];
   };
 }