From b5734f30224d01e5c9756196dda4d93f21c7cd66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= <theo.barnouin@protonmail.com>
Date: Fri, 14 Feb 2025 13:51:57 +0100
Subject: [PATCH] Add onlyoffice DB

---
 secrets.nix                                      |  1 +
 services/postgresql/default.nix                  |  8 ++++++++
 services/postgresql/secrets/onlyofficeDBPass.age | 12 ++++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 services/postgresql/secrets/onlyofficeDBPass.age

diff --git a/secrets.nix b/secrets.nix
index 28ea9d6..b801a00 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,4 +20,5 @@ in {
   "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
   "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
   "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
+  "services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];
 }
diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix
index a4dc498..f0c1ada 100644
--- a/services/postgresql/default.nix
+++ b/services/postgresql/default.nix
@@ -38,6 +38,7 @@ in {
         host  gitea      gitea      192.168.1.14/32   md5
         host  authentik  authentik  192.168.1.125/32  md5
         host  grafana    grafana    192.168.1.27/32   md5
+        host  onlyoffice onlyoffice 192.168.1.46/32   md5
         ";
       initialScript = pkgs.writeText "init-sql-script" ''
         CREATE ROLE nextcloud WITH LOGIN CREATEDB;
@@ -55,6 +56,10 @@ in {
         CREATE ROLE grafana WITH LOGIN CREATEDB;
         CREATE DATABASE grafana;
         GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
+
+        CREATE ROLE onlyoffice WITH LOGIN CREATEDB;
+        CREATE DATABASE onlyoffice;
+        GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
       '';
     };
     # Stolen from https://discourse.nixos.org/t/assign-password-to-postgres-user-declaratively/9726/3
@@ -80,6 +85,9 @@ in {
 
           password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', '''));
           EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password);
+
+          password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password);
         END $$;
       EOF
     '';
diff --git a/services/postgresql/secrets/onlyofficeDBPass.age b/services/postgresql/secrets/onlyofficeDBPass.age
new file mode 100644
index 0000000..02e602c
--- /dev/null
+++ b/services/postgresql/secrets/onlyofficeDBPass.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4eHFK
+NjVmQ3VNMkljRlRtUGthelM0dkZPVTFpQ1M3ZDczdUZneE5wdzFzClcvUkJNSWEw
+MnIxNmZHN0lLaTBPemgyZHZ0aGRRVXhYMFc0MEJnU2k2dHcKLT4gc3NoLWVkMjU1
+MTkgc2luZ3ZRIGFqYVFWWVRSUWQ5eDZDczZUUStpeGdHMDhidEQzQ0RlVUQ3VUtF
+ZHUvaTAKejNOY2s4cTRlR3NLQUw3VlpGUGN0cUlGOHZ0UDJ6dXQ5b0hUYjBBUEgr
+NAotPiBxLWdyZWFzZSBESjFsS3EgajtwSGotCjRsRmVKOTlveG96aEFvM1FBaW9l
+d0swT3VXQi9saHRuUzdtemlQVlROR05KT3c5TUpUSUhycEhOLzVSMWd2bFkKdkhj
+N1UvT3dWUVZRK2syMDhpK04yQnRNK3NXeDA1dUE5SGcrM1NrRgotLS0gN0FGQTRs
+aHZyQzNRSjlsV3o3R2EwRGxXV29IU3FVbWdDdFBDZ29DcU9UOAqI+4PESny5uNem
+Idc5C5BHpvwJKrvVMKxhwnboH/oziNJL1KxpQSBOFMh3Zqdu
+-----END AGE ENCRYPTED FILE-----