From b0e4c31d6e907159cfea455f57dda0163b44cab3 Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Tue, 2 Mar 2021 02:42:47 +0000
Subject: [PATCH] Added private submodule. Started using secrets.

---
 .gitmodules                       | 4 ++++
 config/hosts/athame/nextcloud.nix | 2 +-
 config/private                    | 1 +
 config/users/kat/default.nix      | 8 ++++++++
 lib/hosts.nix                     | 4 +++-
 todo.org                          | 2 ++
 6 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 config/private

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000..c9d4591d
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "config/private"]
+	path = config/private
+	url = "gcrypt::git@github.com:kittywitch/nixfiles-private#main"
+	branch = main
diff --git a/config/hosts/athame/nextcloud.nix b/config/hosts/athame/nextcloud.nix
index 1fbc1d91..de665e86 100644
--- a/config/hosts/athame/nextcloud.nix
+++ b/config/hosts/athame/nextcloud.nix
@@ -17,7 +17,7 @@
       dbhost = "/run/postgresql";
       dbname = "nextcloud";
       adminpassFile =
-        "/var/lib/nextcloud/admin-pass"; # TODO replace this with proper secrets management
+        config.secrets.files.nextcloud.path; # TODO replace this with proper secrets management
       adminuser = "root";
     };
   };
diff --git a/config/private b/config/private
new file mode 160000
index 00000000..933f5058
--- /dev/null
+++ b/config/private
@@ -0,0 +1 @@
+Subproject commit 933f5058c9942bfd51812cd0beaaf9b61a8205b7
diff --git a/config/users/kat/default.nix b/config/users/kat/default.nix
index c0752c3f..df9a0213 100644
--- a/config/users/kat/default.nix
+++ b/config/users/kat/default.nix
@@ -20,6 +20,10 @@
     ];
     shell = pkgs.fish;
     extraGroups = [ "wheel" "video" ];
+    packages = with pkgs; [
+      git-crypt
+      gitAndTools.gitRemoteGcrypt
+    ];
   };
 
   home-manager.useGlobalPkgs = true;
@@ -49,8 +53,12 @@
 
     programs.git = {
       enable = true;
+      package = pkgs.gitAndTools.gitFull;
       userName = "kat witch";
       userEmail = "kat@kittywit.ch";
+      extraConfig = {
+        protocol.gcrypt.allow = "always";
+      };
       signing = {
         key = "01F50A29D4AA91175A11BDB17248991EFA8EFBEE";
         signByDefault = true;
diff --git a/lib/hosts.nix b/lib/hosts.nix
index 7a9bb3bd..5c1aa64e 100644
--- a/lib/hosts.nix
+++ b/lib/hosts.nix
@@ -1,4 +1,5 @@
-{ pkgs, hostsDir ? ../config/hosts
+{ pkgs, hostsDir ? ../config/hosts,
+privateHostsDir ? ../config/private/hosts
 , commonImports ? [ ../config/common ../modules ], pkgsPath ? ../pkgs }:
 
 with pkgs.lib;
@@ -12,6 +13,7 @@ rec {
       _module.args = { inherit hosts profiles; };
       imports = [
         (import (hostsDir + "/${hostName}/configuration.nix"))
+        (import (privateHostsDir + "/${hostName}/configuration.nix"))
         ../modules/deploy
       ] ++ commonImports;
       networking = { inherit hostName; };
diff --git a/todo.org b/todo.org
index f0abf5cc..1630858c 100644
--- a/todo.org
+++ b/todo.org
@@ -3,6 +3,8 @@
 ** TODO Move virtual machine config into nixfiles
 ** TODO Add dork.dev to mailserver
 ** TODO Set up proper user service for scream
+** TODO Migrate non-PGSQL services to PGSQL
+** TODO Gitea theme + resources overwrite - See PBB gitea
 
 * Secrets handling