sops (workstation part)

modules/servers/nextcloud.nix

@@ -24,6 +24,13 @@ in {
   };
   config = lib.mkIf
     (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
+      sops.secrets = {
+        smtp-password = { };
+        nextcloud-adminpass = {
+          owner = config.users.users.jawz.nextcloud;
+          inherit (config.users.users.jawz) group;
+        };
+      };
       nixpkgs.config.permittedInsecurePackages =
         [ "nodejs-14.21.3" "openssl-1.1.1v" ];
       environment.systemPackages = with pkgs; [ mediainfo dlib ];
@@ -53,7 +60,7 @@ in {
           tls = true;
           from = "stunner6399@gmail.com";
           user = "stunner6399@gmail.com";
-          password = "eqyctcgjdykqeuwt";
+          passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
         };
       };
       services = {
@@ -71,8 +78,7 @@ in {
             inherit (config.services.nextcloud.package.packages.apps) calendar;
           };
           config = {
-            adminpassFile = "${pkgs.writeText "adminpass"
-              "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
+            adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
             dbtype = "pgsql";
             dbhost = config.my.postgresSocket;
             dbtableprefix = "oc_";