add obsidian_sync secret

common/_containers/obsidian_sync.nix

@@ -26,6 +26,11 @@ in
         type = lib.types.str;
         description = "URL of the Obsidian Sync server";
       };
+      dockerEnvFiles = lib.mkOption {
+        type = lib.types.listOf lib.types.path;
+        default = [ ];
+        description = "List of environment files to be used by the Obsidian Sync container";
+      };
     };
 
   config = {
@@ -41,11 +46,11 @@ in
         ];
         environment = {
           SERVER_URL = cfg.serverUrl;
+          COUCHDB_DATABASE = "obsidian_sync";
           COUCHDB_USER = "adminu";
           COUCHDB_PASSWORD = "Password123"; # TODO move to a secret and link to it via envFiles
-          COUCHDB_DATABASE = "obsidian_sync";
         };
-        # environmentFiles = [ "${cfg.dataDir}/.env" ]; $ TODO see above todo
+        environmentFiles = cfg.dockerEnvFiles;
         volumes = [
           "${cfg.dataDir}/data:/opt/couchdb/data"
         ];

common/secrets/default.nix

@@ -102,6 +102,10 @@ in
             file = ./secrets/headscale_auth.age;
             owner = users_cfg.primary;
           };
+          obsidian_sync_env = {
+            file = ./secrets/obsidian_sync_env.age;
+            owner = users_cfg.primary;
+          };
         };
     };
   };

common/secrets/secrets/obsidian_sync_env.age

@@ -0,0 +1,40 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA3VHM4
+ekJTSmJvT2lTTHRBMzFXdFFHaytJK1lHemVmNnRnSURVbjVVK2lFCkxZNFZLUW1R
+R055ZGNLNTZLcDg3Y0wzbUdRWVFFd1pjVlpVdVJVOVdBd0EKLT4gc3NoLWVkMjU1
+MTkgSmh2TCtRIHFwVE1aKytFYndQdHN4U0lDVjlIR3Q0STNrN3RkcTBLbVRxczM4
+dDBUV2cKcUd0cldLQTJ5Ti9uQjJFdC9YeDFmSUM2cTB3eWFwSXhqY0JQR0hOOTJi
+awotPiBzc2gtZWQyNTUxOSBTcENqQlEgSkZuVVh6VlRORXZCR01LSU1uN3ViU0ln
+Vko2a09kaWhHNEREMkIyQjd6awpCd3liSkN6cERtbERnTENTQm5Lcm1XcGl2QVJw
+MHR6VWZQUjZJd2Zud2UwCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBkOTYvVkN6Q2ht
+ZGNlVWJpdGs3Q1pFT2ZmV25mYzE0cFB3Nzd6Tk11emxvCjRIVEJvdXU1dXNxSXhM
+a0JJanRtMUVjT3d3VTEyTHJRN3laVXdtVWZjdkUKLT4gc3NoLWVkMjU1MTkgWHpm
+bWFRIGdrRTJJNFRud2JCcnZNWW9sanlaRTNxWmgxV0ErVVdDQXNTQU5IeFl2SE0K
+QUUxQ2NrWjJ4MUpobzBQRStVRGtZY1Q4QTdteWsrL3UwVm1EQVlnbTN0SQotPiBz
+c2gtZWQyNTUxOSBSNSt4ZncgMDNBTW1UNUx3OWxmU2ZGdUtoWmc5ak0vWjV0RmFB
+MWgxcVB3bC9QdlVRcwpyeWVSTkN3aHRBUkRybzF0S2MxcCtWRTBZVWsra1MvWVBX
+cVVvampybkdVCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBnSHhUTlpscUNLSjJYSTNu
+KzF2TzZ3V3IwZDBnRloySXVaMzJ5b3JlYUdJCjg2bVZDREpVcTY1TE8xR2h4OXlz
+QWtrRXZzS01XT01JSlJQZnU3Tm93bDQKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFYx
+YW9iUWJNRGY5dFdkY2pCMm5sdTl4dHBIZXpqL0ZhWTA1V2FSZHoyd2MKWm0xdmFp
+aGJWZDBLRURDZ21vT0F5NGlaVGw0Tml3dml0S3FpUkRiZGNGQQotPiBzc2gtZWQy
+NTUxOSB3ZHJaSkEgcWhhT2sxQVJpMklMbmhpaHFVZU1BYi94aEhyVkVlN2Y2dHAr
+Vmtmak9pbwpMUk0xNHpCWHJFVTJSSkdzTTVwalFSQThjWmM2T1FWTEtzclIvMGMy
+V3J3Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyA1d0tZUzJIcTNMY0ViaDdrcmJzRHZh
+ZThlK2E1Y091U1V2WXVDYTZvOXlrCmdlTGlMUG9FekExSHlkTFhUR2d5KzZDcnd1
+TFEzUUJlcGtaVzhJUkhrSmMKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHVHc1dYZjJC
+dnRac2tBc2lqZmNaZ0NFYnozWm94VktEcEU0UGdiOFBsemMKU0hGQXZGTU9oNyt2
+SGZwTWViUVo5NCtWcGVNdHNnUGhFeGZhY044aTJSVQotPiBzc2gtZWQyNTUxOSBw
+ZUZCUWcgUitGb1pRNEh5eTdldU5OaDNwYzFxRm1sZzRYVk8vT1crdTRjSVlDSUFU
+SQo5MnhVZjMzMHlDZ3R3QnhXL2VsQmU4WHhlT1A0QmV4blFld3ozbDZLUVJzCi0+
+IHNzaC1lZDI1NTE5IDl2LzJIQSBKTjBaTWtTb2JHbXFqTGMxamx2WkkxY0VPQ3Jz
+cVIvdnBnMXFSK0FnVlR3CjF6c2llYkZDTk9yY1E3Vjk2K2ZpbVFQVmJEMlV3cXNw
+dkM0Sm81am1nMUkKLT4gTj5sLWdyZWFzZSBbQSwxRGc4CldWVUNsT1lITkFqOUpG
+TEFUTHB3TkZJU2hQUGtuZ0ZNOFNEd0poQ1VGOXZyTnh5RTA0SGI2M0dpOHpBYzkz
+eUYKS1Rjb1lsaE13WTByUFRSbGN5aFQwcVdsVy8xcVY3aUo4Q2kxbk1iMTFLOUx6
+TGllbkR6QwotLS0gbncyWWhJdDN1QnlSR09WbnBSbUg5YVd3Y2swSVd6eW9OU3Js
+Q1RObmR1dwqLMWIo7EfqRCDm9i7SEQEumyTsTrO85HdRhcn7MmM50cMJVhA0Evsp
+tYUVfj1UWvL9w7r3AVzHr4Kcgz5dlVpgXQ/K3QL5Bxzx87KXdafJWkxzMMDE1dDM
+94mu+/CErH7oFTE0LNEDDvhSZfNPC6+SvMuffAwUoEXExec8plSDBoCYIz0qz3Ci
+95WU/HTXQ2om3FiCDxJJO+Tg4FjJDgxHwQ3Ldg==
+-----END AGE ENCRYPTED FILE-----

common/secrets/secrets/secrets.nix

@@ -84,4 +84,7 @@ in
   "headscale_auth.age" = {
     inherit publicKeys;
   };
+  "obsidian_sync_env.age" = {
+    inherit publicKeys;
+  };
 }