From 00382102bae2d8f7335f0f7031ac5133ebb07873 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@moduscreate.com>
Date: Mon, 11 Nov 2024 17:10:44 +0100
Subject: [PATCH] Require secrets file also when on metal

---
 services/fediversity/default.nix  | 5 +++++
 services/fediversity/peertube.nix | 4 +++-
 services/vm/peertube-vm.nix       | 4 ----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/services/fediversity/default.nix b/services/fediversity/default.nix
index b4a31724..90f7a02b 100644
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@@ -40,6 +40,11 @@ in {
               description = "number of cores; should be obtained from NixOps4";
               type = types.int;
             };
+
+            peertubeSecretsFile = mkOption {
+              description = "should it be provided by NixOps4? or maybe we should just ask for a main secret from which to derive all the others?";
+              type = types.path;
+            };
           };
         };
       };
diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix
index 03e9e716..7b121ed9 100644
--- a/services/fediversity/peertube.nix
+++ b/services/fediversity/peertube.nix
@@ -61,13 +61,15 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
     database.createLocally = true;
     configureNginx = true;
 
+    secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile;
+
     settings = {
       object_storage = {
         enabled = true;
         endpoint = config.fediversity.internal.garage.api.url;
         region = "garage";
 
-        # not supported by garage 
+        # not supported by garage
         # SEE: https://garagehq.deuxfleurs.fr/documentation/connect/apps/#peertube
         proxy.proxyify_private_files = false;
 
diff --git a/services/vm/peertube-vm.nix b/services/vm/peertube-vm.nix
index 58c46671..7bf1783c 100644
--- a/services/vm/peertube-vm.nix
+++ b/services/vm/peertube-vm.nix
@@ -8,10 +8,6 @@
       listen.hostname = "0.0.0.0";
       instance.name = "PeerTube Test VM";
     };
-    # TODO: use agenix
-    secrets.secretsFile = pkgs.writeText "secret" ''
-      574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
-    '';
   };
 
   virtualisation.forwardPorts = [