5 changed files with 12 additions and 73 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,11 +1,13 @@
 keys:
-  - &muskduck age1f99k8ujf9gt9zhzyqquhuv38znwjtv2cf42s0sf3h0waa5gwxsvscd2rvw
+  - &admin_fern age1n9q3cspp4a6qvjv9xaf00e5d5za3d8upz4akj2fh6zt5ly3ahans3vpx5x
-  - &firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge
+  - &admin_ornithologist age1t4cmsp8ge42cftxne6vjxt255tsfe6aga4r35gev647f3yuvwvkqyetenv
-  - &nextcloud age1vkup37w26905wzmjnjxryfzga7f72dzhuay45uuhqvntj3gajydsnukxv7
+  - &server_firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge
  - &server_nextcloud age1fn3y3km7wuftvrc2ds78ceu2wfrya0l5up0gshhnyhrq7gyglu0s2j8mpm
 creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
-      - *muskduck
+      - *admin_fern
-      - *firefox-syncserver
+      - *admin_ornithologist
-      - *nextcloud
+      - *server_firefox-syncserver
      - *server_nextcloud
--- a/flake.lock
+++ b/flake.lock
@ -412,11 +412,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1755613196,
+        "lastModified": 1753192971,
-        "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=",
+        "narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=",
        "ref": "main",
-        "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a",
+        "rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495",
-        "revCount": 5,
+        "revCount": 4,
        "type": "git",
        "url": "ssh://git@docker.local:222/fern/secrets"
      },
--- a/flake.nix
+++ b/flake.nix
@ -98,10 +98,5 @@
      (mkHost "firefox-syncserver" {
        suite = "server/lxc";
      })
      # Container running Nextcloud.
      (mkHost "nextcloud" {
        suite = "server/lxc";
      })
    ];
 }
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@ -1,57 +0,0 @@
 {
  config,
  pkgs,
  secrets,
  ...
 }: {
  # Import secrets.
  sops = {
    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    defaultSopsFile = "${secrets}/sops.yaml";
    secrets."nextcloud/admin_pass" = {};
  };
  # Enable Nextcloud.
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud31;
    hostName = "localhost";
    database.createLocally = true;
    appstoreEnable = false;
    autoUpdateApps.enable = true;
    extraApps = with config.services.nextcloud.package.packages.apps; {
      inherit calendar contacts dav_push gpoddersync notify_push user_oidc;
    };
    settings = {
      trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"];
      trusted_proxies = [
        "::1"
        "127.0.0.1"
        "10.0.1.102" # reverse proxy
      ];
      log_type = "file";
      default_phone_region = "AU";
      maintenance_window_start = 1;
    };
    config = {
      dbtype = "pgsql";
      adminuser = "fern";
      adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
    };
    phpOptions."opcache.interned_strings_buffer" = "64";
    notify_push = {
      enable = true;
    };
  };
  # Open required ports for Nextcloud.
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
--- a/suites/desktop/default.nix
+++ b/suites/desktop/default.nix
@ -265,7 +265,6 @@ with lib; {
    gnomeExtensions.color-picker
    gnomeExtensions.rounded-window-corners-reborn
    gnomeExtensions.smile-complementary-extension
    inkscape
    jellyfin-media-player
    libreoffice
    minipro