From b57795bead2ad8baf78a853f2fa1cf44459b7425 Mon Sep 17 00:00:00 2001
From: noe <git@kat.cafe>
Date: Fri, 29 Mar 2024 21:50:46 -0400
Subject: [PATCH] pdr: secrets??

---
 nixos/hosts/porcelain-doll-repair/default.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix
index f421e13..8847d82 100644
--- a/nixos/hosts/porcelain-doll-repair/default.nix
+++ b/nixos/hosts/porcelain-doll-repair/default.nix
@@ -18,13 +18,26 @@
     mode = "0444";
   };
 
+  sops.templates."secrets.yaml" = {
+    content = lib.generators.toYAML {
+      db = {
+        pass = config.sops.placeholder.db_password;
+      };
+    };
+    owner = config.services.iceshrimp.user;
+    group = config.services.iceshrimp.group;
+  };
+
+
   services.iceshrimp = {
     enable = true;
     settings.url = "https://porcelain.doll.repair";
     dbPasswordFile = config.sops.secrets.db_password.path;
     createDb = true;
     configureNginx.enable = false;
+    secretConfig = config.sops.templates."secrets.yaml".path;
   };
 
+  services.postgresql.package = pkgs.postgresql_15;
   services.redis.servers.iceshrimp.logfile = "stdout";
 }