From b4b9ef3211e8e60ca8ce98760fe827e0c25f9c7d Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Tue, 16 Sep 2025 11:13:35 +0200
Subject: [PATCH] Cleaner rclone config

---
 flake.nix                                     | 10 +++----
 hm/rclone-mount-bertof.nix                    |  7 +++--
 hm/rclone-mount-tiziano.nix                   |  2 +-
 nixos/nextcloud.nix                           |  2 +-
 secrets/minio_bertof.age                      | 28 ------------------
 secrets/rclone_bertof.age                     | 29 +++++++++++++++++++
 .../{minio_tiziano.age => rclone_tiziano.age} |  0
 secrets/secrets.nix                           |  4 +--
 8 files changed, 43 insertions(+), 39 deletions(-)
 delete mode 100644 secrets/minio_bertof.age
 create mode 100644 secrets/rclone_bertof.age
 rename secrets/{minio_tiziano.age => rclone_tiziano.age} (100%)

diff --git a/flake.nix b/flake.nix
index 507b85a..edce4ca 100644
--- a/flake.nix
+++ b/flake.nix
@@ -268,7 +268,7 @@
               ./nixos/musa.nix
             ] ++ homeManagerUModules ++ [{
               age.secrets = {
-                minio_bertof = { file = ./secrets/minio_bertof.age; owner = "bertof"; };
+                rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
               };
               home-manager.users.bertof = import ./instances/thor/hm.nix;
             }];
@@ -300,7 +300,7 @@
               ./nixos/musa.nix
             ] ++ homeManagerUModules ++ [{
               age.secrets = {
-                minio_bertof = { file = ./secrets/minio_bertof.age; owner = "bertof"; };
+                rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
               };
               home-manager.users.bertof = import ./instances/sif/hm.nix;
             }];
@@ -325,8 +325,8 @@
               home-manager.users.bertof = import ./instances/odin/hm.nix;
               home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix;
               age.secrets = {
-                minio_bertof = { file = ./secrets/minio_bertof.age; owner = "bertof"; };
-                minio_tiziano = { file = ./secrets/minio_tiziano.age; owner = "tiziano"; };
+                rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
+                rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; };
               };
             }];
           };
@@ -357,7 +357,7 @@
               # ./nixos/s3_cache_read.nix
             ] ++ homeManagerUModules ++ [{
               age.secrets = {
-                minio_bertof = { file = ./secrets/minio_bertof.age; owner = "bertof"; };
+                rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
                 heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age;
                 heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age;
                 heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age;
diff --git a/hm/rclone-mount-bertof.nix b/hm/rclone-mount-bertof.nix
index 3d38fb9..3745d8a 100644
--- a/hm/rclone-mount-bertof.nix
+++ b/hm/rclone-mount-bertof.nix
@@ -2,7 +2,10 @@
   imports = [ ./rclone-mount.nix ];
   rclone-mount = {
     enable = true;
-    configPath = nixosConfig.age.secrets."minio_${config.home.username}".path;
-    mounts = { "minio" = "/home/${config.home.username}/rclone/minio/"; };
+    configPath = nixosConfig.age.secrets."rclone_${config.home.username}".path;
+    mounts = {
+      "minio" = "/home/${config.home.username}/rclone/minio/";
+      "nextcloud" = "/home/${config.home.username}/rclone/nextcloud/";
+    };
   };
 }
diff --git a/hm/rclone-mount-tiziano.nix b/hm/rclone-mount-tiziano.nix
index f4be938..e31d8f0 100644
--- a/hm/rclone-mount-tiziano.nix
+++ b/hm/rclone-mount-tiziano.nix
@@ -2,7 +2,7 @@
   imports = [ ./rclone-mount.nix ];
   rclone-mount = {
     enable = true;
-    configPath = nixosConfig.age.secrets."minio_${config.home.username}".path;
+    configPath = nixosConfig.age.secrets."rclone_${config.home.username}".path;
     mounts = { "minio" = "/home/${config.home.username}/minio/"; };
   };
 }
diff --git a/nixos/nextcloud.nix b/nixos/nextcloud.nix
index 6391812..674738d 100644
--- a/nixos/nextcloud.nix
+++ b/nixos/nextcloud.nix
@@ -65,7 +65,7 @@ in
         hosts.tailscale.ipv4."baldur.tsn"
         hosts.tailscale.ipv6."baldur.tsn"
       ];
-      trusted_domains = [ "heimdall.tsn" ];
+      trusted_domains = [ "heimdall.tsn" "heimdall" ];
       # overwriteprotocol = "http";
     };
     config = {
diff --git a/secrets/minio_bertof.age b/secrets/minio_bertof.age
deleted file mode 100644
index 11f0b4e..0000000
--- a/secrets/minio_bertof.age
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHF5NzlGUSBuUTJT
-ZktaZnhHRGViaU90WVVCak5kVzdYVG1rWkErRStvU1grbUNjQ2dFCitLbWhndlNH
-aGNXV1JaRVNzRFkwRzA2VHA3SXhBMStmZTBtTnhWOEg2NGsKLT4gc3NoLWVkMjU1
-MTkgNGJlaEZBIGRncXgrWWRDeEM3ZmxlSGtTNVlHSEUyUGxRalp5dGR1VFNvdnlT
-YWhSRzQKUk5jNDMyME91VlBhak1teFBGV1Q2QzRjZk1zYjAvMU9sSmNMRCt5TlhR
-cwotPiBzc2gtZWQyNTUxOSBoR1FBU0EgQkxSWjdsQTBIS0F6eEpVb3VhejRSSTB2
-cE1kWDN5RmNwTlN0OTU4cWZBYwpPckRxbzFoU2FiN1NDQWNTZCtSemxVMVprOEk0
-NFBGb2h4Z2toanpwYlBZCi0+IHNzaC1lZDI1NTE5IHFoUk9hdyBqZW1GYmdBeTZl
-b3cxZkl1ODV2MU5lS1pGLzJScFF3Ym9OanVTdmFsK25zClZaZXo2eWtJNjRDQzZV
-bnhLODhjdzRiSmdiMUxXYTFqMldBblRNaWZFQzQKLT4gc3NoLWVkMjU1MTkgdjdP
-L0ZBIFVwWkRMcGljZmNobXlwWE1kVE1lV0xzenBVRUhjek5DSm9TNThBNDVJR2cK
-bUlWeC9Vby9rZGZqTi8zdUtGWFFZUFdLeTBtS0sxYytNbmFobVMyYmJlUQotPiBz
-c2gtZWQyNTUxOSBJdnlZdWcgbDJJODI3a1FuRjhkd2Nwcll3bkVZMlh3Tk5rb1hZ
-NURaV1Y2b2lkMFNIUQozZVUwT3EwbGQyTEFKdnBGd2RPdjFZZnFDR1RBdlZwcGk4
-R0FkTzBISXQwCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyAxL3oyL1pwMzZ6dTdtVSsz
-NWQwcXlOaUk3UG84Y1ZYS05taXZGYXQxclVBCk8zMGMvYlVYd2s4c2xwMENUb0Mx
-cXlSVjFUaFN3MEw4amt3TEFTM0hxZ0EKLT4gc3NoLWVkMjU1MTkgOEtJcldRIHNY
-VlhROWVkS0hTeWFSNWJXdjhOZit5SXN6RUNvSXpkNWFHdDFTZGZxQUUKV0VMeGMx
-dlJXdFIrY1RSbjhoOGNWRHhmOTBKc0QwVjFiQThKMEViNHp4WQotPiBKLWdyZWFz
-ZSB1e2s9V3EgalggXUAgVjcxMkMoCnNRZlRWRGEvNnpNTS9McjhpZlZxRzRiZytI
-cG9EcnhzTlNwK0k5U2VUalUzZ2J6OGtqRQotLS0gZ1lDQzRLSlhuY2NaUTkzM2V5
-U0ZCekVuM09FeU5GMWZhQ21BeGdvWFZpbwpevAWxxM0+tej3pHA3o3DGcNz4zw0X
-6Mj62YNlP4UrEGfNJMXm6qhb4MscyAELhgzx4BY8DTuqyeJZT8yu4T1CZstzpjqu
-qwcrGg1SYVuemA2b2d5k6FytKD+gbS2WcmD+73aqDfuuQjChKxXyFo/DNaciOjaQ
-TralgNLEp/kB1amY93LwQFaJ2fxzHzB8cIjRy6qbEYdGv4njmOzrRGvfsVZQnLYl
-+GQEu8Fm6aWLN7d2N7AbHzjZ8hKiasym/wKcYSsVMFwkAOI=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/rclone_bertof.age b/secrets/rclone_bertof.age
new file mode 100644
index 0000000..b929b63
--- /dev/null
+++ b/secrets/rclone_bertof.age
@@ -0,0 +1,29 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHF5NzlGUSB0SXFW
+QnZxMXc2ZFZWTmN4OTJkREZ1VEZOZkVMQTZ0Z3Ara2lhTHBWSDBZCnNqY051Z250
+T3Z1RDl2SlIwZStuMU1BeDBiTlQ4d2FFMkpwY1lQTWJUWlUKLT4gc3NoLWVkMjU1
+MTkgNGJlaEZBIGtib1E0cHdUV0dkZDZ4dVBRMW9FTXM1SGlaWURNTVdlVG5rRk9T
+UHVMajQKUWZVUTZ3U2FidGorUkhZRDJOZkxYUVBYc0xlVnZ5cFI1aWRXTGVVcUxo
+TQotPiBzc2gtZWQyNTUxOSBoR1FBU0EgVkFxb0MrbDNUQ1R4N3kvampubVVuQVZO
+dC8wOEloSnVrNG5RSVBIS29tSQpEdUNUVHgvNmc4d3VoR3J4NFg5enZVTmlFZmQ0
+cngvL2ZTcGVYWEdJbzhVCi0+IHNzaC1lZDI1NTE5IHFoUk9hdyBJSkFvZVdkTWNK
+cTROelI4SEhSL3pTTFErQkw2MGlPOUZhT0p2eUhuaVRJCnlZNjBZRjMrdmpieUd3
+M2tNNTJwSGM1YWxobEIzMkhoaWZlejEvWW15d2cKLT4gc3NoLWVkMjU1MTkgdjdP
+L0ZBIFMyVThRV0N4WXc4K3lnWnppK0MwSm13cE1EQ2kwdEdMOHpIZWlPWFNwREEK
+RnJoRmhlb1FXYUFpYk8wM0dDbnhjdDlGbVRqa0U1d0RNQW1tRmJsT1ZVcwotPiBz
+c2gtZWQyNTUxOSBJdnlZdWcgRG96TEkxanN6SFpoVVZYQzZjeitJUHFXOWw2WWlm
+SXduTmlKdHVLa3YwRQpEcXpKTkloTnhvVEVOczFwbGdMNDFDSDhKTnZ1UTRGZG9q
+ak9jcndmMW1zCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyBzT3ZuTjBrdFU0QXM5d2JM
+aFVma2VlOHhFb1RwR3ZDWWxESzgxOVpHZEhBCjZoSUlFZTk1Vi9ScWhoUmdNVHpu
+YUU1S3BpciswQlZWY040eWJDY1NkU3cKLT4gJy8pSF90L08tZ3JlYXNlIDMvOz9a
+KEpyIFxoWUxPL3wjIFgsWTpJIGt3CmR5SU1MTkJxT3B2Umx2cmFRSTlDczNlRW13
+bwotLS0gYzhTZnM5S1JoZmVVcVhLRGlHMDJXcVFIK1R4T1VyclJJK3hvQm9CUEx5
+RQo4qNMBz/U6pyGqufTP7wq1LGxcxvi3kUF+mLf8bEZUhcXOldJ/2jsz5UNpLoUR
+8izL9TM5Don8EYw2pgcBbc1N9DIdwVqhH1Q2NnppCeddbFV7YWZ5r9VmU7LIhoiG
+7xvX9bGPHikCjEVFVdv/k8pjFegbl6mfuRqR3wi3Ur/cD0MfR61g3ACijXRB1+zA
+7u0gFcv2ZaYhD+oXn4+VRmx4GP7wQn8I+G+4DM3tcyXKA6JENzpjRS6j7TPPqna8
+1rsXripSu8May4bAeAkPjFkfaZuQNkAXAryJf0Rf/sF+2VCSqGQ9OiFBTi5ogF7f
+eGfw692h1/+eeAEjSLDlR4Eh9rgekaiW0jRB5KG+kSgO4Z5lmjBsM7lBoaJXTs0y
+jvb+UKST3eBA1PVdocXqnIYu9asuLsVBcGkfLK/7yLgIT6aWEC7wreZI/cpQNCcq
+Zb9G2LKAzqZsZoskdS4mlIlSQl6Ym0rKJQ==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/minio_tiziano.age b/secrets/rclone_tiziano.age
similarity index 100%
rename from secrets/minio_tiziano.age
rename to secrets/rclone_tiziano.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 659d06c..dd7ae00 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -44,8 +44,8 @@ in
   "spotify_password.age".publicKeys = devUsers ++ systems;
   "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
   "wg_psk.age".publicKeys = devUsers ++ systems;
-  "minio_bertof.age".publicKeys = devUsers ++ [ sif thor odin heimdall ];
-  "minio_tiziano.age".publicKeys = devUsers ++ [ tiziano_odin ] ++ [ odin ];
+  "rclone_bertof.age".publicKeys = devUsers ++ [ sif thor odin heimdall ];
+  "rclone_tiziano.age".publicKeys = devUsers ++ [ tiziano_odin ] ++ [ odin ];
   "ollama.age".publicKeys = devUsers ++ [ sif thor ];
   "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ];
   "heimdall-gitlab-runner-docker-images.age".publicKeys = devUsers ++ [ heimdall ];