add harbor nc secrets

hosts/harbor/configuration.nix

@@ -1,9 +1,20 @@
-{pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ./hardware-configuration.nix
     ../../modules/services/nextcloud-instance.nix
   ];
 
+  # Secret management
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.secrets."nextcloud-admin-pass" = {
+    sopsFile = ../../secrets/harbor/nextcloud.yaml;
+    key = "admin-pass";
+  };
+
   # Configure nix and garbage collection
   nix = {
     settings = {
@@ -20,9 +31,9 @@
   users.users.jonas = {
     isNormalUser = true;
     description = "Jonas";
-    extraGroups = ["wheel" "docker"];
+    extraGroups = ["wheel"];
     openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyCyYsMSiy7shcehlzJEbCyRiHk+cicFB35Bc2uc4PjjkCjswLh01fRAV2QcplrNkH/5F4GBTbOoZHHc7/AVLyUxgwDC9ffD2i7fevuGpfBFy9D30uz6jDekxXkmRmIlidXLdG1Fh4zwVejGlwdhUu/Zb7PonO/dktx3EFdf1SpnW+y75anN85zoGsld7KQk42wEd0zXtCgx4CKI6Vvt6heWCEiJ9wyw1sLpTJr4H8In236CUj1/r1qY9Gfa8n9NA0J9XCpcwSCEWGRKQNicoQIpnp5txrgzaUq4r6qBKHmImYXmSTVnDZ9dJLRYNu2lDvBtTXP4ztlR6Lpxs873fPg51qgaX9rRVMMo/gGjq8fOFWsDVaJZab9VY3hZYNCKIbWFqo4GKyCQs9Xfzr2AUACm09HWiYMTefwEypOzvUb4z+LF2B/0c5XmghLF/TOzLVgDXzAgWMH4mCnPh9EDLHTtoJaGNURler9VRV8yQyLH6oK9UpHZovCFs7HpFN+WPv2QVFfkK8aHg7tnklFsT78z154bjuspiEI/fFGmTxoQUGufmHlRy/9GQDusgNfe24ZEB2hHBVjKv29XdIfvFAhoPVpA6+O/N3feSlmVISaU+8QraVQEf/TuQjopDUWpJTmqSxKvQSTPwcyWDy6NtcJ85bGAu6jSUGC3ouH4Rb2Q== cardno:000609618602"
+      (builtins.readFile ../../static/keys/my_pub.asc)
     ];
   };
   users.defaultUserShell = pkgs.zsh;
@@ -37,7 +48,8 @@
 
   services.nextcloud-instance.enable = true;
   services.nextcloud-instance.ssl = false;
-  services.nextcloud-instance.instanceFQDN = "replace-me";
+  services.nextcloud-instance.adminPasswordFile = config.sops.secret.nextcloud-admin-pass.path;
+  services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;