feat: opencloud test

modules/nixos/services/opencloud/default.nix

@@ -1,4 +1,4 @@
-{ flake, ... }:
+{ config, flake, ... }:
 let
   inherit (flake.config.machines.devices) ceres;
   inherit (flake.config.services.instances) opencloud web;
@@ -17,6 +17,7 @@ in
       environment = {
         OC_INSECURE = "false";
       };
+      environmentFile = config.sops.secrets."${service.name}-pass".path;
     };
     caddy = {
       virtualHosts = {
@@ -30,6 +31,29 @@ in
       };
     };
   };
+
+  sops =
+    let
+      sopsPath = secret: {
+        path = "${service.sops.path0}/${service.name}-${secret}";
+        owner = service.name;
+        mode = "600";
+      };
+    in
+    {
+      secrets = builtins.listToAttrs (
+        map
+          (secret: {
+            name = "${service.name}-${secret}";
+            value = sopsPath secret;
+          })
+          [
+            "smtp"
+            "database"
+          ]
+      );
+    };
+
   fileSystems."/var/lib/${service.name}" = {
     device = service.paths.path0;
     fsType = "none";