From d443dc59539c6a0e29b23353faeb42f53b59ae84 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sun, 27 Jul 2025 15:53:58 -0500
Subject: [PATCH] feat: added prompter

---
 modules/nixos/services/prompter/default.nix | 22 ++++++++-------------
 secrets/secrets.yaml                        |  6 +++---
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix
index 7a2393d..f822cf6 100644
--- a/modules/nixos/services/prompter/default.nix
+++ b/modules/nixos/services/prompter/default.nix
@@ -9,7 +9,7 @@ in
 {
   services = {
     caddy = {
-      environmentFile = config.sops.secrets."caddy/prompter-auth".path;
+      environmentFile = config.sops.secrets."caddy/${service.name}-auth".path;
 
       virtualHosts = {
         "${host}" = {
@@ -30,23 +30,17 @@ in
   sops =
     let
       sopsPath = secret: {
-        path = "${service.sops.path0}/${service.name}-${secret}";
-        owner = "root";
-        mode = "600";
+        path = "${service.sops.path0}/${service.name}-${secret}.env";
+        owner = "caddy";
+        mode = "0400";
       };
     in
     {
-      secrets = builtins.listToAttrs (
-        map
-          (secret: {
-            name = "caddy/${secret}";
-            value = sopsPath secret;
-          })
-          [
-            "${service.name}-auth"
-          ]
-      );
+      secrets = {
+        "caddy/${service.name}-auth" = sopsPath "auth";
+      };
     };
+
   systemd.tmpfiles.rules = [
     "Z ${service.paths.path0} 755 caddy caddy -"
     "Z ${service.sops.path0} 755 caddy caddy -"
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index a3599e7..608cb9e 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -50,7 +50,7 @@ firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R
 opencloud:
     env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str]
 caddy:
-    prompter-auth: ENC[AES256_GCM,data:xt+pov0PWr02uZOQy2Tm46gciPC2LYYEZYaDeNQG7x+s5CrHRPHSeAixEM1mUPdJwqyVAhPlty4YowKY4u4E4aewgvksGsNn588ILHYwbcZz/C5HrCJ1lyvbWoxYnk52ZqippCC13K/0Y9ts,iv:c4vjutvHKq8oH+GmPg4RrfTPDfHVjqyqlIRKzi9fQuU=,tag:nrn+2rp2HBGT8+BmwFJnQQ==,type:str]
+    prompter-auth: ENC[AES256_GCM,data:uEj6gruCfcIRoCQY9eNcOka+PAIIhAlKnI+ehZ88aZo90tINcxZ7ZvKqlTJr4rt5o+EO7rvRJcYH/s8/+piszFyxSa64Rtq5KdAjfHnRm0QM8q/2JIHnZsQC3fPz1S177WPs/c3Eydh4VeVe,iv:ZOru4ABFgIy9DoTlMl3InSf8zM1ERNpbRNLN6vy97Jc=,tag:5v3w7kvFQCEPBjchE8K0cw==,type:str]
 sops:
     age:
         - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@@ -62,7 +62,7 @@ sops:
             bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
             aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-27T20:27:11Z"
-    mac: ENC[AES256_GCM,data:oepiCj/jv4PZt3I4q8bVxQ+9Xg6HneKW4ylJw0wGRR1xlnME5v/QcQUgXfwvaKV4TkDy6pB15yaRFq0ZFuysddcFguvJd51GJZEy/rmlTDcenXAl9SM1FZb5kt/ToQxerLXbSMzmTTAB4zhFN6wWAFhilXJDGO+6A/uMM8pzee8=,iv:Y7gYV96znIV+NVXSUlG5vKN3HvYIKI4CIgeYR+uIkUg=,tag:djnKwSi7r1utpqJrIq+iTw==,type:str]
+    lastmodified: "2025-07-27T20:53:53Z"
+    mac: ENC[AES256_GCM,data:xXwsCvG/p0Mrn6NXuWX5gXBvB+9qXsU4S2d9BxByp9Ip2vdmRzbL7Y7rwEkH92bS7p+yPuPF8lVnuMEpTEnlI82cEsag7FaZEfiK2jsZr8iSKnN/nwthTfc9j3GeYyy4KziTyyvJZRv0D3KyeUsjHswgXoGPskrX9gKcLJOa76o=,iv:tt8WSHvGCK5XytyH55obHHrFEqPZex8kI/tynmG8CoY=,tag:qFhiTwq/npRsXVqqid6Dlg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2