modules: Extract modules for nextcloud and sops

I had to do this in one setp, because nextcloud requires sops, and without
having sops input on all configurations, those that did not have the input
would fail building.

modules/nixos/default.nix

@@ -16,7 +16,9 @@ in {
     ./monitoring
     ./my-user
     ./networking
+    ./nextcloud
     ./nix
+    ./sops
     ./sound
     ./ssh-access
   ];

modules/nixos/nextcloud/default.nix

@@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.my.modules.nextcloud;
+in {
+  options.my.modules.nextcloud = {
+    enable = lib.mkEnableOption "nextcloud";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops.secrets.nextcloud-admin-pass = {
+      owner = "nextcloud";
+    };
+
+    services.nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud29;
+      hostName = "nextcloud.ritter.family";
+      config = {
+        adminpassFile = config.sops.secrets.nextcloud-admin-pass.path;
+      };
+      extraApps = {
+        inherit (config.services.nextcloud.package.packages.apps) bookmarks calendar contacts cookbook deck memories richdocuments;
+        news = pkgs.fetchNextcloudApp {
+          url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz";
+          sha256 = "sha256-XNGjf7SWgJYFdVNOh3ED0jxSG0GJwWImVQq4cJT1Lo4=";
+          license = "agpl3Plus";
+        };
+      };
+      extraAppsEnable = true;
+    };
+
+    networking = {
+      firewall = {
+        allowedTCPPorts = [80 443];
+      };
+    };
+  };
+}

modules/nixos/sops/default.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: let
+  cfg = config.my.modules.sops;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  options.my.modules.sops = {
+    enable = lib.mkEnableOption "sops";
+    sopsFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops.defaultSopsFile = cfg.sopsFile;
+    # This will automatically import SSH keys as age keys
+    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+  };
+}

systems/x86_64-linux/cyberoffice/configuration.nix

@@ -1,12 +1,6 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}: {
+{...}: {
   imports = [
     ../../../modules/nixos
-    inputs.sops-nix.nixosModules.sops
   ];
 
   my = {
@@ -20,44 +14,18 @@
         enable = true;
         disk = "/dev/sda";
       };
+      sops = {
+        enable = true;
+        sopsFile = ./secrets.yaml;
+      };
+      nextcloud.enable = true;
     };
   };
 
   # TODO extract into a VM module
   boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
   services.qemuGuest.enable = true;
 
-  networking = {
-    firewall = {
-      allowedTCPPorts = [80 443];
-    };
-  };
-
-  sops.defaultSopsFile = ./secrets.yaml;
-  # This will automatically import SSH keys as age keys
-  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-  sops.secrets.nextcloud-admin-pass = {
-    owner = "nextcloud";
-  };
-
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud29;
-    hostName = "nextcloud.ritter.family";
-    config = {
-      adminpassFile = config.sops.secrets.nextcloud-admin-pass.path;
-    };
-    extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps) bookmarks calendar contacts cookbook deck memories richdocuments;
-      news = pkgs.fetchNextcloudApp {
-        url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz";
-        sha256 = "sha256-XNGjf7SWgJYFdVNOh3ED0jxSG0GJwWImVQq4cJT1Lo4=";
-        license = "agpl3Plus";
-      };
-    };
-    extraAppsEnable = true;
-  };
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave