From 02a8ffeb103ebc69d7feca3de871d739be642edb Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Wed, 6 May 2026 02:24:26 +0200
Subject: [PATCH] Fix db password

---
 modules/server/containers/defs/authentik.nix | 4 +++-
 modules/server/database/default.nix          | 2 +-
 modules/server/sops/server.yaml              | 6 +++---
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/modules/server/containers/defs/authentik.nix b/modules/server/containers/defs/authentik.nix
index 2a9e62c..4895886 100644
--- a/modules/server/containers/defs/authentik.nix
+++ b/modules/server/containers/defs/authentik.nix
@@ -54,11 +54,13 @@ in {
         "${serverCfg.dataPath}/authentik/templates:/templates"
         "/var/run/docker.sock:/var/run/docker.sock"
       ];
+      environmentFiles = [
+        config.sops.secrets."authentik_db_env".path
+      ];
       environment = {
         "AUTHENTIK_POSTGRESQL__HOST" = "host.internal";
         "AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
         "AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
-        "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
         "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
       };
       cmd = [ "worker" ];
diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix
index 20370cb..3d03418 100644
--- a/modules/server/database/default.nix
+++ b/modules/server/database/default.nix
@@ -61,7 +61,7 @@ in {
           $PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
           
           if [ -f "${config.sops.secrets."${name}_pass".path}" ]; then
-            PASS=$(cat "${config.sops.secrets."${name}_pass".path}")
+            PASS=''$(cut -d'=' -f2- "${config.sops.secrets."${name}_pass".path}")
             $PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';"
           fi
         '') allApps}
diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml
index ab858cb..0063dcb 100644
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -1,5 +1,5 @@
 INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
-authentik_pass: ENC[AES256_GCM,data:XSDo,iv:zQBeB1krwKXbVx5r/WGHAkn3p2FrHUUf6vRaZK+jm60=,tag:pOYdYUNOEQVoGdt3Tr+J6Q==,type:str]
+authentik_pass: ENC[AES256_GCM,data:5obiSGKSJcXxrxB45KA9ITNMKLjwP6612JSJrWHCeAMhag==,iv:dN6i1f6z/cT7M/YFz6vgg3ZOiShIBOed9Djn9QdzhgA=,tag:dNmQJEb8QqmWxvqJgmgVnA==,type:str]
 sops:
     age:
         - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
@@ -20,8 +20,8 @@ sops:
             S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
             d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-05T23:51:03Z"
-    mac: ENC[AES256_GCM,data:PLQbjWWbVWoyKjuEQq1Qo1e6ZbuQFZDa8TiUqciBK6jHn+T/bo5QfjaduoOrdvBd3VYAoU5gBo54VH1zblRJwPoN13Z5FuBiWZxRnLJGDmEif4wuZ3oYEls13H63oE+xq0M7rmZ/0IZ+tkPTVmxdn1u6fBArpAjI1wXwy/aU9C4=,iv:9dgFpxZdwf4J6ZDlPo3SylZw9p1Nua/aWNx8qZu4Lzc=,tag:2d3LqLO8xgSEIwMxMBIAbg==,type:str]
+    lastmodified: "2026-05-06T00:22:30Z"
+    mac: ENC[AES256_GCM,data:Irpt5adS904hbzw1eeQ5aedLd0CRSd3fAsvDhpyCNOgUNv08sZlreak0Ko4vpA/Toz8UsH+5HBPlIJxEm0EfeBADUH7UaNSYb4uJtFttksMPxtJ6cF9eDNSAGomEmXPV5bo//81o8ZQdXLECHX8ZsqdBBLYJV2EXxwicz6Br/00=,iv:hyH7zFV0vbxd3h4dEhuEQsDtJ54wK+fnVmBEuyQApfI=,tag:ZjnXoUMghjL3iwE4VPSEkA==,type:str]
     pgp:
         - created_at: "2026-05-05T23:46:27Z"
           enc: |-