From 0c5991b85bab0ceaa1b5ec28c58b26588057ed0a Mon Sep 17 00:00:00 2001
From: cnst <adam@cnst.dev>
Date: Sun, 7 Sep 2025 16:02:14 +0200
Subject: [PATCH] fix(agenix/pihole): add ziggy to agenix pihole secret

---
 hosts/sobotka/server.nix                  | 1 +
 hosts/ziggy/server.nix                    | 1 +
 modules/nixos/services/agenix/default.nix | 5 +++++
 modules/server/podman/default.nix         | 3 ++-
 secrets/secrets.nix                       | 4 ++++
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hosts/sobotka/server.nix b/hosts/sobotka/server.nix
index 7ad89d89..9e9e7bda 100644
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -65,6 +65,7 @@
     };
     podman = {
       enable = true;
+      gluetun.enable = true;
       qbittorrent = {
         enable = true;
         port = 8080;
diff --git a/hosts/ziggy/server.nix b/hosts/ziggy/server.nix
index ae3818a6..b65a5d38 100644
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -50,6 +50,7 @@
     };
     podman = {
       enable = true;
+      gluetun.enable = false;
       qbittorrent = {
         enable = false;
         port = 8080;
diff --git a/modules/nixos/services/agenix/default.nix b/modules/nixos/services/agenix/default.nix
index f5cf44d9..7fb2a886 100644
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -77,6 +77,11 @@ in
           slskd.file = "${self}/secrets/slskd.age";
         };
       })
+      (mkIf cfg.ziggy.enable {
+        secrets = {
+          pihole.file = "${self}/secrets/pihole.age";
+        };
+      })
       (mkIf cfg.toothpc.enable {
         secrets = {
           # Add toothpc specific secrets here
diff --git a/modules/server/podman/default.nix b/modules/server/podman/default.nix
index 5ce0d0d3..684c35f6 100644
--- a/modules/server/podman/default.nix
+++ b/modules/server/podman/default.nix
@@ -10,6 +10,7 @@ in
 {
   options.server.podman = {
     enable = lib.mkEnableOption "Enables Podman";
+    gluetun.enable = lib.mkEnableOption "Enables gluetun";
     qbittorrent = {
       enable = lib.mkEnableOption "Enable qBittorrent";
       url = lib.mkOption {
@@ -152,7 +153,7 @@ in
     ];
 
     virtualisation.oci-containers.containers = lib.mkMerge [
-      (lib.mkIf cfg.enable {
+      (lib.mkIf cfg.gluetun.enable {
         gluetun = {
           image = "qmcgaw/gluetun";
           ports = [
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9f925410..a93958f9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -3,6 +3,8 @@ let
   kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
   usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
   rsobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWLTYWowtpGmGolmkCE7+l9jr5QEnDqRxoezNqAIe+j root@nixos";
+  uziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL8uBsJ3UL4+scqjEcyXYQOVlKziJk9YJ78YP6jCxq cnst@nixos";
+  rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
 in
 {
   "cnstssh.age".publicKeys = [
@@ -94,6 +96,8 @@ in
     kima
     usobotka
     rsobotka
+    uziggy
+    rziggy
   ];
   "slskd.age".publicKeys = [
     cnst