catting out the password doesn't work

This commit is contained in:
Rouven Seifert 2023-02-15 14:47:14 +01:00
parent f04eb43459
commit 593c324210
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
3 changed files with 8 additions and 9 deletions

View file

@ -12,7 +12,7 @@ let
uris = ldap://localhost uris = ldap://localhost
dn = uid=search, ou=users, dc=ifsr, dc=de dn = uid=search, ou=users, dc=ifsr, dc=de
auth_bind = yes auth_bind = yes
dnpass = $(${pkgs.coreutils}/bin/cat ${config.sops.secrets."dovecot_ldap_search".path}) !include ${config.sops.secrets."dovecot_ldap_search".path}
ldap_version = 3 ldap_version = 3
scope = subtree scope = subtree
@ -23,10 +23,7 @@ let
in in
{ {
sops.secrets."rspamd-password".owner = config.users.users.rspamd.name; sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
sops.secrets."dovecot_ldap_search" = { sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user;
key = "portunus_search";
owner = config.services.dovecot2.user;
};
networking.firewall.allowedTCPPorts = [ 25 465 993 ]; networking.firewall.allowedTCPPorts = [ 25 465 993 ];

View file

@ -7,6 +7,7 @@ wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str] portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str]
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str] portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str]
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str] rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
mediawiki: mediawiki:
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
@ -27,8 +28,8 @@ sops:
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA== KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-15T12:48:59Z" lastmodified: "2023-02-15T13:46:06Z"
mac: ENC[AES256_GCM,data:/nq6sIXpi7wMaDCwwn+mfBvYnXXZVbt/rsPaGXZbYUpxP8gKIaMC6HLDwo2QefGnMbHTWcYaqjcJYycnWkpcqSLX2MX56IT99pwhbj4W7MDewd3LzUJblnmO/8Mwhg+inIeNIuSoyaNSHrJ8lT5G+TCv+NDyXpArQ/lTe1srzNM=,iv:K5T7nIonZiBbTrtOkcH+QydCyccnoobIaocYoaMN5I4=,tag:k9vu3Jo/HCVx/jET1e1AQw==,type:str] mac: ENC[AES256_GCM,data:AuG/oG376AuFor8Or6jN0KIPy3X8eS9N71MlvN3IrTqSCBfWvNcBaJ7Vi5wnVhgI3K5JaPrEJXnJ3firxzU2Y+NTiRqXy1HJWKnZTMSBffF2I7RoBheIOOaRcCPJlnOJREowMwYiHu4vlbeXydSLA2gtOImDln6Ye6BedAC2y1s=,iv:jTHjWztw3zQ5zOj1CMNY2knwJxj+//6EGqrVPCRcU5I=,tag:qA9Au5nIg2lC0bU7ue2sDw==,type:str]
pgp: pgp:
- created_at: "2022-11-18T16:37:48Z" - created_at: "2022-11-18T16:37:48Z"
enc: | enc: |

View file

@ -7,6 +7,7 @@ hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str] portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str]
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str] portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str]
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str] rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
mediawiki: mediawiki:
postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str] postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
@ -27,8 +28,8 @@ sops:
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ== ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-15T12:50:23Z" lastmodified: "2023-02-15T13:46:33Z"
mac: ENC[AES256_GCM,data:p7vAaxF7NiEhMqdck3nnasqFw8YlmIyL21ch0RBUXZxM/KKaM+YOY6s1YDgcqsg/zJHzo5o/rYiT+bwWfg+wnzFTFfT7Y1+7yIW/hdUhILTlEBvtw5xFamzAHwRs5GXgJb2PCf5OWMcgnzyfxoNzN4q8r80C1Dyo5SoL3YQ/zx4=,iv:qpeDUQxi9vhl0Y6wrmATlm5XWIMaEBNif33zBqWJtDQ=,tag:tqn24X1AVNMVGscuSh6h9g==,type:str] mac: ENC[AES256_GCM,data:QYDbs8aAnb6ecnftHEJfW8HziCHTVyV9aT0TacHAxUCa4DV1XTxtbe/3D8M9cNbkLC7IAUKV9qWJ1OqwFB1YMoNGzEU12qosIG/GAtl6wL2jzeiHtU9OsmXV+Ogk/IcceyDnZlRXFTgu8knZUJJgviLb6Bfwkq2nz8Sxfu8akZc=,iv:gPSQQG74OjmDrjxaatzIY/r7QvmEROOsBPxwO9YToZM=,tag:bJJl/QZOUhGDLlxzxihsNQ==,type:str]
pgp: pgp:
- created_at: "2022-11-18T16:37:58Z" - created_at: "2022-11-18T16:37:58Z"
enc: | enc: |