fixing funny sogo sops problem

2023-05-12 15:17:22 +02:00 · 2023-05-12 15:17:22 +02:00 · 86a615bbf0
commit 86a615bbf0
parent 1e93c28e5a
6 changed files with 24 additions and 12 deletions
--- a/config/portunus_seeds.json
+++ b/config/portunus_seeds.json
@ -42,13 +42,13 @@
 			"login_name": "admin",
 			"given_name": "admin",
 			"family_name": "admin",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] }
+			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/users/search-password"] }
 		},
 		{
 			"login_name": "search",
 			"given_name": "search",
 			"family_name": "search",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_search"] }
+			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/users/search-password"] }
 		}
 	]
 }
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -79,7 +79,7 @@ in
      postgres_hedgedoc.owner = user;
      hedgedoc_session_secret.owner = user;
      hedgedoc_ldap_search = {
-        key = "portunus_search";
+        key = "portunus/users/search-password";
        owner = user;
      };
    };
--- a/modules/ldap.nix
+++ b/modules/ldap.nix
@ -63,7 +63,16 @@ in

      "${portunusGroup}" = {
        name = "${portunusGroup}";
-        members = [ "${portunusUser}" ];
+        members = [ 
+		"${portunusUser}" 
+		config.systemd.services."matrix-synapse".serviceConfig.User
+		config.systemd.services.sogo.serviceConfig.User
+		config.systemd.services.hedgedoc.serviceConfig.User
+		config.systemd.services.mailman.serviceConfig.User
+		config.systemd.services."mailman-web-setup".serviceConfig.User
+		config.systemd.services.hyperkitty.serviceConfig.User
+		config.systemd.services.nslcd.serviceConfig.User
+	];
      };
      "${ldapGroup}" = {
        name = "${ldapGroup}";
--- a/modules/mailman.nix
+++ b/modules/mailman.nix
@ -1,7 +1,7 @@
 { config, ... }:
 {
  sops.secrets.mailman_ldap_search = {
-    key = "portunus_search";
+    key = "portunus/users/search-password";
    owner = config.services.mailman.webUser;
  };
  services.mailman = {
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@ -25,7 +25,7 @@ let
 in
 {
  sops.secrets.matrix_ldap_search = {
-    key = "portunus_search";
+    key = "portunus/users/search-password";
    owner = config.systemd.services.matrix-synapse.serviceConfig.User;
  };

--- a/modules/sogo.nix
+++ b/modules/sogo.nix
@ -5,12 +5,15 @@ let
  pg-port = toString config.services.postgresql.port;
 in
 {
-  sops.secrets.ldap_search = {
+  sops.secrets = {
+    postgres_sogo = {
      owner = config.systemd.services.sogo.serviceConfig.User;
    };
-  sops.secrets.postgres_sogo = {
+    sogo_ldap_search = {
+      key = "portunus/users/search-password";
      owner = config.systemd.services.sogo.serviceConfig.User;
    };
+  };

  services = {
    sogo = {
@ -35,7 +38,7 @@ in
                OCSSessionsFolderURL = "postgresql://sogo:POSTGRES_PASSWORD@localhost:${pg-port}/sogo/sogo_sessions_folder";
      ''; # Hier ist bindPassword noch nicht vollständig
      configReplaces = {
-        "LDAP_SEARCH" = config.sops.secrets.ldap_search.path;
+        "LDAP_SEARCH" = config.sops.secrets.sogo_ldap_search.path;
        "POSTGRES_PASSWORD" = config.sops.secrets.postgres_sogo.path;
      };
      vhostName = "${sogo-hostname}";