fixing secrets for sogo
This commit is contained in:
parent
e37482ef0a
commit
c813f3ac83
|
@ -69,6 +69,7 @@
|
||||||
./modules/stream.nix
|
./modules/stream.nix
|
||||||
./modules/nextcloud.nix
|
./modules/nextcloud.nix
|
||||||
./modules/matrix.nix
|
./modules/matrix.nix
|
||||||
|
./modules/sogo.nix
|
||||||
{
|
{
|
||||||
fsr.enable_office_bloat = false;
|
fsr.enable_office_bloat = false;
|
||||||
fsr.domain = "staging.ifsr.de";
|
fsr.domain = "staging.ifsr.de";
|
||||||
|
@ -89,6 +90,7 @@
|
||||||
./modules/hedgedoc.nix
|
./modules/hedgedoc.nix
|
||||||
./modules/wiki.nix
|
./modules/wiki.nix
|
||||||
./modules/stream.nix
|
./modules/stream.nix
|
||||||
|
./modules/sogo.nix
|
||||||
./modules/vm.nix
|
./modules/vm.nix
|
||||||
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
|
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
|
||||||
{
|
{
|
||||||
|
|
|
@ -4,12 +4,10 @@ let
|
||||||
domain = config.fsr.domain;
|
domain = config.fsr.domain;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets.sogo_ldap_search = {
|
sops.secrets.ldap_search = {
|
||||||
key = "portunus_search";
|
owner = config.systemd.services.sogo.serviceConfig.User;
|
||||||
# owner = config.systemd.services keine Ahnung was hier hin soll
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
sogo = {
|
sogo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -22,7 +20,7 @@ in
|
||||||
UIDFieldName = uid;
|
UIDFieldName = uid;
|
||||||
baseDN = "ou = users, dc=ifsr, dc=de";
|
baseDN = "ou = users, dc=ifsr, dc=de";
|
||||||
bindDN = "uid=search, ou=users, dc=ifsr, dc=de";
|
bindDN = "uid=search, ou=users, dc=ifsr, dc=de";
|
||||||
bindPassword = ${config.sops.secrets.SOGo_ldap_search.path};
|
bindPassword = ${config.sops.secrets.ldap_search.path};
|
||||||
hostname = "ldap://localhost";
|
hostname = "ldap://localhost";
|
||||||
canAuthenticate = YES;
|
canAuthenticate = YES;
|
||||||
id = directory;
|
id = directory;
|
||||||
|
|
|
@ -7,6 +7,7 @@ wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0
|
||||||
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
|
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
|
||||||
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str]
|
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str]
|
||||||
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str]
|
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str]
|
||||||
|
ldap_search: ENC[AES256_GCM,data:Cac6zyp294qOoXdLdy42OnotMnG779Lhz05lvJaSEok=,iv:otxPTEL5ZKOiqIU16jxn1wmKmadc1Ni8TcZLxa/TrzM=,tag:YoaIngjZEUTdGjIDA1gq6g==,type:str]
|
||||||
dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str]
|
dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str]
|
||||||
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
|
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
|
||||||
mediawiki:
|
mediawiki:
|
||||||
|
@ -28,8 +29,8 @@ sops:
|
||||||
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
|
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
|
||||||
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
|
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-02-15T13:46:06Z"
|
lastmodified: "2023-04-03T21:11:07Z"
|
||||||
mac: ENC[AES256_GCM,data:AuG/oG376AuFor8Or6jN0KIPy3X8eS9N71MlvN3IrTqSCBfWvNcBaJ7Vi5wnVhgI3K5JaPrEJXnJ3firxzU2Y+NTiRqXy1HJWKnZTMSBffF2I7RoBheIOOaRcCPJlnOJREowMwYiHu4vlbeXydSLA2gtOImDln6Ye6BedAC2y1s=,iv:jTHjWztw3zQ5zOj1CMNY2knwJxj+//6EGqrVPCRcU5I=,tag:qA9Au5nIg2lC0bU7ue2sDw==,type:str]
|
mac: ENC[AES256_GCM,data:rRaRGEZ0OSuABW2Fh2bKIt9eu8XQf+fHGFYhYzENwl46KErNAtRuw1Zphx1xOBh6hTFcpfc2IzbuLlBtLN7SyL0Z7az2ze/ds1I8cnz08Q9sv/BgrcF6zYOdvd1XetwuQsGPIxKvi3FDr/KBET5DbXGS2TOw58VgeurUMAiuXU0=,iv:dfsXrOYHwmfvg9UtTPLtpgV/PaFOlzgEMNliwgzePww=,tag:vRvupS+FtwaaQvaKFyHGAA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-11-18T16:37:48Z"
|
- created_at: "2022-11-18T16:37:48Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
@ -7,6 +7,7 @@ hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv
|
||||||
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
|
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
|
||||||
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str]
|
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str]
|
||||||
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str]
|
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str]
|
||||||
|
ldap_search: ENC[AES256_GCM,data:HJvh/fKhMK4C2Xs=,iv:nCqgJ6XPwLdbhGe0uJRksQS6G07bDO+x+R/XKtURf3Y=,tag:0Y3Dblfu2Tv2MtTytXLubw==,type:str]
|
||||||
dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str]
|
dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str]
|
||||||
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
|
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
|
||||||
mediawiki:
|
mediawiki:
|
||||||
|
@ -28,8 +29,8 @@ sops:
|
||||||
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
|
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
|
||||||
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
|
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-02-15T13:46:33Z"
|
lastmodified: "2023-04-03T21:11:24Z"
|
||||||
mac: ENC[AES256_GCM,data:QYDbs8aAnb6ecnftHEJfW8HziCHTVyV9aT0TacHAxUCa4DV1XTxtbe/3D8M9cNbkLC7IAUKV9qWJ1OqwFB1YMoNGzEU12qosIG/GAtl6wL2jzeiHtU9OsmXV+Ogk/IcceyDnZlRXFTgu8knZUJJgviLb6Bfwkq2nz8Sxfu8akZc=,iv:gPSQQG74OjmDrjxaatzIY/r7QvmEROOsBPxwO9YToZM=,tag:bJJl/QZOUhGDLlxzxihsNQ==,type:str]
|
mac: ENC[AES256_GCM,data:SheawpXSXX7pWeGwpZkQa4deAI9tdq4hb/Ms2L5TrjimD3CFA+tBGnwZZat7VR/4UQ+8AsReShZwYZR9vhP90NAjlODjaL3GU3bo5+WGT0jfLyEdPmmSnQsv8n2jipKWPZLb6GNBLYNF06p43KyKi7Vl7ie2KSDt6BonZqEo89Q=,iv:Z45sHZv/eIfBf7uE8Vyv7mRdsrdJPj13EoKrSKjW8C0=,tag:PfWEUmLtC6t1gKXJj8y/+Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-11-18T16:37:58Z"
|
- created_at: "2022-11-18T16:37:58Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in a new issue