]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/system/quatresaisons.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bump Nextcloud to latest version
[perso/Immae/Config/Nix.git] / modules / private / system / quatresaisons.nix
diff --git a/modules/private/system/quatresaisons.nix b/modules/private/system/quatresaisons.nix
index 01486501760704c6a6ef073a44969bbf228b4f86..82db70ff0d1c7a97e50e7b98b779625b98aad8d8 100644 (file)
--- a/modules/private/system/quatresaisons.nix
+++ b/modules/private/system/quatresaisons.nix
@@ -53,7 +53,7 @@ let
       chmod go-rwx /var/lib/nixos/sponsored_users
       echo "$mygroup $1 $2" >> /var/lib/nixos/sponsored_users
       (${pkgs.openldap}/bin/ldapadd -c -D cn=root,dc=salle-s,dc=org \
-        -y /var/secrets/ldap/sync_password 2>/dev/null >/dev/null || true) <<EOF
+        -y ${config.secrets.fullPaths."ldap/sync_password"} 2>/dev/null >/dev/null || true) <<EOF
     dn: uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org
     objectClass: inetOrgPerson
     cn: $1
@@ -74,7 +74,7 @@ let
         userdel -r "$1"
         sed -i -e "/^$mygroup $1/d" /var/lib/nixos/sponsored_users
         ${pkgs.openldap}/bin/ldapdelete -D cn=root,dc=salle-s,dc=org \
-          -y /var/secrets/ldap/sync_password \
+          -y ${config.secrets.fullPaths."ldap/sync_password"} \
           "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org"
         echo "deleted"
         exit 0
@@ -103,7 +103,7 @@ let
       if [ "$1" = "$mygroup" ]; then
         log "resets web password"
         ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \
-          -y /var/secrets/ldap/sync_password \
+          -y ${config.secrets.fullPaths."ldap/sync_password"} \
           -S "uid=$mygroup,ou=users,dc=salle-s,dc=org"
       else
         IFS=",";
@@ -111,7 +111,7 @@ let
         if [ "$u" = "$1" ]; then
           log "resets web password of $1"
           ${pkgs.openldap}/bin/ldappasswd -D cn=root,dc=salle-s,dc=org \
-            -y /var/secrets/ldap/sync_password \
+            -y ${config.secrets.fullPaths."ldap/sync_password"} \
             -S "uid=$1,uid=$mygroup,ou=users,dc=salle-s,dc=org"
           exit 0
         fi
@@ -221,10 +221,10 @@ in
     deps = [ "secrets" "users" ];
     text =
       let
-        com = "-D cn=root,dc=salle-s,dc=org -y /var/secrets/ldap/sync_password";
+        com = "-D cn=root,dc=salle-s,dc=org -y ${config.secrets.fullPaths."ldap/sync_password"}";
       in ''
       # Add users
-      ${pkgs.openldap}/bin/ldapadd -c ${com} -f /var/secrets/ldap/ldaptree.ldif 2>/dev/null >/dev/null || true
+      ${pkgs.openldap}/bin/ldapadd -c ${com} -f ${config.secrets.fullPaths."ldap/ldaptree.ldif"} 2>/dev/null >/dev/null || true
 
       # Remove obsolete users
       ${pkgs.openldap}/bin/ldapsearch -LLL ${com} -s one -b "ou=users,dc=salle-s,dc=org" "uid" |\
@@ -254,14 +254,12 @@ in
     '';
   };
 
-  secrets.keys = [
-    {
-      dest = "ldap/sync_password";
+  secrets.keys = {
+    "ldap/sync_password" = {
       permissions = "0400";
       text = serverSpecificConfig.ldap_sync_password;
-    }
-    {
-      dest = "ldap/ldaptree.ldif";
+    };
+    "ldap/ldaptree.ldif" = {
       permissions = "0400";
       text = serverSpecificConfig.ldap_service_users
         + (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''
@@ -272,8 +270,8 @@ in
         sn: ${n}
         uid: ${n}
       '') normalUsers));
-    }
-  ];
+    };
+  };
 
   myServices.monitoring.enable = true;
   myServices.certificates.enable = true;
My infrastructure configuration