X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fpostgresql.nix;h=a6c4cc998fdb138ccf53671992a916794b6eff95;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=d0b1a7569b8276d7aa8d3ba5b1c225905d2d03a9;hpb=5400b9b6f65451d41a9106fae6fc00f97d83f4ef;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/databases/postgresql.nix b/modules/private/databases/postgresql.nix
index d0b1a75..a6c4cc9 100644
--- a/modules/private/databases/postgresql.nix
+++ b/modules/private/databases/postgresql.nix
@@ -100,7 +100,6 @@ in {
     security.acme.certs."postgresql" = config.myServices.databasesCerts // {
       user = "postgres";
       group = "postgres";
-      plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
       domain = "db-1.immae.eu";
       postRun = ''
         systemctl reload postgresql.service
@@ -179,9 +178,8 @@ in {
       '';
     };
 
-    secrets.keys = [
-      {
-        dest = "postgresql/pam";
+    secrets.keys = {
+      "postgresql/pam" = {
         permissions = "0400";
         group = "postgres";
         user = "postgres";
@@ -193,9 +191,8 @@ in {
           pam_filter ${filter}
           ssl start_tls
         '';
-      }
-      {
-        dest = "postgresql/pam_replication";
+      };
+      "postgresql/pam_replication" = {
         permissions = "0400";
         group = "postgres";
         user = "postgres";
@@ -207,27 +204,25 @@ in {
           pam_login_attribute cn
           ssl start_tls
         '';
-      }
-    ];
+      };
+    };
 
     security.pam.services = let
       pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
-    in [
-      {
-        name = "postgresql";
+    in {
+      postgresql = {
         text = ''
-          auth    required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
-          account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
+          auth    required ${pam_ldap} config=${config.secrets.fullPaths."postgresql/pam"}
+          account required ${pam_ldap} config=${config.secrets.fullPaths."postgresql/pam"}
           '';
-      }
-      {
-        name = "postgresql_replication";
+      };
+      postgresql_replication = {
         text = ''
-          auth    required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
-          account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
+          auth    required ${pam_ldap} config=${config.secrets.fullPaths."postgresql/pam_replication"}
+          account required ${pam_ldap} config=${config.secrets.fullPaths."postgresql/pam_replication"}
           '';
-      }
-    ];
+      };
+    };
   };
 }