X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Fquatresaisons%2Fdatabases.nix;h=f7b27e0911bcf342c1f24b89321ddfabe054de61;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=3491ae4fccdcb4b28e530c7f59ba73901280ebfc;hpb=75489e72e379af8aeac64bc4967717d9ae776ff0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/quatresaisons/databases.nix b/modules/private/system/quatresaisons/databases.nix
index 3491ae4..f7b27e0 100644
--- a/modules/private/system/quatresaisons/databases.nix
+++ b/modules/private/system/quatresaisons/databases.nix
@@ -2,20 +2,21 @@
 {
   config = let
     serverSpecificConfig = config.myEnv.serverSpecific.quatresaisons;
-    phpLdapAdmin = pkgs.webapps.phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
+    phpLdapAdmin = pkgs.webapps.phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
   in {
     services.postgresql.enable = true;
     services.postgresql.package = pkgs.postgresql_12;
-    secrets.keys = [
-      {
-        dest = "ldap/password";
+    services.postgresql.ensureUsers = [
+      { name = "naemon"; }
+    ];
+    secrets.keys = {
+      "ldap/password" = {
         permissions = "0400";
         user = "openldap";
         group = "openldap";
         text = "rootpw      ${serverSpecificConfig.ldap_root_pw}";
-      }
-      {
-        dest = "webapps/tools-ldap";
+      };
+      "webapps/tools-ldap" = {
         user = "wwwrun";
         group = "wwwrun";
         permissions = "0400";
@@ -39,8 +40,8 @@
           $servers->setValue('login','attr','uid');
           $servers->setValue('login','fallback_dn',true);
         '';
-      }
-    ];
+      };
+    };
 
     users.users.openldap.extraGroups = [ "keys" ];
     services.openldap = {
@@ -91,7 +92,7 @@
           by anonymous auth
           by * break
       '';
-      rootpwFile = "${config.secrets.location}/ldap/password";
+      rootpwFile = config.secrets.fullPaths."ldap/password";
       suffix = "dc=salle-s,dc=org";
       rootdn = "cn=root,dc=salle-s,dc=org";
       database = "hdb";
@@ -117,7 +118,7 @@
       group = "wwwrun";
       settings =
         let
-          basedir = builtins.concatStringsSep ":" [ phpLdapAdmin "/var/secrets/webapps/tools-ldap" ];
+          basedir = builtins.concatStringsSep ":" [ phpLdapAdmin config.secrets.fullPaths."webapps/tools-ldap" ];
         in {
           "listen.owner" = "wwwrun";
           "listen.group" = "wwwrun";