X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fdatabases%2Fopenldap.nix;h=542e209413a82c43158fc7cc7d75b6548933616a;hb=1a7188052f235fb632700478fad0108e4306107d;hp=7ed4bc090782dcdc4298d362c11ae8891d6bdc2f;hpb=e1da84b06c408ea5d4d093de39efdda71ad6dc95;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/databases/openldap.nix b/nixops/modules/databases/openldap.nix
index 7ed4bc0..542e209 100644
--- a/nixops/modules/databases/openldap.nix
+++ b/nixops/modules/databases/openldap.nix
@@ -29,7 +29,7 @@ let
       database        hdb
       suffix          "${myconfig.env.ldap.base}"
       rootdn          "${myconfig.env.ldap.root_dn}"
-      include         /run/keys/ldap/ldap-password
+      include         /var/secrets/ldap/password
       directory       /var/lib/openldap
       overlay         memberof
 
@@ -41,7 +41,7 @@ let
       #TLSCipherSuite        DEFAULT
 
       sasl-host kerberos.immae.eu
-      include /run/keys/ldap/ldap-access
+      include /var/secrets/ldap/access
       '';
 in {
   options.services.myDatabases = {
@@ -56,22 +56,22 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    deployment.keys = {
-      ldap-password = {
-        destDir = "/run/keys/ldap";
+    secrets.keys = [
+       {
+        dest = "ldap/password";
         permissions = "0400";
         user = "openldap";
         group = "openldap";
         text = "rootpw          ${myconfig.env.ldap.root_pw}";
-      };
-      ldap-access = {
-        destDir = "/run/keys/ldap";
+      }
+      {
+        dest = "ldap/access ";
         permissions = "0400";
         user = "openldap";
         group = "openldap";
         text = builtins.readFile "${myconfig.privateFiles}/ldap.conf";
-      };
-    };
+      }
+    ];
     users.users.openldap.extraGroups = [ "keys" ];
     networking.firewall.allowedTCPPorts = [ 636 389 ];