Squash changes containing private information

[perso/Immae/Config/Nix.git] / flakes / private / ssh / ldap_authorized_keys.sh

diff --git a/modules/private/ssh/ldap_authorized_keys.sh b/flakes/private/ssh/ldap_authorized_keys.sh
similarity index 71%
rename from modules/private/ssh/ldap_authorized_keys.sh
rename to flakes/private/ssh/ldap_authorized_keys.sh
index 402f283d1c1101fbb1c9249fbe392d41ba5f3dc9..f4395be294caed399cc4e9982937ecd7ab08a5b3 100755 (executable)
--- a/modules/private/ssh/ldap_authorized_keys.sh
+++ b/flakes/private/ssh/ldap_authorized_keys.sh
@@ -4,8 +4,14 @@ LDAPSEARCH=ldapsearch
 KEY="immaeSshKey"
 LDAP_BIND="cn=ssh,ou=services,dc=immae,dc=eu"
 LDAP_PASS=$(cat /etc/ssh/ldap_password)
-LDAP_HOST="ldap.immae.eu"
+LDAP_HOST="ldap://ldap.immae.eu"
 LDAP_BASE="dc=immae,dc=eu"
+USER_LDAP_BASE="ou=users,dc=immae,dc=eu"
+
+PSQL_BASE="immae"
+PSQL_HOST="localhost"
+PSQL_USER="immae_auth_read"
+PSQL_PASS=$(cat /etc/ssh/psql_password)
 
 suitable_for() {
   type_for="$1"
@@ -41,7 +47,11 @@ clean_key_line() {
 }
 
 ldap_search() {
-  $LDAPSEARCH -h $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
+  $LDAPSEARCH -H $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
+}
+
+psql_search() {
+  PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "$@"
 }
 
 ldap_keys() {