'';
};
- secrets.keys = [
- {
- dest = "postgresql/pam";
+ secrets.keys = {
+ "postgresql/pam" = {
permissions = "0400";
group = "postgres";
user = "postgres";
pam_filter ${filter}
ssl start_tls
'';
- }
- {
- dest = "postgresql/pam_replication";
+ };
+ "postgresql/pam_replication" = {
permissions = "0400";
group = "postgres";
user = "postgres";
pam_login_attribute cn
ssl start_tls
'';
- }
- ];
+ };
+ };
security.pam.services = let
pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";