Move ssh ldap password to a secure location

[perso/Immae/Config/Nix.git] / nixops / modules / ssh / ldap_authorized_keys.sh

diff --git a/nixops/modules/ssh/ldap_authorized_keys.sh b/nixops/modules/ssh/ldap_authorized_keys.sh
index d869d74a063b9dcb076ef0af8e53a04eea0d5234..d556452d86d44d6690376551ce94d7158a9eee23 100755 (executable)
--- a/nixops/modules/ssh/ldap_authorized_keys.sh
+++ b/nixops/modules/ssh/ldap_authorized_keys.sh
@@ -3,13 +3,15 @@
 LDAPSEARCH=ldapsearch
 KEY="immaeSshKey"
 LDAP_BIND="cn=ssh,ou=services,dc=immae,dc=eu"
-#LDAP_PASS="password taken from environment"
+LDAP_PASS=$(cat /etc/ssh/ldap_password)
 LDAP_HOST="ldap.immae.eu"
 LDAP_MEMBER="cn=users,cn=ssh,ou=services,dc=immae,dc=eu"
 LDAP_GITOLITE_MEMBER="cn=users,cn=gitolite,ou=services,dc=immae,dc=eu"
 LDAP_PUB_RESTRICT_MEMBER="cn=restrict,cn=pub,ou=services,dc=immae,dc=eu"
 LDAP_PUB_FORWARD_MEMBER="cn=forward,cn=pub,ou=services,dc=immae,dc=eu"
 LDAP_BASE="dc=immae,dc=eu"
+GITOLITE_SHELL=$(which gitolite-shell)
+ECHO=$(which echo)
 
 suitable_for() {
   type_for="$1"