Move ldap keys to secure location

Related issue: https://git.immae.eu/mantisbt/view.php?id=122

diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 307af084988ea880218346d67e5397a7aea1b3fb..f820c83ceb04c5a301ae7fd0522d6a13d998309e 100644 (file)
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -229,6 +229,24 @@ in
     services.myWebsites.TellesFlorian.integration.enable = true;
     services.myWebsites.Florian.integration.enable = true;
 
+    deployment.keys.apache-ldap = {
+      user = "wwwrun";
+      group = "wwwrun";
+      permissions = "0700";
+      text = ''
+        <Macro LDAPConnect>
+          <IfModule authnz_ldap_module>
+            AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
+            AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
+            AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
+            AuthType             Basic
+            AuthName             "Authentification requise (Acces LDAP)"
+            AuthBasicProvider    ldap
+          </IfModule>
+        </Macro>
+        '';
+    };
+
     services.myWebsites.apacheConfig = {
       gzip = {
         modules = [ "deflate" "filter" ];
@@ -266,16 +284,7 @@ in
             LDAPOpCacheTTL 600
           </IfModule>
 
-          <Macro LDAPConnect>
-            <IfModule authnz_ldap_module>
-              AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
-              AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
-              AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
-              AuthType             Basic
-              AuthName             "Authentification requise (Acces LDAP)"
-              AuthBasicProvider    ldap
-            </IfModule>
-          </Macro>
+          Include /run/keys/apache-ldap
         '';
       };
       global = {