From: Ismaƫl Bouya Date: Mon, 15 Apr 2019 10:30:08 +0000 (+0200) Subject: Move ldap keys to secure location X-Git-Tag: nur_publish~149 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=415bcd272a0cbd65494fbb245bd94f0420656044 Move ldap keys to secure location Related issue: https://git.immae.eu/mantisbt/view.php?id=122 --- diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 307af08..f820c83 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -229,6 +229,24 @@ in services.myWebsites.TellesFlorian.integration.enable = true; services.myWebsites.Florian.integration.enable = true; + deployment.keys.apache-ldap = { + user = "wwwrun"; + group = "wwwrun"; + permissions = "0700"; + text = '' + + + AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS + AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu + AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" + AuthType Basic + AuthName "Authentification requise (Acces LDAP)" + AuthBasicProvider ldap + + + ''; + }; + services.myWebsites.apacheConfig = { gzip = { modules = [ "deflate" "filter" ]; @@ -266,16 +284,7 @@ in LDAPOpCacheTTL 600 - - - AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS - AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu - AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" - AuthType Basic - AuthName "Authentification requise (Acces LDAP)" - AuthBasicProvider ldap - - + Include /run/keys/apache-ldap ''; }; global = {