From 742697c95318d3625298437995e948ee00a00ba5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 25 Apr 2019 02:18:59 +0200
Subject: Move ssh ftp and mpd to new secrets

---
 nixops/modules/ssh/default.nix | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'nixops/modules/ssh')

diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix
index 924f86e..ece4b9f 100644
--- a/nixops/modules/ssh/default.nix
+++ b/nixops/modules/ssh/default.nix
@@ -8,16 +8,15 @@
       AuthorizedKeysCommandUser nobody
       '';
 
-    deployment.keys = {
-      ssh-ldap = {
-        user = "nobody";
-        group = "nobody";
-        permissions = "0400";
-        text = myconfig.env.sshd.ldap.password;
-      };
-    };
+    mySecrets.keys = [{
+      dest = "ssh-ldap";
+      user = "nobody";
+      group = "nobody";
+      permissions = "0400";
+      text = myconfig.env.sshd.ldap.password;
+    }];
     system.activationScripts.sshd = ''
-      install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password
+      install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
       '';
     # ssh is strict about parent directory having correct rights, don't
     # move it in the nix store.
-- 
cgit v1.2.3