From 563d13e115a44815fee97d48db6d390297e82826 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 12 Sep 2023 12:05:38 +0100 Subject: [PATCH] feat: updated whats fed into different modules --- applications/ldap/backend.nix | 11 ++++------- secrets/email/details.age | 20 ++++++++++++++++++++ secrets/ldap/details.age | Bin 0 -> 1240 bytes secrets/ldap/self_service.age | Bin 1137 -> 0 bytes secrets/secrets.nix | 6 +++++- 5 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 secrets/email/details.age create mode 100644 secrets/ldap/details.age delete mode 100644 secrets/ldap/self_service.age diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index b5baf68..5c89933 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -47,8 +47,9 @@ #backups = [ "/etc/silver_ul_ical/database.db" ]; - age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; + age.secrets.ldap_details.file = ../../secrets/ldap/details.age; age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; + age.secrets.ldap_mail.file = ../../secrets/email/details.age; skynet_acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" @@ -76,13 +77,9 @@ # contains teh password in env form env = { - ldap = config.age.secrets.ldap_self_service.path; + ldap = config.age.secrets.ldap_details.path; discord = config.age.secrets.ldap_discord.path; - }; - - ldap = { - host = "ldaps://account.skynet.ie"; - admin = "uid=ldap_api,ou=users,dc=skynet,dc=ie"; + mail = config.age.secrets.ldap_mail.path; }; users = { diff --git a/secrets/email/details.age b/secrets/email/details.age new file mode 100644 index 0000000..069b549 --- /dev/null +++ b/secrets/email/details.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA j8XFmU0Z3BjgqNCkfkGFxSt1gAxxVr9iFGHXt/1iCk4 +g7iomVI50B+gDqUv5lmUufqGEUpcSqq9R1MiJsuhMMI +-> ssh-ed25519 rIwlvw SYh2UV1EZynbMviPYw2kxw80zJuSggxbFlAQjH+UBgE +RWUQGKaeVaVSZ6hD4kUFL7YnSOvxyOXM1Ox3fKRcJ+c +-> ssh-ed25519 q8eJgg uxyqTwxrafvZQ/HfUQ2Edmlr+8ogl2/3AuSQrhXrdSc +vtvcIrznaBxURp04vFnbK9Ub60DqOKExOjMQO7sQJfc +-> ssh-ed25519 IzAMqA 9B3XvLvFKHumwsfxIsNLBPWS3bnpmvwJJjsx+bZ3wEc +uIf1IEAh2Antx1hlllo5+VmGHqln1AEwe94ZIukSDGU +-> ssh-ed25519 uZzB3g IAL5COq6aK1S1Gc7iY8llTguXLeYHw1b527Qw5XvGV8 +lGdO2P4y9KEvo0D+JIeA8bvDrDpJo1BV8llAlVCkYR4 +-> ssh-ed25519 Hb0ipQ 35nXPma9JeM8TCGJcNbYJxm9bIyoxVp3D6KLoJf4N3A +JfSNyOQ+76z6/0sYh2zgbYzhIeCeKU5Q+k0bFKHgo1o +-> ssh-ed25519 IzAMqA huVJf1RnhlZmG2+zgw1kcBDlQyj6AK3iuPe4+63dhDI +4pKzMmdTY9jc1it4V5T1QbIS46SE0ByJBIts9qBBwVQ +-> K~i#8-grease Cj3&8-; " +nr1dXH1Vn8mUXtGI +--- +23A15ysmDeSoUnTeKVIYouSDRjAp9uUbHPPVLM3U/8 +C4Hy{C$7,Ѥb3c@Pld0MI܄͙`'L'4_$,Qx +oG2>d[3, p}$m 83x'H~JO0\FT\ \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age new file mode 100644 index 0000000000000000000000000000000000000000..51b031c21d7e23cfbbdd7b40cfc4cbbaa1143c7e GIT binary patch literal 1240 zcmZY7{mT;t00(eG3tJcjRzy-$RJ3#5-EO#-EQ06CMDbMZQDJ&x9wgg zh!OHg`GSE^kyu18LK#I;6eU^+6=718nHBzEXbO=QB_+K;KRx{gAHFYLQ_tw*zMr_0 zfiu3}@l7ykd!gpDksU^9 zEC+f?wwz=QVqBk;P?8d?fdP`F3P=J=A&J?KU20NxAt)7Ory^dJ0EN;L+hHqR0SBe# zcnsA|MQg}xz6N0VwnEmz{zA>ebj~!>P6&Viln^{A84^4+vo3(=AUMyDQIFsiB|qq} zF~QDRFq_hps1!+_g=9xWuPw3=5Hvy7^w@wBqZY`~JTKv6lJ*g2p~lWiRj-uxd`rPV z87dSd%4h_%m=qdXj-?YT=3;S*<2c#G3uM2Z^i#CdC0y1;C=|gA&m5@&WkO`O>?CkS zp9B__Q-G69Ms7*UF95K^qDRha#aB5FgqM{j{1X1U#lHpkSxl*pi`c2vjXX7F_ zi`psQFa`<}D^Uxn$Mu1YU_+~_I}jRX3$fBBt%>3qK~n*M(L#;sK?7Gx`;4j)vx++H zO--nwlC;?>%!WxWVUP#|F@M+_8jQ>}MW~;uOhz;+b7U_M=c|Ok%|Oi+N2owT_8;*Mr+82W;+mgE|1~nbFECU$zZ#FSw`g%9eQzNz&D7tUjQ{z<`oRsVe>|?kpl*y#K;tXfX0zYh^ zHKgmJF$+7ST|vWA)i&&g&0#VX7n#_|o2mEix^Vlp_18DOxb*Ut>-T`)t+}#YEuX55 zv&&vNu;S8g`UC95Q!B+gSHJqi$#uui#=Cyl`zG<*3m2b#{N~f#Qhu>To<9h_Oxhp+ zwR)X*>g&&L<-q+vE@v+Olv%cE$@lYb-Fd1#@udbyRAG^Hg z!pfr;j_4Q>y86g%%SHMGeba^;u6?vITJugNIxOrs zf9RO}*q*)nf8F-wc_FPm4Nm@;zi;cJlMiiq=@)6k@Q{AT(XU?H`STZ#zJWe>Zppe^ xc9dTix4+-s=U>|#{(f@fiqngqzX~6Eaz0tL`_K7jT4y#6H(zqos}DcW{~NL-xl;fD literal 0 HcmV?d00001 diff --git a/secrets/ldap/self_service.age b/secrets/ldap/self_service.age deleted file mode 100644 index 20bf9a658b4a6bc4ec15a24b9f2468c7e80c03e2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1137 zcmZY6?Q7fw0LO8CQ75;7P|B<_Ft}oM*IS-0y+p8>TynkKLvv3_F4t1M+~sn~^^)e{ zlI9A&Sy4A+;0uL`?LbB6=6sq|x4o#K%qiPY*jk0njXJk6hcXINtQ70p`WJlo{(etbXEj0-)G}R1`dP(ku0dK#N7;9gzOfdHQZXa6&mGQrI-yljEYDd zy4#`JMGqCown1S*p{#(u+?|nJEvihZTQv(;QmP90(*ot2nv_O)&W|xt2{XA)Ha;D$ zxh1ZWL)#E5CYTtPFxU`D6vO3iu1K2RXeO6a(;NhQwjqb}NdrljAzsL6bOE;Q(d<@@ z?UGrG1Y%xQ3zV!Gw8U^bhw|ZkhNMe=PC)}6BEWR2=_V?uqj*Lwgt_slKx-BivK*K# zs#;AT5>>@I>AJ$wo}s|G4h3suHBbC+$xfw9p(>Db8$8bQ5;I14oh}PODvHBnNtdYT zctKAzO5{wV;x)%Q&1^_OGJ)L880E^?OhCnwGZF<8LRLyTU?+@|cDJ5OHRY1$@zB<` zqzq}(c_43y1;c9DwywY$!Fd>;7ac*xq#QAYgZT;e;nCnNxLe5lHWB%vyc znC_W8m_|`mF2up2G~CX|XsU(AJu*mdeuBn00%UZq6N3yTk#Z!{>dFjKuU6SmISJts z(h?PMw2{@QdMFZ!0RAY_CX$7$lBfxyN-&#EA}gA4J`7h3#Nw=BL*ya2m^7VG|6jAr zu?G*m{m+#jGK*jB?qBU4Jno3K@r{d@_4H@|-8@Lh0jes#VX zNlZ_s_6h7Z?$FiDpCEk!*>mv70pi*-yCxp~?ar+wagbR#v19Skx$|H4c%MIh^rO}O zzkh$}YHB{b>;Bl>dv|)x=gw|BcjU(Y2S#=j-~IH9<>mB1&;FCq#gD(;a{yhDHfDc0 zw_4~qdF;~rr^ny88R<(sbg_64N7i;<4&Pq>WZ=m&OB)MMfB#B+b@`jQ?JU^n(XEyB z%ZKm1`C*?Vu^pcitWtpM3f5&Yw(yeDS-Z_g=X0*~sb>_tmeRq4$-N u%QO0VW%hLAx-0xq{?&hK;d*HCtzIU1{IL@Ydm-f(^2qDwN0!cRU;7v4&!V*e diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1d84f6d..4639eb7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -113,7 +113,8 @@ in # for ldap "ldap/pw.age".publicKeys = users ++ ldap; - "ldap/self_service.age".publicKeys = users ++ ldap; + # for use connectring to teh ldap + "ldap/details.age".publicKeys = users ++ ldap ++ discord; # everyone has access to this "backup/restic.age".publicKeys = users ++ systems; @@ -122,4 +123,7 @@ in # discord bot and discord "discord/ldap.age".publicKeys = users ++ ldap ++ discord; "discord/token.age".publicKeys = users ++ discord; + + # email stuff + "email/details.age".publicKeys = users ++ ldap ++ discord; } \ No newline at end of file