From 67a0d1b8bf66bf0a97a891090e95a23ccc327811 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Sun, 21 May 2023 00:19:20 +0100
Subject: [PATCH] fix: had to give the file the right permissions

Also need to restart openlpad.service on password change
---
 applications/ldap.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/applications/ldap.nix b/applications/ldap.nix
index abff1f1..fafe542 100644
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@@ -45,8 +45,15 @@ Gonna use a priper nixos module for this
   config = mkIf cfg.enable {
     # this is athe actual configuration that we need to do
 
-    # im poort in teh secrets for this
-    age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
+    # after changing teh password openldap.service has to be restarted
+    age.secrets.ldap_pw = {
+      file = ../secrets/ldap/pw.age;
+      mode = "440";
+      owner = "openldap";
+      group = "openldap";
+    };
+
+    # openldap
     age.secrets.ldap_self_service.file = ../secrets/ldap/self_service.age;
 
     skynet_dns.records.cname = [