gerd.lldap: renamed user-pass to admin-user-pass and added bind-user-pass

2024-08-10 19:23:17 +02:00 · 2024-08-10 19:23:17 +02:00 · 17fb88a8b4
commit 17fb88a8b4
parent 3c808fa3a7
6 changed files with 16 additions and 7 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,3 +1,5 @@
+{ config, ... }:
+
 {
  age.secrets = {
    # authelia
@ -6,13 +8,19 @@
    authelia-session.file = ./authelia/session.age;
    authelia-oidc-issuer-privatekey-pem.file = ./authelia/oidc-issuer-privatekey-pem.age;
    authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age;
-    authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age;

    # lldap
-    lldap-user-pass.file = ./lldap/user-pass.age;
+    lldap-admin-user-pass.file = ./lldap/admin-user-pass.age;
+    lldap-bind-user-pass = {
+      file = ./lldap/bind-user-pass.age;
+      group = "secrets-lldap-bind-user-pass";
+      mode = "0440";
+    };

    # mumble
    murmur-env.file = ./murmur/env.age;
    murmur-superpassword.file = ./murmur/superpassword.age;
  };
+
+  users.groups.secrets-lldap-bind-user-pass = {};
 }
--- a/secrets/lldap/admin-user-pass.age
+++ b/secrets/lldap/admin-user-pass.age
--- a/secrets/authelia/lldap-bind-user-pass.age
+++ b/secrets/authelia/lldap-bind-user-pass.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -16,10 +16,10 @@ in
  "authelia/session.age".publicKeys = defaultAccess;
  "authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess;
  "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
-  "authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess;

  # lldap
-  "lldap/user-pass.age".publicKeys = defaultAccess;
+  "lldap/admin-user-pass.age".publicKeys = defaultAccess;
+  "lldap/bind-user-pass.age".publicKeys = defaultAccess;

  # mumble
  "murmur/env.age".publicKeys = defaultAccess;