federez/nix
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

indico: update profile with age passwords

Browse source 
Signed-off-by: Jeltz <jeltz@federez.net>
This commit is contained in:
jeltz 2025-02-27 23:09:55 +01:00
parent cfc5775ba5
commit e47358876e
Signed by: jeltz
GPG key ID: 800882B66C0C3326
1 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

36
profiles/indico.nix
View file

@ -4,6 +4,7 @@
pkgs,
...
}:
{
imports = [
../modules/indico.nix
@ -11,6 +12,26 @@
networking.firewall.allowedTCPPorts = [ 80 443 ];
age.secrets = {
indico-ldap-bind-password = {
file = ../secrets/indico-ldap-bind-password.age;
owner = config.services.indico.user;
group = config.services.indico.group;
};
indico-mail-password = {
file = ../secrets/indico-mail-password.age;
owner = config.services.indico.user;
group = config.services.indico.group;
};
indico-secret-key = {
file = ../secrets/indico-secret-key.age;
owner = config.services.indico.user;
group = config.services.indico.group;
};
};
services.indico = {
enable = true;
nginx.domain = "events.federez.net";
@ -21,9 +42,20 @@
smtp = {
host = "dodecagon.federez.net";
login = "indico";
password = "xxx";
passwordFile = config.age.secrets.indico-mail-password.path;
};
};
secretKey = "lQsViT9292sIkObP9ptQADGJ16bk58n7"; # FIXME: dev only
ldap = {
uri = "ldaps://ldap.federez.net";
bindDN = "cn=indico,ou=service-users,dc=federez,dc=net";
bindPasswordFile = config.age.secrets.indico-ldap-bind-password.path;
userBaseDN = "cn=Utilisateurs,dc=federez,dc=net";
userFilter = "(objectClass=inetOrgPerson)";
groupBaseDN = "ou=posix,ou=groups,dc=federez,dc=net";
groupFilter = "(objectClass=posixGroup)";
memberOf = "manualMemberOf";
gid = "cn";
};
secretKeyFile = config.age.secrets.indico-secret-key.path;
};
}