Migrate prod cluster secrets to new format

1 files changed, 58 insertions, 0 deletions

diff --git a/cluster/prod/app/email/secrets.toml b/cluster/prod/app/email/secrets.toml
new file mode 100644
index 0000000..4efee49
--- /dev/null
+++ b/cluster/prod/app/email/secrets.toml
@@ -0,0 +1,58 @@
+# ---- POSTFIX ----
+
+[secrets."email/postfix/postfix.key"]
+type = 'SSL_KEY'
+name = 'postfix'
+
+[secrets."email/postfix/postfix.crt"]
+type = 'SSL_CERT'
+name = 'postfix'
+cert_domains = "['deuxfleurs.fr']"
+
+[secrets."email/dkim/smtp.private"]
+type = 'RSA_PRIVATE_KEY'
+name = 'dkim'
+
+# ---- DOVECOT ----
+
+[service_users."dovecot"]
+dn_secret = "email/dovecot/ldap_binddn"
+password_secret = "email/dovecot/ldap_bindpwd"
+
+
+[secrets."email/dovecot/dovecot.key"]
+type = 'SSL_KEY'
+name = 'dovecot'
+
+[secrets."email/dovecot/dovecot.crt"]
+type = 'SSL_CERT'
+name = 'dovecot'
+cert_domains = "['deuxfleurs.fr']"
+
+
+[secrets."email/dovecot/backup_restic_password"]
+type = 'user'
+description = 'Restic backup password to encrypt data'
+
+[secrets."email/dovecot/backup_aws_secret_access_key"]
+type = 'user'
+description = 'AWS Secret Access key'
+
+[secrets."email/dovecot/backup_restic_repository"]
+type = 'user'
+description = 'Restic Repository URL, check op_guide/backup-minio to see the format'
+
+[secrets."email/dovecot/backup_aws_access_key_id"]
+type = 'user'
+description = 'AWS Acces Key ID'
+
+# ---- SOGO ----
+
+[service_users."sogo"]
+dn_secret = "email/sogo/ldap_binddn"
+password_secret = "email/sogo/ldap_bindpw"
+
+[secrets."email/sogo/postgre_auth"]
+type = 'user'
+description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'
+