aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/email
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-25 22:31:18 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-25 22:31:18 +0100
commit87bb031ed00b7993a29d74aee2e89875c5444caf (patch)
tree80ebbf8c3870b3dfa756905fa55af938b503e283 /cluster/prod/app/email
parent6d6e48c8fa7f4f38a5b812389d269c025a977790 (diff)
downloadnixcfg-87bb031ed00b7993a29d74aee2e89875c5444caf.tar.gz
nixcfg-87bb031ed00b7993a29d74aee2e89875c5444caf.zip
Migrate prod cluster secrets to new format
Diffstat (limited to 'cluster/prod/app/email')
-rw-r--r--cluster/prod/app/email/secrets.toml58
-rw-r--r--cluster/prod/app/email/secrets/email/dkim/smtp.private1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/backup_restic_password1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/dovecot.crt1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/dovecot.key1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/ldap_binddn1
-rw-r--r--cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd1
-rw-r--r--cluster/prod/app/email/secrets/email/postfix/postfix.crt1
-rw-r--r--cluster/prod/app/email/secrets/email/postfix/postfix.key1
-rw-r--r--cluster/prod/app/email/secrets/email/sogo/ldap_binddn1
-rw-r--r--cluster/prod/app/email/secrets/email/sogo/ldap_bindpw1
-rw-r--r--cluster/prod/app/email/secrets/email/sogo/postgre_auth1
15 files changed, 58 insertions, 14 deletions
diff --git a/cluster/prod/app/email/secrets.toml b/cluster/prod/app/email/secrets.toml
new file mode 100644
index 0000000..4efee49
--- /dev/null
+++ b/cluster/prod/app/email/secrets.toml
@@ -0,0 +1,58 @@
+# ---- POSTFIX ----
+
+[secrets."email/postfix/postfix.key"]
+type = 'SSL_KEY'
+name = 'postfix'
+
+[secrets."email/postfix/postfix.crt"]
+type = 'SSL_CERT'
+name = 'postfix'
+cert_domains = "['deuxfleurs.fr']"
+
+[secrets."email/dkim/smtp.private"]
+type = 'RSA_PRIVATE_KEY'
+name = 'dkim'
+
+# ---- DOVECOT ----
+
+[service_users."dovecot"]
+dn_secret = "email/dovecot/ldap_binddn"
+password_secret = "email/dovecot/ldap_bindpwd"
+
+
+[secrets."email/dovecot/dovecot.key"]
+type = 'SSL_KEY'
+name = 'dovecot'
+
+[secrets."email/dovecot/dovecot.crt"]
+type = 'SSL_CERT'
+name = 'dovecot'
+cert_domains = "['deuxfleurs.fr']"
+
+
+[secrets."email/dovecot/backup_restic_password"]
+type = 'user'
+description = 'Restic backup password to encrypt data'
+
+[secrets."email/dovecot/backup_aws_secret_access_key"]
+type = 'user'
+description = 'AWS Secret Access key'
+
+[secrets."email/dovecot/backup_restic_repository"]
+type = 'user'
+description = 'Restic Repository URL, check op_guide/backup-minio to see the format'
+
+[secrets."email/dovecot/backup_aws_access_key_id"]
+type = 'user'
+description = 'AWS Acces Key ID'
+
+# ---- SOGO ----
+
+[service_users."sogo"]
+dn_secret = "email/sogo/ldap_binddn"
+password_secret = "email/sogo/ldap_bindpw"
+
+[secrets."email/sogo/postgre_auth"]
+type = 'user'
+description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'
+
diff --git a/cluster/prod/app/email/secrets/email/dkim/smtp.private b/cluster/prod/app/email/secrets/email/dkim/smtp.private
deleted file mode 100644
index 3aa3621..0000000
--- a/cluster/prod/app/email/secrets/email/dkim/smtp.private
+++ /dev/null
@@ -1 +0,0 @@
-RSA_PRIVATE_KEY dkim
diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id b/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id
deleted file mode 100644
index 9ae6adf..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id
+++ /dev/null
@@ -1 +0,0 @@
-USER AWS Acces Key ID
diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key b/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key
deleted file mode 100644
index ac95906..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key
+++ /dev/null
@@ -1 +0,0 @@
-USER AWS Secret Access key
diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password b/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password
deleted file mode 100644
index c19a4a3..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password
+++ /dev/null
@@ -1 +0,0 @@
-USER Restic backup password to encrypt data
diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository b/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository
deleted file mode 100644
index 0434a15..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository
+++ /dev/null
@@ -1 +0,0 @@
-USER Restic Repository URL, check op_guide/backup-minio to see the format
diff --git a/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt b/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt
deleted file mode 100644
index 7229cfc..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt
+++ /dev/null
@@ -1 +0,0 @@
-SSL_CERT dovecot deuxfleurs.fr
diff --git a/cluster/prod/app/email/secrets/email/dovecot/dovecot.key b/cluster/prod/app/email/secrets/email/dovecot/dovecot.key
deleted file mode 100644
index 0d42c79..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/dovecot.key
+++ /dev/null
@@ -1 +0,0 @@
-SSL_KEY dovecot
diff --git a/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn b/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn
deleted file mode 100644
index da380f2..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn
+++ /dev/null
@@ -1 +0,0 @@
-SERVICE_DN dovecot Dovecot IMAP server
diff --git a/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd b/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd
deleted file mode 100644
index 068f663..0000000
--- a/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd
+++ /dev/null
@@ -1 +0,0 @@
-SERVICE_PASSWORD dovecot
diff --git a/cluster/prod/app/email/secrets/email/postfix/postfix.crt b/cluster/prod/app/email/secrets/email/postfix/postfix.crt
deleted file mode 100644
index f004d67..0000000
--- a/cluster/prod/app/email/secrets/email/postfix/postfix.crt
+++ /dev/null
@@ -1 +0,0 @@
-SSL_CERT postfix deuxfleurs.fr
diff --git a/cluster/prod/app/email/secrets/email/postfix/postfix.key b/cluster/prod/app/email/secrets/email/postfix/postfix.key
deleted file mode 100644
index 2cf1706..0000000
--- a/cluster/prod/app/email/secrets/email/postfix/postfix.key
+++ /dev/null
@@ -1 +0,0 @@
-SSL_KEY postfix
diff --git a/cluster/prod/app/email/secrets/email/sogo/ldap_binddn b/cluster/prod/app/email/secrets/email/sogo/ldap_binddn
deleted file mode 100644
index df627d3..0000000
--- a/cluster/prod/app/email/secrets/email/sogo/ldap_binddn
+++ /dev/null
@@ -1 +0,0 @@
-SERVICE_DN sogo SoGo email frontend
diff --git a/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw b/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw
deleted file mode 100644
index 8d2f35b..0000000
--- a/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw
+++ /dev/null
@@ -1 +0,0 @@
-SERVICE_PASSWORD sogo
diff --git a/cluster/prod/app/email/secrets/email/sogo/postgre_auth b/cluster/prod/app/email/secrets/email/sogo/postgre_auth
deleted file mode 100644
index 4f66253..0000000
--- a/cluster/prod/app/email/secrets/email/sogo/postgre_auth
+++ /dev/null
@@ -1 +0,0 @@
-USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 03:48:18 +0000