From 1fce631c24170dedd91d1159f13e864ecb0cc5eb Mon Sep 17 00:00:00 2001
From: revol-xut <revol-xut@protonmail.com>
Date: Sun, 18 Dec 2022 20:16:24 +0100
Subject: [PATCH] adding secrets for dnpass

---
 hosts/mailtngbert/default.nix  | 8 +++++++-
 hosts/mailtngbert/secrets.yaml | 9 +++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hosts/mailtngbert/default.nix b/hosts/mailtngbert/default.nix
index ab84e2fe..416f5b5a 100644
--- a/hosts/mailtngbert/default.nix
+++ b/hosts/mailtngbert/default.nix
@@ -6,7 +6,8 @@ let
   ldap-auth-config = pkgs.writeText ''
     hosts = auth.c3d2.de
     dn = uid=search,ou=users,dc=c3d2,dc=de
-    dnpass = #add cat sops help where credential sandro help
+
+    !include ${config.sops.secrets."ldap/search-user-pw".path}
     auth_bind = yes
     auth_bind_userdn = uid=%u,ou=users,dc=c3d2,dc=de
     ldap_version = 3
@@ -46,6 +47,11 @@ in
     };
   };
 
+  sops.secrets."ldap/search-user-pw" = {
+    owner = config.systemd.services.dovecot2.serviceConfig.User;
+    group = config.systemd.services.dovecot2.serviceConfig.Group;
+  };
+
   services = {
       postfix = {
         enable = true;
diff --git a/hosts/mailtngbert/secrets.yaml b/hosts/mailtngbert/secrets.yaml
index 5c742a12..419d96e0 100644
--- a/hosts/mailtngbert/secrets.yaml
+++ b/hosts/mailtngbert/secrets.yaml
@@ -1,4 +1,5 @@
-mock-data: ENC[AES256_GCM,data:fQ88gg==,iv:TphtBcDzX9xHW8eu4BwyitiOg6D6pnTRUrVtMUOjKTo=,tag:v4xjJNFTKyA7kbjeXDDz7w==,type:bool]
+ldap:
+    search-user-pw: ENC[AES256_GCM,data:Pd6Qy8Ilu1RAkIOnpHNoGV+VBNCg/IAl9InWOGDlsTSbDVqK4B5aUmX2sl0=,iv:nZQwmiWJtQ4AmzAgv3Fhh625K11U4uxTCE6Rj5okRns=,tag:v9pVGrSQoaGGYG5X8wUyoA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +24,8 @@ sops:
             bTBPcjZCZFNBWWtUVGNRUWE4eTA1ZjgKF4qoSyKCL2ytTf5vZRVLFr89R5/7HCji
             hsPXdE607b+s5PAaOPMWF8Zfy7QJr6hqG9+Pbr4FnGB5nTvTsO5d3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-02-25T18:51:17Z"
-    mac: ENC[AES256_GCM,data:/xwOBXbYBd9TqosVFDEAyjVBOcZ1NdxNEz5nTmaFwiBHJSICflX54YSx+1QT44jFCkDFdvf3ZSojZ/bJ9EBsGZycaa4dQvReF5jjMnDzdwPvf+R84F/QuyHZTNnxXfneXUP9SWcenREr/ku/96x7ignKg1n4YsRq1hiot4W8sFk=,iv:7gzXGTlZ+A6ihSF6B94ttyWlREXLTUJukv45nBYPVKI=,tag:E3zlnQrMs0gCNdeuX2Bmfw==,type:str]
+    lastmodified: "2022-12-18T19:16:04Z"
+    mac: ENC[AES256_GCM,data:7bqWB5fzhL6J18vak2pfW0Oq8mo0iLiHefCYEklTcUVVHOJy//hO9yw95gjUpGyq6Fx77SKOgu7SaM2bnBOTSdbvoz3mUsUZUUztSlJ+vrXNeD2tNHES6laa3W+lxDwl4WYOz5rPM5oOo0jWuMkIayE+fYC6d21AK8H910fdMjQ=,iv:tYIt1vi4FQezs7LoLXiF4J++KHUOQV8tYfap3l072zY=,tag:Pu0pXHG3WI1WoWXwCvKAXg==,type:str]
     pgp:
         - created_at: "2022-07-15T23:32:09Z"
           enc: |
@@ -179,4 +180,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 91EBE87016391323642A6803B966009D57E69CC6
     unencrypted_suffix: _unencrypted
-    version: 3.7.1
+    version: 3.7.3