From cd4c98a4a8fe6c1b0f673e76141de19f5c65f7e3 Mon Sep 17 00:00:00 2001 From: geemili Date: Sat, 30 Dec 2023 19:39:57 -0700 Subject: [PATCH] sec: put lldap default admin password in agenix and update it --- agenix-config-module.nix | 5 +++++ configuration.nix | 5 +++-- secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age | Bin 0 -> 366 bytes secrets/secrets.nix | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age diff --git a/agenix-config-module.nix b/agenix-config-module.nix index 8e9196e..d58a8ad 100644 --- a/agenix-config-module.nix +++ b/agenix-config-module.nix @@ -4,4 +4,9 @@ owner = "dynamicdns"; group = "dynamicdns"; }; + age.secrets.LLDAP_DEFAULT_ADMIN_PASSWORD = { + file = ./secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age; + owner = "lldap"; + group = "lldap"; + }; } diff --git a/configuration.nix b/configuration.nix index 469e8aa..456840d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -130,10 +130,11 @@ ldap_base_dn = "dc=twins,dc=pearson"; # Sets the root administrator's user name ldap_user_dn = "admin"; - # Default administrator password - ldap_user_pass = "extending pulsate nastily"; http_host = "127.0.0.1"; }; + environment = { + LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.LLDAP_DEFAULT_ADMIN_PASSWORD.path; + }; }; # Dynamic DNS through duck dns diff --git a/secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age b/secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age new file mode 100644 index 0000000000000000000000000000000000000000..e3b34b512b96b0301dca69c73825ebf244fd9d03 GIT binary patch literal 366 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyjPP?wDpv?eN%U~` z(zXmWF9}RaDvJuO@~Uz*&-2T3DR;{&&UerAHP1H-(+>B_^5in`aV)R&a}Mw+wDfZH zEc8#T2&yvkb5C;2%J4Oe3@`RdtMoK=4KXt=4@9@kDI`L>!cigHr?RRj+_xaPBCXOX zFe5S3Fx}B0&&a^g)3PYCq(IxFw4%_ZFw4a_ub8XMG1)ISr@|#SJk-^!*jvA<)Zf6= ztkk_CJka0WyWBj(JKV+HG$>6!Bb`fES69I&B)!-v*D0&m(j>|!z~4P2EYH=)FVn@+ zH7KI8%s;Hc+}ASGG}XN@)RpUdWkbkL#=a{i$EI0JoO4%U+j}Qopi$zj{ssn?WS5M8 yTo2v(v!=8}A3RjNUMY2>oP2d&HN(M>+({;Ew!fMG