move dovecot-sql.conf.ext to secrets
This commit is contained in:
parent
e6e759b5d1
commit
dfbb133d44
GPG key ID:
015E3768A70AFBC5
2 changed files with 6 additions and 16 deletions
|
|
@ -2,18 +2,6 @@
|
|||
let
|
||||
listenIP = (import ../../utils/getInternalIP.nix config).listenIP;
|
||||
sieves = import ../../packages/sieves.nix pkgs;
|
||||
dovecot-sql = pkgs.writeText "dovecot-sql.conf.ext" ''
|
||||
driver = pgsql
|
||||
connect = dbname=postfix user=dovecot
|
||||
default_pass_scheme = ARGON2ID
|
||||
password_query = \
|
||||
SELECT local_part as username, domain, password, CONCAT('/var/vmail', maildir) AS userdb_home, 76 AS userdb_uid, 76 AS userdb_gid, CONCAT('*:bytes=', quota) AS userdb_quota_rule \
|
||||
FROM mailbox WHERE local_part = '%n' AND domain = '%d' AND active = '1'
|
||||
user_query = \
|
||||
SELECT CONCAT('/var/vmail', maildir) AS home, 76 AS uid, 76 AS gid, CONCAT('*:bytes=', quota) AS quota_rule \
|
||||
FROM mailbox WHERE local_part = '%n' AND domain = '%d' AND active = '1'
|
||||
iterate_query = SELECT CONCAT(local_part, '@', domain) AS user FROM mailbox
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
||||
|
|
@ -121,14 +109,14 @@ in
|
|||
|
||||
passdb {
|
||||
driver = sql
|
||||
args = ${dovecot-sql}
|
||||
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
|
||||
}
|
||||
userdb {
|
||||
driver = prefetch
|
||||
}
|
||||
userdb {
|
||||
driver = sql
|
||||
args = ${dovecot-sql}
|
||||
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
|
||||
}
|
||||
auth_debug=yes
|
||||
'';
|
||||
|
|
@ -140,6 +128,7 @@ in
|
|||
listenAddress = listenIP;
|
||||
};
|
||||
sops.secrets."services/dovecot/rspamd_password" = { owner = "dovecot"; };
|
||||
sops.secrets."services/dovecot/dovecot-sql.conf.ext" = { owner = "dovecot"; };
|
||||
services.postgresql.ensureUsers = [{
|
||||
name = "dovecot";
|
||||
ensurePermissions = {
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ services:
|
|||
setupPassword: ENC[AES256_GCM,data:2BiQLOZZ6zCh4F+DkeNpMGLeXoxmMtDkuAU4XGBNvso+f4jupowalLkhTG/kA8yUL6BWOxwtJGMEp5wO,iv:0guj3/elSzoOe/00wgi5Z4R4lVfWeWt8mUDao3RXK6I=,tag:1lFUqfeSGV04mfxaVrmSMg==,type:str]
|
||||
dovecot:
|
||||
rspamd_password: ENC[AES256_GCM,data:PYVfbmSR8Uq3gQGkXVhj6Pt4QIo=,iv:jG7BudJT6+RAprllh5dGnSiqr4hS/GtyZesc77bd8eY=,tag:GBRgqg74cp1CPhDOu8IyKw==,type:str]
|
||||
dovecot-sql.conf.ext: ENC[AES256_GCM,data:9Efl05tK3BDtDhagwlZZBzDSC0oC+zC6q92wlcG3spwMtATXb2hFQ/ltpu+4LDVDbBZHSBdgfCqqSi5jdrvP70XSshvG1fmUWT8lSUS69mHJ6X1upPnZ3lvsgLt/T4Z6bxmmiKh+JjeCbkCf97NJoRcmMPVwwPHfkRmfB1ypRy8WN78lltQJUFy4vkSZ2/iOkiT706yuWYmBJjeKwwhfFISc8d5aDfzemuHsXbpXcPEc8+HAPwQ0fUEz9C9fo/2oj2B26KLSELqJ2pZAecoE23v+rg25Gq4CylC69WcCVybLATwFTdEWy6w99L2gg9GEVmrlkuNlOw8lqdNdAVPGWbnFwAzWDILnIyPpsJBISBBO7LUiyjmTWMMziE3acpC5KEjbOH7zpp/bzGuFOg36/f0FZ1lSCPLFyAirMrLv+90gKcAjQcdiQU87TrvKBJE/ErX0Tyg2gjy8Ye4R+b8YL8zorMfBKhvybilEV4jkeEzSfhMKfLZAgsOgdyqHYnHQT5McOuy4pfnrI26CBpJ54b7BovU8QW1QdZ1iH8dxQig5alLzLCQuPJZnDfGcH48qudNhB8zdkkxBkjX3f4nOfjoGim510BCZ7o5Zurf3mNWNWCbKfKY55mO0SIjcRLk9RbOk4xOJg6rnc+bWBFr7c1T4ocp9PB05JTfSlE1gtsgQPn72KkOlwJSdj/epSsSy8ZynXowDyApspuGjupjsO9St52O1lAOAoSaIG4QXIWv1HzL2a6iKrxZoZK4Ao4DkQb503NEcpGTfx/iztb257l02JF3R/Qz6AwQo2SFcoMBl7/StnlzCLpgy8CELFLQ9C3sEj/NNkim3zGkCwWciJV69mGiRx9e+nOia8CQkc4qpf3fqxgsimgk=,iv:IDP+oNvkYbdKdxRRQB2FvZm6bpW84HzazE1wpY8P+JY=,tag:IHFlFzg2RrdDMop3KrfeQw==,type:str]
|
||||
email:
|
||||
darkkirb@darkkirb.de: ENC[AES256_GCM,data:DgVyvDHsviJuGqM+YP4jjytnzJE=,iv:KhEJz2+Nl9sxjRe0FmHOXi64QtsxDZhagnYt08sqU4E=,tag:vrhBg9qWBiSLPop/5jyIwA==,type:str]
|
||||
lotte@chir.rs: ENC[AES256_GCM,data:bkzYVXizG/inJ/MS57G2pEiUkA==,iv:jviAx1B83wPhc128msfSs7oYwRQH+j7PU0aAmNbwi88=,tag:ylYl5k9R5BdLGAXOXVeLZg==,type:str]
|
||||
|
|
@ -46,8 +47,8 @@ sops:
|
|||
Ync4ejJHR0RXTkpqVzFRQXhEVlFVZjgKPo209jJf8Lwn1j3VmLC+j0633zdbt2yf
|
||||
bPwO7dlKYGbGeGObprNtBXBS2cUXHeuQ45vRpTtg1cpxYK+TfNH8vQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-01-20T15:46:48Z"
|
||||
mac: ENC[AES256_GCM,data:jsQx0yZmcssxTXLzxx10yrSLfYqfa75LIQFRKWmHkTrd/a2w/ZZFfcorqjoNARtsx+F8Das++ZHpenEdHyxyOSPif5JCIsjrBD6RtJyaKVmIuDirhqUhMQNB2ZDLQifIIsA2qCzhJPThP/+ZJygnhUYiOKg86fangLpkAIxF7DM=,iv:R77YqOSBBMEZbwiPAhnDScYCA+DrTVsZfjNYw9S0iMU=,tag:3va+Z/r39RrD9iQ2BIApNw==,type:str]
|
||||
lastmodified: "2022-01-22T14:17:13Z"
|
||||
mac: ENC[AES256_GCM,data:KnfgZ26EAn8e5++uremLVxQ+wyOPmFOuclYmfuvM5h9yxUolrxTMse2P6yTbZ/XTIMNC9sYktj6EA7ityYnY+J0XX0PQOJVr3jdN9LHGJqA9mngu1uNaVHV8XRSsD4m8fiMMTkm9txLmOkP9iCDRSJXgG4AZ0cfn2jQuhMDUOOo=,iv:ykvCQ7nTUrQ0wa/3JrxbBLx+p/YIZ58+J+5ReCSWIGs=,tag:MC/tz9+XzzVOvFyfxXWWLA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
|
|
|
|||
Loading…
Reference in a new issue