From 4fbd823be64690c9550386ffbcf4b3fd9782ef77 Mon Sep 17 00:00:00 2001 From: fredrikr79 Date: Sat, 12 Oct 2024 22:53:42 +0200 Subject: [PATCH 1/2] bekkalokk/roundcube: add `database.host` --- hosts/bekkalokk/services/webmail/roundcube.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/bekkalokk/services/webmail/roundcube.nix b/hosts/bekkalokk/services/webmail/roundcube.nix index 82d2356..878bdd7 100644 --- a/hosts/bekkalokk/services/webmail/roundcube.nix +++ b/hosts/bekkalokk/services/webmail/roundcube.nix @@ -20,6 +20,10 @@ in maxAttachmentSize = 20; hostName = "roundcubeplaceholder.example.com"; + database = { + host = "postgres.pvv.ntnu.no"; + }; + extraConfig = '' $config['enable_installer'] = false; $config['default_host'] = "ssl://imap.pvv.ntnu.no"; -- 2.47.0 From aa71d497f1179e026204e3f496dbf5f7546d2eb8 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 12 Oct 2024 23:03:13 +0200 Subject: [PATCH 2/2] bekkalokk/roundcube: add postgres password --- hosts/bekkalokk/services/webmail/roundcube.nix | 6 ++++++ secrets/bekkalokk/bekkalokk.yaml | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/hosts/bekkalokk/services/webmail/roundcube.nix b/hosts/bekkalokk/services/webmail/roundcube.nix index 878bdd7..6212ccd 100644 --- a/hosts/bekkalokk/services/webmail/roundcube.nix +++ b/hosts/bekkalokk/services/webmail/roundcube.nix @@ -6,6 +6,11 @@ let domain = "webmail.pvv.ntnu.no"; in { + sops.secrets."roundcube/postgres_password" = { + owner = "nginx"; + group = "nginx"; + }; + services.roundcube = { enable = true; @@ -22,6 +27,7 @@ in database = { host = "postgres.pvv.ntnu.no"; + passwordFile = config.sops.secrets."roundcube/postgres_password".path; }; extraConfig = '' diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml index d77a151..c6e7ada 100644 --- a/secrets/bekkalokk/bekkalokk.yaml +++ b/secrets/bekkalokk/bekkalokk.yaml @@ -18,6 +18,8 @@ mediawiki: postgres_password: ENC[AES256_GCM,data:FzykBVtJbA+Bey1GE5VqnSuv2GeobH1j,iv:wayQH3+y0FYFkr3JjmulI53SADk0Ikur/2mUS5kFrTk=,tag:d+nQ/se2bDA5aaQfBicnPQ==,type:str] cookie_salt: ENC[AES256_GCM,data:BioRPAvL4F9ORBJDFdqHot81RhVpAOf32v1ah3pvOLq8E88bxGyKFQZxAwpIL3UkWQIsWMnEerm5MEMYL1C2OQ==,iv:yMVqiPTQ8hO1IVAax6PIkD0V9YTOEunwDTtnGcmy6Kc=,tag:Z4+bZF4olLlkx7YpXeQiUw==,type:str] admin_password: ENC[AES256_GCM,data:4eUXvcO7NLOWke9XShfKzj+x3FvqPONa,iv:3iZ+BTBTZ7yMJ0HT14cEMebKZattWUcYEevRsl/6WOk=,tag:CU0iDhPP2ndztdX5U5A4cw==,type:str] +roundcube: + postgres_password: ENC[AES256_GCM,data:fGHmq6r/ZCeIseHL8/gmm5DfWQYorI3OJq1TW0EHvh7rHL62M4TE+Lrlrmq8AIlmGLSWtO8AQzOP3toxidL6xWX3pcwLxtTefa1gom2oQf6ZL4TbAZLidHksdiro6pWtpMOO66bb8O9eXvZmns4=,iv:Irnb2/bgx8WilDyRLleWfo6HHafZ+vlDEwxIcgm1f18=,tag:eTNBUELmLwO7DsQN9CLX7Q==,type:str] idp: cookie_salt: ENC[AES256_GCM,data:cyV6HDCPHKQIa8T1+rFBFh6EuHtG5B508lg6uFYENK7qVpYuiTUIokdVQhY8SRLs2mECx/ampgnUHxCRB/Cc/A==,iv:QRrRUhzRQrLkmg38rrYtCEfF8U4/7ZHZUDSEq++BlbI=,tag:fLqFSLd+CKqJvmCh1fx8vg==,type:str] admin_password: ENC[AES256_GCM,data:Vf33Oenk6x6BIij1uW8RQDjTPcKhUVYA,iv:RNeyCNpTAYdBPrZwE3Y6CCjoAML/3XUvjfJCrr06IEU=,tag:zVOrx1oXnEyr/VwFCFaCDQ==,type:str] @@ -95,8 +97,8 @@ sops: UHpLRkdQTnhkeGlWVG9VS1hkWktyckEKAdwnA9URLYZ50lMtXrU9Q09d0L3Zfsyr 4UsvjjdnFtsXwEZ9ZzOQrpiN0Oz24s3csw5KckDni6kslaloJZsLGg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-01T01:33:50Z" - mac: ENC[AES256_GCM,data:PkcOD9hJWD5tILO9PuZkOgIoujt4q2qtHBB9KF8ikrNKo0yw24Jf1ceI5/+BHCxhdi8sF4qQM/zty61zqwNaBsvrsLUkdWDwUDsuJQa1KKZiCEZPqYBc+qGIQ5wNPsU2zJ0c8+wU8H0LtGqKOH9GmaQtTdm0Rt2IcexV823uTjQ=,iv:GYTI85OgqnN8iUc6OOXO7Sz2XIthWJtz8zwMuWutEYs=,tag:2rhfhjXXzZLzoVlkINo0ZQ==,type:str] + lastmodified: "2024-10-12T21:56:27Z" + mac: ENC[AES256_GCM,data:bZ1BbVC6D+B6SFze2ReeCUcQamK/O14zH3YxCjWBwMC++w3niIiEx4Bq7Ulci5yuMld0luVsfUzHoqFN/+zvZbV2rGVk8lVRiTrpFoSZ78aUUgeHG9ROLXsR7T7rVhLWbl86y1G5LcKws7G55V0wAh6f58WjYYzwR8fnBmfW1Ko=,iv:7xtMdtXQB9uZirE/CkUSmeu0qnG++R7DUR7zn/Bo0lM=,tag:DH/BJPpAp//quDqKNXyHcg==,type:str] pgp: - created_at: "2024-08-04T00:03:28Z" enc: |- @@ -119,4 +121,4 @@ sops: -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 -- 2.47.0