make rootpass secure and static

2025-11-09 00:11:12 +00:00 · 2025-11-09 00:11:12 +00:00 · 4e1bcd6425
commit 4e1bcd6425
parent ec5f40fa53
1 changed files with 7 additions and 2 deletions
--- a/services/lldap.nix
+++ b/services/lldap.nix
@ -1,7 +1,11 @@
 {config, ...}: let
  lldapPort = 8089;
 in {
-  age.secrets."hidden_service/lldap".file = ../secrets/hidden_service/lldap;
+  age.secrets = {
+    "hidden_service/lldap".file = ../secrets/hidden_service/lldap;
+    "lldap_root_pass".file = ../secrets/lldap_root_pass;
+  }
+  

  services.lldap = {
    enable = true;
@ -11,7 +15,8 @@ in {
      ldap_user_email = "root@distrust.network";
      ldap_user_dn = "root";
      ldap_base_dn = "dc=distrust,dc=network";
-      ldap_user_pass = "VERY_SECURE";
+      ldap_user_pass_file = config.age.secrets."lldap_root_pass".path;
+      force_ldap_user_pass_reset = true;
    };
  };