almost ready. now to harden

2025-11-04 11:30:34 +00:00 · 2025-11-04 11:30:34 +00:00 · e856c0dfb1
commit e856c0dfb1
parent 29cbf8b2d8
20 changed files with 539 additions and 58 deletions
--- a/services/prosody.nix
+++ b/services/prosody.nix
@ -1,8 +1,11 @@
 {
  pkgs,
  lib,
+  config,
  ...
 }: {
+  age.secrets."bind_pw".file = ../secrets/bind_pw;
+
  services.prosody = {
    package = pkgs.prosody.override {
      withExtraLuaPackages = pkgs: with pkgs.luaPackages; [lualdap];
@ -27,7 +30,7 @@
      ldap_base = "ou=people,dc=distrust,dc=network"
      ldap_server = "localhost:3890"
      ldap_rootdn = "uid=bind,ou=people,dc=distrust,dc=network"
-      ldap_password = "bindpassword"
+      ldap_password = "${builtins.readFile config.age.secrets."bind_pw".path}"
    '';
  };