# ---- POSTFIX ----

[secrets."email/postfix/postfix.key"]
type = 'SSL_KEY'
name = 'postfix'

[secrets."email/postfix/postfix.crt"]
type = 'SSL_CERT'
name = 'postfix'
cert_domains = "['deuxfleurs.fr']"

[secrets."email/dkim/smtp.private"]
type = 'RSA_PRIVATE_KEY'
name = 'dkim'

# ---- DOVECOT ----

[service_users."dovecot"]
dn_secret = "email/dovecot/ldap_binddn"
password_secret = "email/dovecot/ldap_bindpwd"


[secrets."email/dovecot/dovecot.key"]
type = 'SSL_KEY'
name = 'dovecot'

[secrets."email/dovecot/dovecot.crt"]
type = 'SSL_CERT'
name = 'dovecot'
cert_domains = "['deuxfleurs.fr']"


[secrets."email/dovecot/backup_restic_password"]
type = 'user'
description = 'Restic backup password to encrypt data'

[secrets."email/dovecot/backup_aws_secret_access_key"]
type = 'user'
description = 'AWS Secret Access key'

[secrets."email/dovecot/backup_restic_repository"]
type = 'user'
description = 'Restic Repository URL, check op_guide/backup-minio to see the format'

[secrets."email/dovecot/backup_aws_access_key_id"]
type = 'user'
description = 'AWS Acces Key ID'

# ---- SOGO ----

[service_users."sogo"]
dn_secret = "email/sogo/ldap_binddn"
password_secret = "email/sogo/ldap_bindpw"

[secrets."email/sogo/postgre_auth"]
type = 'user'
description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'