From acdb34027b361cccfe6200ed8f087aa146d0ab55 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Tue, 11 Feb 2020 21:52:57 +0100
Subject: [PATCH] WIP: update mysql/seafile to use their own ldap user in
 ou=services

---
 consul/configuration/.gitignore                    |  1 +
 .../seafile/conf/{ccnet.conf.sample => ccnet.conf} |  8 ++++----
 nomad/seafile.hcl                                  | 14 ++++++++++----
 3 files changed, 15 insertions(+), 8 deletions(-)
 rename consul/configuration/seafile/conf/{ccnet.conf.sample => ccnet.conf} (63%)

diff --git a/consul/configuration/.gitignore b/consul/configuration/.gitignore
index 8c55cc6..d54ae44 100644
--- a/consul/configuration/.gitignore
+++ b/consul/configuration/.gitignore
@@ -10,6 +10,7 @@
 
 # Whitelist specific files
 !seafile/conf/seafdav.conf
+!seafile/conf/ccnet.conf
 !seafile/ccnet/seafile.ini
 
 !email/dkim/keytable
diff --git a/consul/configuration/seafile/conf/ccnet.conf.sample b/consul/configuration/seafile/conf/ccnet.conf
similarity index 63%
rename from consul/configuration/seafile/conf/ccnet.conf.sample
rename to consul/configuration/seafile/conf/ccnet.conf
index 76f4da9..2395a9b 100644
--- a/consul/configuration/seafile/conf/ccnet.conf.sample
+++ b/consul/configuration/seafile/conf/ccnet.conf
@@ -1,6 +1,6 @@
 [General]
 USER_NAME = deuxfleurs
-ID = <to be defined>
+ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }}
 NAME = deuxfleurs
 SERVICE_URL = https://cloud.deuxfleurs.fr
 
@@ -13,9 +13,9 @@ PORT = 13418
 [LDAP]
 HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/
 BASE = ou=users,dc=deuxfleurs,dc=fr
-USER_DN = cn=<to be defined>,dc=deuxfleurs,dc=fr
+USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }}
 FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr
-PASSWORD = <to be defined>
+PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }}
 LOGIN_ATTR = mail
 
 [Database]
@@ -23,7 +23,7 @@ ENGINE = mysql
 HOST = mariadb.service.2.cluster.deuxfleurs.fr
 PORT = 3306
 USER = seafile
-PASSWD = <to be defined>
+PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
 DB = ccnet-db
 CONNECTION_CHARSET = utf8
 
diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl
index c930396..1ffd1a1 100644
--- a/nomad/seafile.hcl
+++ b/nomad/seafile.hcl
@@ -111,6 +111,16 @@ job "seafile" {
         }
       }
 
+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf?raw"
+        destination = "secrets/conf/ccnet.conf.tpl"
+        mode = "file"
+      }
+	    template {
+        source = "secrets/conf/ccnet.conf.tpl"
+        destination = "secrets/conf/ccnet.conf"
+      }
+
       template {
         data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}"
         destination = "secrets/ccnet/mykey.peer"
@@ -119,10 +129,6 @@ job "seafile" {
         data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}"
         destination = "secrets/ccnet/seafile.ini"
       }
-      template {
-        data = "{{ key \"configuration/seafile/conf/ccnet.conf\" }}"
-        destination = "secrets/conf/ccnet.conf"
-      }
       template {
         data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}"
         destination = "secrets/conf/mykey.peer"