From cd6da5d52f7e869c83e4a55bf762d9d6b0c96b09 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Tue, 11 Feb 2020 22:42:28 +0100
Subject: [PATCH] Switch dovecot to bottin2 & put secret in own consul key

---
 ...ot-ldap.conf.sample => dovecot-ldap.conf.tpl} |  6 +++---
 nomad/email.hcl                                  | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 8 deletions(-)
 rename consul/configuration/email/dovecot/{dovecot-ldap.conf.sample => dovecot-ldap.conf.tpl} (62%)

diff --git a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl
similarity index 62%
rename from consul/configuration/email/dovecot/dovecot-ldap.conf.sample
rename to consul/configuration/email/dovecot/dovecot-ldap.conf.tpl
index 4848d6e..9fb1ea6 100644
--- a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample
+++ b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl
@@ -1,6 +1,6 @@
-hosts = bottin.service.2.cluster.deuxfleurs.fr
-dn = cn=<username>,dc=deuxfleurs,dc=fr
-dnpass = <password>
+hosts = bottin2.service.2.cluster.deuxfleurs.fr
+dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }}
+dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }}
 base = dc=deuxfleurs,dc=fr
 scope = subtree
 user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
diff --git a/nomad/email.hcl b/nomad/email.hcl
index 649231c..d5cdc83 100644
--- a/nomad/email.hcl
+++ b/nomad/email.hcl
@@ -131,6 +131,17 @@ job "email" {
         }
       }
 
+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
+        destination = "secrets/conf/dovecot-ldap.conf.tpl"
+        mode = "file"
+      }
+      template {
+        source = "secrets/conf/dovecot-ldap.conf.tpl"
+        destination = "secrets/conf/dovecot-ldap.conf"
+        perms = "400"
+      }
+
       template {
         data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}"
         destination = "secrets/ssl/certs/dovecot.crt"
@@ -141,11 +152,6 @@ job "email" {
         destination = "secrets/ssl/private/dovecot.key"
         perms = "400"
       }
-      template {
-        data = "{{ key \"configuration/email/dovecot/dovecot-ldap.conf\" }}"
-        destination = "secrets/conf/dovecot-ldap.conf"
-        perms = "400"
-      }
     }
   }