Switch dovecot to bottin2 & put secret in own consul key

2020-02-11 22:42:28 +01:00 · 2020-02-11 22:42:28 +01:00 · cd6da5d52f
commit cd6da5d52f
parent a552f67e94
2 changed files with 14 additions and 8 deletions
--- a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample
+++ b/consul/configuration/email/dovecot/dovecot-ldap.conf.sample
@ -1,6 +1,6 @@
-hosts = bottin.service.2.cluster.deuxfleurs.fr
-dn = cn=<username>,dc=deuxfleurs,dc=fr
-dnpass = <password>
+hosts = bottin2.service.2.cluster.deuxfleurs.fr
+dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }}
+dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }}
 base = dc=deuxfleurs,dc=fr
 scope = subtree
 user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
--- a/nomad/email.hcl
+++ b/nomad/email.hcl
@ -131,6 +131,17 @@ job "email" {
        }
      }

+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
+        destination = "secrets/conf/dovecot-ldap.conf.tpl"
+        mode = "file"
+      }
+      template {
+        source = "secrets/conf/dovecot-ldap.conf.tpl"
+        destination = "secrets/conf/dovecot-ldap.conf"
+        perms = "400"
+      }
+
      template {
        data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}"
        destination = "secrets/ssl/certs/dovecot.crt"
@ -141,11 +152,6 @@ job "email" {
        destination = "secrets/ssl/private/dovecot.key"
        perms = "400"
      }
-      template {
-        data = "{{ key \"configuration/email/dovecot/dovecot-ldap.conf\" }}"
-        destination = "secrets/conf/dovecot-ldap.conf"
-        perms = "400"
-      }
    }
  }