nixcfg/cluster/prod/app/email/secrets.toml

# ---- POSTFIX ----

[secrets."email/postfix/postfix.key"]
type = 'SSL_KEY'
name = 'postfix'

[secrets."email/postfix/postfix.crt"]
type = 'SSL_CERT'
name = 'postfix'
cert_domains = "['deuxfleurs.fr']"

[secrets."email/dkim/smtp.private"]
type = 'RSA_PRIVATE_KEY'
name = 'dkim'

# ---- DOVECOT ----

[service_users."dovecot"]
dn_secret = "email/dovecot/ldap_binddn"
password_secret = "email/dovecot/ldap_bindpwd"


[secrets."email/dovecot/dovecot.key"]
type = 'SSL_KEY'
name = 'dovecot'

[secrets."email/dovecot/dovecot.crt"]
type = 'SSL_CERT'
name = 'dovecot'
cert_domains = "['deuxfleurs.fr']"


[secrets."email/dovecot/backup_restic_password"]
type = 'user'
description = 'Restic backup password to encrypt data'

[secrets."email/dovecot/backup_aws_secret_access_key"]
type = 'user'
description = 'AWS Secret Access key'

[secrets."email/dovecot/backup_restic_repository"]
type = 'user'
description = 'Restic Repository URL, check op_guide/backup-minio to see the format'

[secrets."email/dovecot/backup_aws_access_key_id"]
type = 'user'
description = 'AWS Acces Key ID'

# ---- SOGO ----

[service_users."sogo"]
dn_secret = "email/sogo/ldap_binddn"
password_secret = "email/sogo/ldap_bindpw"

[secrets."email/sogo/postgre_auth"]
type = 'user'
description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'
Migrate prod cluster secrets to new format 2022-12-25 21:31:18 +00:00			`# ---- POSTFIX ----`

			`[secrets."email/postfix/postfix.key"]`
			`type = 'SSL_KEY'`
			`name = 'postfix'`

			`[secrets."email/postfix/postfix.crt"]`
			`type = 'SSL_CERT'`
			`name = 'postfix'`
			`cert_domains = "['deuxfleurs.fr']"`

			`[secrets."email/dkim/smtp.private"]`
			`type = 'RSA_PRIVATE_KEY'`
			`name = 'dkim'`

			`# ---- DOVECOT ----`

			`[service_users."dovecot"]`
			`dn_secret = "email/dovecot/ldap_binddn"`
			`password_secret = "email/dovecot/ldap_bindpwd"`


			`[secrets."email/dovecot/dovecot.key"]`
			`type = 'SSL_KEY'`
			`name = 'dovecot'`

			`[secrets."email/dovecot/dovecot.crt"]`
			`type = 'SSL_CERT'`
			`name = 'dovecot'`
			`cert_domains = "['deuxfleurs.fr']"`


			`[secrets."email/dovecot/backup_restic_password"]`
			`type = 'user'`
			`description = 'Restic backup password to encrypt data'`

			`[secrets."email/dovecot/backup_aws_secret_access_key"]`
			`type = 'user'`
			`description = 'AWS Secret Access key'`

			`[secrets."email/dovecot/backup_restic_repository"]`
			`type = 'user'`
			`description = 'Restic Repository URL, check op_guide/backup-minio to see the format'`

			`[secrets."email/dovecot/backup_aws_access_key_id"]`
			`type = 'user'`
			`description = 'AWS Acces Key ID'`

			`# ---- SOGO ----`

			`[service_users."sogo"]`
			`dn_secret = "email/sogo/ldap_binddn"`
			`password_secret = "email/sogo/ldap_bindpw"`

			`[secrets."email/sogo/postgre_auth"]`
			`type = 'user'`
			`description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'`