From bed75d392bf2829cdd674a608e74f0167a36e8b2 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Mon, 16 Oct 2023 12:15:48 -0700
Subject: [PATCH] Add volume for redis passwd

Also...the volume has to refer to a local file...
---
 mail-server.nix | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/mail-server.nix b/mail-server.nix
index 4c9c8df..f060890 100644
--- a/mail-server.nix
+++ b/mail-server.nix
@@ -12,6 +12,10 @@ let
   dovecotApiKey = pkgs.lib.passwd.stablerandom-passwd-file "dovecot-api-key"
     config.instance.build-seed;
 
+  redisPasswdFile =
+    pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
+    config.instance.build-seed;
+
 in {
   options.fudo.mail = with types; {
     enable = mkEnableOption "Enable mail server.";
@@ -215,7 +219,7 @@ in {
           AUTHENTIK_TOKEN=${cfg.ldap.outpost-token}
           AUTHENTIK_INSECURE=false
         '';
-        target-file = "/run/ldap-proxy/env";
+        target-file = "/run/mail-server/ldap-proxy/env";
       };
 
       dovecotLdapConfig = {
@@ -233,7 +237,7 @@ in {
             "pass_attrs = =user=%{ldap:cn}"
             "user_attrs = =user=%{ldap:cn}"
           ]);
-        target-file = "/run/dovecot-secrets/ldap.conf";
+        target-file = "/run/mail-server/dovecot-secrets/ldap.conf";
       };
 
       dovecotAdminConfig = {
@@ -241,7 +245,12 @@ in {
           ([ "doveadm_password = ${readFile dovecotAdminPasswd}" ]
             ++ (optional (cfg.imap.api-port != null)
               "doveadm_api_key = ${readFile dovecotApiKey}")));
-        target-file = "/run/dovecot-secrets/admin.conf";
+        target-file = "/run/mail-server/dovecot-secrets/admin.conf";
+      };
+
+      redisPasswd = {
+        source-file = redisPasswdFile;
+        target-file = "/run/mail-server/redis/passwd";
       };
     };
 
@@ -254,9 +263,6 @@ in {
     ];
 
     virtualisation.arion.projects.mail-server.settings = let
-      redisPasswdFile =
-        pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
-        config.instance.build-seed;
 
       image = { pkgs, ... }: {
         project.name = "mail-server";
@@ -495,7 +501,10 @@ in {
           };
           redis = {
             service = {
-              volumes = [ "${cfg.state-directory}/redis:/var/lib/redis" ];
+              volumes = [
+                "${cfg.state-directory}/redis:/var/lib/redis"
+                "${hostSecrets.redisPasswd.target-file}:/run/redis/passwd"
+              ];
               networks = [ "redis_network" ];
             };
             nixos = {