add web.social-grow.tech

hosts/web.social-grow.tech/modules/nextcloud/ldap.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+let
+  updateLdapSettings = pkgs.writeText "nextcloud-update-ldap-settings.sql" (builtins.readFile ./update-ldap-settings.sql);
+in {
+
+  sops.secrets.nextcloud-ldap-password.owner = "nextcloud";
+
+  systemd.services."nextcloud-update-ldap-settings" = {
+    enable = true;
+    description = "My custom service";
+    after = [ "nextcloud-setup.service" ];
+    script = let
+      updateLdapSettings = pkgs.writeText "nextcloud-update-ldap-settings.sql" (builtins.readFile ./update-ldap-settings.sql);
+    in ''
+      ldappass=$(base64 -w 0 ${config.sops.secrets.nextcloud-ldap-password.path})
+      ${pkgs.mysql}/bin/mysql -u nextcloud -e "INSERT INTO oc_appconfig (appid, configkey, configvalue, type, lazy) VALUES ('user_ldap', 's01ldap_agent_password', '$ldappass', 2, 0) ON DUPLICATE KEY UPDATE configvalue = '$ldappass';" nextcloud
+      ${pkgs.mysql}/bin/mysql -u nextcloud nextcloud < ${updateLdapSettings}
+    '';
+    serviceConfig = {
+      Type = "exec";
+      User = "nextcloud";
+    };
+  };
+}