Reorganize app/ and add script for secret management #29

Merged
quentin merged 5 commits from test_reorganize into master 2021-01-18 07:18:23 +00:00
79 changed files with 81 additions and 12 deletions
Showing only changes of commit d4d0b100ad - Show all commits

11
app/.gitignore vendored
View file

@ -1,11 +0,0 @@
# Blacklist everything cleverly
*/secrets/*
!*/secrets/*/
# Whitelist some patterns
!*.sample
!*.gen
!*.sh
!.gitignore
# Whitelist specific files

View file

@ -0,0 +1 @@
RSA_PRIVATE_KEY dkim

View file

@ -0,0 +1 @@
SSL_CERT dovecot deuxfleurs.fr

View file

@ -0,0 +1 @@
SSL_KEY dovecot

View file

@ -0,0 +1 @@
SERVICE_DN dovecot Dovecot IMAP server

View file

@ -0,0 +1 @@
SERVICE_PASSWORD dovecot

View file

@ -0,0 +1 @@
SSL_CERT postfix deuxfleurs.fr

View file

@ -0,0 +1 @@
SSL_KEY postfix

View file

@ -0,0 +1 @@
SERVICE_DN sogo SoGo email frontend

View file

@ -0,0 +1 @@
SERVICE_PASSWORD sogo

View file

@ -0,0 +1 @@
USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)

View file

@ -0,0 +1 @@
USER cotorn static-auth (what is this?)

View file

@ -0,0 +1 @@
USER fb2mx API server token

View file

@ -0,0 +1 @@
USER fb2mx database URL, format: postgres://username:password@hostname/dbname

View file

@ -1 +0,0 @@
postgres://username:password@hostname/dbname

View file

@ -0,0 +1 @@
USER fb2mx homeserver token

View file

@ -0,0 +1 @@
SSL_CERT synapse im.deuxfleurs.fr

View file

@ -0,0 +1 @@
USER_LONG DH parameters for matrix ssl key? how does this work?

View file

@ -0,0 +1 @@
SSL_KEY synapse im.deuxfleurs.fr

View file

@ -0,0 +1 @@
SERVICE_DN matrix Matrix chat server

View file

@ -0,0 +1 @@
SERVICE_PASSWORD matrix

View file

@ -0,0 +1 @@
CONST synapse

View file

@ -0,0 +1 @@
SERVICE_PASSWORD matrix

View file

@ -0,0 +1 @@
CONST matrix

View file

@ -0,0 +1 @@
USER Shared secret for homeserver registrations (?)

View file

@ -0,0 +1 @@
SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr

View file

@ -0,0 +1 @@
SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr

View file

@ -0,0 +1 @@
SSL_CERT jitsi jitsi.deuxfleurs.fr

View file

@ -0,0 +1 @@
SSL_KEY jitsi

View file

@ -0,0 +1 @@
SERVICE_PASSWORD platoo

View file

@ -0,0 +1 @@
SERVICE_PASSWORD replicator

View file

@ -0,0 +1 @@
CONST replicator

View file

@ -0,0 +1 @@
SERVICE_PASSWORD postgres

View file

@ -0,0 +1 @@
SERVICE_DN mysql MySQL/MariaDB database

View file

@ -0,0 +1 @@
SERVICE_PASSWORD mysql

View file

@ -0,0 +1 @@
USER mysql_pwd (what is this?)

View file

@ -0,0 +1 @@
USER Seafile peer key

44
app/secrets.py Normal file
View file

@ -0,0 +1,44 @@
#!/usr/bin/env python3
"""
TODO: this will be a utility to handle secrets in the Consul database
for the various components of the Deuxfleurs infrastructure
Functionnalities:
- check that secrets are correctly configured
- help user fill in secrets
- create LDAP service users and fill in corresponding secrets
- maybe one day: manage SSL certificates and keys
It uses files placed in <module_name>/secrets/* to know what secrets
it should handle. These secret files contain directives for what to do
about these secrets.
Example directives:
USER <description>
(a secret that must be filled in by the user)
USER_LONG <description>
(the same, indicates that the secret fits on several lines)
CONST <constant value>
(the secret has a constant value set here)
CONST_LONG
<constant value, several lines>
(same)
SERVICE_DN <service name> <service description>
(the LDAP DN of a service user)
SERVICE_PASSWORD <service name>
(the LDAP password for the corresponding service user)
SSL_CERT <cert name> <list of domains>
(a SSL domain for the given domains)
SSL_KEY <cert name>
(the SSL key going with corresponding certificate)
"""

View file

@ -0,0 +1 @@
USER web home_token (what is this?)

View file

@ -0,0 +1 @@
USER web quentin.dufour.io token (what is this?)