forked from Deuxfleurs/infrastructure
Document secrets and add stub utility to manage them
This commit is contained in:
parent
c74dc92feb
commit
d4d0b100ad
|
@ -1,11 +0,0 @@
|
|||
# Blacklist everything cleverly
|
||||
*/secrets/*
|
||||
!*/secrets/*/
|
||||
|
||||
# Whitelist some patterns
|
||||
!*.sample
|
||||
!*.gen
|
||||
!*.sh
|
||||
!.gitignore
|
||||
|
||||
# Whitelist specific files
|
|
@ -0,0 +1 @@
|
|||
RSA_PRIVATE_KEY dkim
|
|
@ -0,0 +1 @@
|
|||
SSL_CERT dovecot deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SSL_KEY dovecot
|
|
@ -0,0 +1 @@
|
|||
SERVICE_DN dovecot Dovecot IMAP server
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD dovecot
|
|
@ -0,0 +1 @@
|
|||
SSL_CERT postfix deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SSL_KEY postfix
|
|
@ -0,0 +1 @@
|
|||
SERVICE_DN sogo SoGo email frontend
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD sogo
|
|
@ -0,0 +1 @@
|
|||
USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)
|
|
@ -0,0 +1 @@
|
|||
USER cotorn static-auth (what is this?)
|
|
@ -0,0 +1 @@
|
|||
USER fb2mx API server token
|
|
@ -0,0 +1 @@
|
|||
USER fb2mx database URL, format: postgres://username:password@hostname/dbname
|
|
@ -1 +0,0 @@
|
|||
postgres://username:password@hostname/dbname
|
|
@ -0,0 +1 @@
|
|||
USER fb2mx homeserver token
|
|
@ -0,0 +1 @@
|
|||
SSL_CERT synapse im.deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
USER_LONG DH parameters for matrix ssl key? how does this work?
|
|
@ -0,0 +1 @@
|
|||
SSL_KEY synapse im.deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SERVICE_DN matrix Matrix chat server
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD matrix
|
|
@ -0,0 +1 @@
|
|||
CONST synapse
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD matrix
|
|
@ -0,0 +1 @@
|
|||
CONST matrix
|
|
@ -0,0 +1 @@
|
|||
USER Shared secret for homeserver registrations (?)
|
|
@ -0,0 +1 @@
|
|||
SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SSL_CERT jitsi jitsi.deuxfleurs.fr
|
|
@ -0,0 +1 @@
|
|||
SSL_KEY jitsi
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD platoo
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD replicator
|
|
@ -0,0 +1 @@
|
|||
CONST replicator
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD postgres
|
|
@ -0,0 +1 @@
|
|||
SERVICE_DN mysql MySQL/MariaDB database
|
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD mysql
|
|
@ -0,0 +1 @@
|
|||
USER mysql_pwd (what is this?)
|
|
@ -0,0 +1 @@
|
|||
USER Seafile peer key
|
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
"""
|
||||
TODO: this will be a utility to handle secrets in the Consul database
|
||||
for the various components of the Deuxfleurs infrastructure
|
||||
|
||||
Functionnalities:
|
||||
- check that secrets are correctly configured
|
||||
- help user fill in secrets
|
||||
- create LDAP service users and fill in corresponding secrets
|
||||
- maybe one day: manage SSL certificates and keys
|
||||
|
||||
It uses files placed in <module_name>/secrets/* to know what secrets
|
||||
it should handle. These secret files contain directives for what to do
|
||||
about these secrets.
|
||||
|
||||
Example directives:
|
||||
|
||||
USER <description>
|
||||
(a secret that must be filled in by the user)
|
||||
|
||||
USER_LONG <description>
|
||||
(the same, indicates that the secret fits on several lines)
|
||||
|
||||
CONST <constant value>
|
||||
(the secret has a constant value set here)
|
||||
|
||||
CONST_LONG
|
||||
<constant value, several lines>
|
||||
(same)
|
||||
|
||||
SERVICE_DN <service name> <service description>
|
||||
(the LDAP DN of a service user)
|
||||
|
||||
SERVICE_PASSWORD <service name>
|
||||
(the LDAP password for the corresponding service user)
|
||||
|
||||
SSL_CERT <cert name> <list of domains>
|
||||
(a SSL domain for the given domains)
|
||||
|
||||
SSL_KEY <cert name>
|
||||
(the SSL key going with corresponding certificate)
|
||||
"""
|
||||
|
|
@ -0,0 +1 @@
|
|||
USER web home_token (what is this?)
|
|
@ -0,0 +1 @@
|
|||
USER web quentin.dufour.io token (what is this?)
|
Loading…
Reference in New Issue