X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=inline;f=modules%2Fsalsa%2Fmanifests%2Finit.pp;h=0c2d83ee9b22435240f984aa6cf0f3cf1b89ddc9;hb=bb72f5f44f42b66c4e1cab0d046d7632fcdfad25;hp=038986b6edb9ac3b6f4b917f1ed7a3a295c5ad78;hpb=94bc127ef10b9d0fdb7484c3839e3dc7a1bc6d06;p=mirror%2Fdsa-puppet.git

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index 038986b6e..0c2d83ee9 100644
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -27,6 +27,9 @@ class salsa inherits salsa::params {
 		group  => $salsa::group,
 		content  => @("EOF"),
 				---
+				# This file is maintained by puppet.
+				# base secret that gitlab encrypts the DB with
+				secret: "${salsa::secret}"
 				database:
 				  name: "${salsa::db_name}"
 				  role: "${salsa::db_role}"
@@ -36,4 +39,21 @@ class salsa inherits salsa::params {
 				  password: "${salsa::mail_password}"
 				| EOF
 	}
+	file { "${salsa::home}/.credentials-manual.yaml":
+		mode => '0400',
+		owner  => $salsa::user,
+		group  => $salsa::group,
+		content  => @("EOF"),
+				---
+				# This file was put in place by puppet, but it won't overwrite it.
+				# Please fill in from dsa-passwords/services-salsa
+				# mastersecret: "swordfish"
+				| EOF
+		replace => false,
+	}
+
+	ssl::service { $servicename:
+		# notify  => Exec['service apache2 reload'],
+		key => true,
+	}
 }