#
-class salsa (
- $user = $salsa::params::user,
- $group = $salsa::params::group,
- $home = $salsa::params::home,
-
- $db_name = $salsa::params::db_name,
- $db_role = $salsa::params::db_role,
- $db_password = $salsa::params::db_password,
-) inherits salsa::params {
+class salsa inherits salsa::params {
# anchor things in correct order
anchor { 'salsa::begin': } ->
name: "${salsa::db_name}"
role: "${salsa::db_role}"
password: "${salsa::db_password}"
+ mail:
+ username: "${salsa::mail_username}"
+ password: "${salsa::mail_password}"
| EOF
}
}
group => '_vmail',
}
+ $pw_salt = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-salsa-${mail_username}-salt-generator")
+ $hashed_pw = pw_hash($salsa::mail_password, 'SHA-512', $pw_salt)
file { '/etc/dovecot/users':
- # XXX fix uid/git/password
mode => '440',
group => 'dovecot',
- content => @(EOF),
- gitlab:$6$PoaX25m/P52bFbEU$tguOOYZZvOD49cmtlrqgRL4nKluakaVudPYOKkEcDZu/fZXXxyqjga9HypFwmBrj3uSP/wt2rqq7BNy22MlU90:::
+ content => @("EOF"),
+ ${salsa::mail_username}:${hashed_pw}:::
| EOF
}
$db_name = "salsa"
$db_role = "salsa"
$db_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-salsa-${db_role}")
+
+ $mail_username = "gitlab"
+ $mail_password = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-salsa-${mail_username}")
}
projects / mirror / dsa-puppet.git / commitdiff