give gitlab a random key for encrypting its DB

author Peter Palfrader <peter@palfrader.org>

Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)

committer Peter Palfrader <peter@palfrader.org>

Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)
author Peter Palfrader <peter@palfrader.org>
Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)
committer Peter Palfrader <peter@palfrader.org>
Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)
diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp

index a0db08f..5f4f5a5 100644 (file)
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -27,6 +27,8 @@ class salsa inherits salsa::params {
                 group  => $salsa::group,
                 content  => @("EOF"),
                                 ---
+                               # base secret that gitlab encrypts the DB with
+                               secret: "${salsa::secret}"
                                 database:
                                   name: "${salsa::db_name}"
                                   role: "${salsa::db_role}"
diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp

index d8e0f0a..191b0b9 100644 (file)
--- a/modules/salsa/manifests/params.pp
+++ b/modules/salsa/manifests/params.pp
@@ -12,4 +12,6 @@ class salsa::params {
  
         $mail_username = "gitlab@${servicename}"
         $mail_password = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-${servicename}-${mail_username}")
+
+       $secret = hkdf('/etc/puppet/secret', "salsa-${::hostname}-base-secret")
  }
author	Peter Palfrader <peter@palfrader.org>
	Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 3 Sep 2017 20:46:22 +0000 (20:46 +0000)
modules/salsa/manifests/init.pp		patch \| blob \| history
modules/salsa/manifests/params.pp		patch \| blob \| history