From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 31 Aug 2017 19:11:18 +0000 (+0000)
Subject: salsa: set mail username and password
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=94bc127ef10b9d0fdb7484c3839e3dc7a1bc6d06;p=mirror%2Fdsa-puppet.git

salsa: set mail username and password
---

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index 3e798d029..038986b6e 100644
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -1,13 +1,5 @@
 #
-class salsa (
-	$user = $salsa::params::user,
-	$group = $salsa::params::group,
-	$home = $salsa::params::home,
-
-	$db_name = $salsa::params::db_name,
-	$db_role = $salsa::params::db_role,
-	$db_password = $salsa::params::db_password,
-) inherits salsa::params {
+class salsa inherits salsa::params {
 
 	# anchor things in correct order
 	anchor { 'salsa::begin': } ->
@@ -39,6 +31,9 @@ class salsa (
 				  name: "${salsa::db_name}"
 				  role: "${salsa::db_role}"
 				  password: "${salsa::db_password}"
+				mail:
+				  username: "${salsa::mail_username}"
+				  password: "${salsa::mail_password}"
 				| EOF
 	}
 }
diff --git a/modules/salsa/manifests/mail.pp b/modules/salsa/manifests/mail.pp
index 5eb78633b..d399ab469 100644
--- a/modules/salsa/manifests/mail.pp
+++ b/modules/salsa/manifests/mail.pp
@@ -29,12 +29,13 @@ class salsa::mail inherits salsa {
 		group => '_vmail',
 	}
 
+	$pw_salt = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-salsa-${mail_username}-salt-generator")
+	$hashed_pw = pw_hash($salsa::mail_password, 'SHA-512', $pw_salt)
 	file { '/etc/dovecot/users':
-		# XXX fix uid/git/password
 		mode => '440',
 		group => 'dovecot',
-		content  => @(EOF),
-				gitlab:$6$PoaX25m/P52bFbEU$tguOOYZZvOD49cmtlrqgRL4nKluakaVudPYOKkEcDZu/fZXXxyqjga9HypFwmBrj3uSP/wt2rqq7BNy22MlU90:::
+		content  => @("EOF"),
+				${salsa::mail_username}:${hashed_pw}:::
 				| EOF
 	}
 
diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp
index e647cc240..958e5d698 100644
--- a/modules/salsa/manifests/params.pp
+++ b/modules/salsa/manifests/params.pp
@@ -7,4 +7,7 @@ class salsa::params {
 	$db_name = "salsa"
 	$db_role = "salsa"
 	$db_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-salsa-${db_role}")
+
+	$mail_username = "gitlab"
+	$mail_password = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-salsa-${mail_username}")
 }