From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Sep 2017 20:46:22 +0000 (+0000)
Subject: give gitlab a random key for encrypting its DB
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b14e6f9d4228b9dcf901c928b13488d4bfcd0c3e;p=mirror%2Fdsa-puppet.git

give gitlab a random key for encrypting its DB
---

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index a0db08f3f..5f4f5a555 100644
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -27,6 +27,8 @@ class salsa inherits salsa::params {
 		group  => $salsa::group,
 		content  => @("EOF"),
 				---
+				# base secret that gitlab encrypts the DB with
+				secret: "${salsa::secret}"
 				database:
 				  name: "${salsa::db_name}"
 				  role: "${salsa::db_role}"
diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp
index d8e0f0a31..191b0b992 100644
--- a/modules/salsa/manifests/params.pp
+++ b/modules/salsa/manifests/params.pp
@@ -12,4 +12,6 @@ class salsa::params {
 
 	$mail_username = "gitlab@${servicename}"
 	$mail_password = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-${servicename}-${mail_username}")
+
+	$secret = hkdf('/etc/puppet/secret', "salsa-${::hostname}-base-secret")
 }