From bf2de708c73c0aee3af2585726515671284e0d9e Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 4 Sep 2017 11:09:21 +0200
Subject: [PATCH] Add ~/.credentials-manual.yaml to salsa

---
 modules/salsa/manifests/init.pp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index 5f4f5a555..2f741fba1 100644
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -27,6 +27,7 @@ class salsa inherits salsa::params {
 		group  => $salsa::group,
 		content  => @("EOF"),
 				---
+				# This file is maintained by puppet.
 				# base secret that gitlab encrypts the DB with
 				secret: "${salsa::secret}"
 				database:
@@ -38,6 +39,18 @@ class salsa inherits salsa::params {
 				  password: "${salsa::mail_password}"
 				| EOF
 	}
+	file { "${salsa::home}/.credentials-manual.yaml":
+		mode => '0400',
+		owner  => $salsa::user,
+		group  => $salsa::group,
+		content  => @("EOF"),
+				---
+				# This file was put in place by puppet, but it won't overwrite it.
+				# Please fill in from dsa-passwords/service-salsa
+				# mastersecret: "swordfish"
+				| EOF
+		replace => false,
+	}
 
 	ssl::service { $servicename:
 		# notify  => Exec['service apache2 reload'],
-- 
2.20.1