Add ~/.credentials-manual.yaml to salsa

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index 5f4f5a5..2f741fb 100644 (file)
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -27,6 +27,7 @@ class salsa inherits salsa::params {
                group  => $salsa::group,
                content  => @("EOF"),
                                ---
+                               # This file is maintained by puppet.
                                # base secret that gitlab encrypts the DB with
                                secret: "${salsa::secret}"
                                database:
@@ -38,6 +39,18 @@ class salsa inherits salsa::params {
                                  password: "${salsa::mail_password}"
                                | EOF
        }
+       file { "${salsa::home}/.credentials-manual.yaml":
+               mode => '0400',
+               owner  => $salsa::user,
+               group  => $salsa::group,
+               content  => @("EOF"),
+                               ---
+                               # This file was put in place by puppet, but it won't overwrite it.
+                               # Please fill in from dsa-passwords/service-salsa
+                               # mastersecret: "swordfish"
+                               | EOF
+               replace => false,
+       }
 
        ssl::service { $servicename:
                # notify  => Exec['service apache2 reload'],