aboutsummaryrefslogtreecommitdiff
path: root/config/hiera.yaml
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-10-01 15:02:47 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-10-01 15:02:47 -0300
commitc212514035cffd38acbfac1413064937b28685b6 (patch)
treea043a9c3caac740cf61313d04d9d84280a44f30f /config/hiera.yaml
downloadsemanticscuttle-c212514035cffd38acbfac1413064937b28685b6.tar.gz
semanticscuttle-c212514035cffd38acbfac1413064937b28685b6.tar.bz2
Squashed 'puppet/' content from commit eb5ecc4
git-subtree-dir: puppet git-subtree-split: eb5ecc4fcad6bd4f75e38683ae12a8dba4382c0b
Diffstat (limited to 'config/hiera.yaml')
-rw-r--r--config/hiera.yaml38
1 files changed, 38 insertions, 0 deletions
diff --git a/config/hiera.yaml b/config/hiera.yaml
new file mode 100644
index 0000000..14e393d
--- /dev/null
+++ b/config/hiera.yaml
@@ -0,0 +1,38 @@
+---
+version: 5
+defaults:
+ datadir: "config"
+ data_hash: "yaml_data"
+hierarchy:
+ #
+ # Put in the secrets folder all sensitive information that
+ # wont be spread into every system if you"re using the Hydra Suite.
+ #
+ # We also recommend to leave only encrypted data in your hiera config.
+ #
+ - name: "encrypted secrets"
+ path: "secrets/node/%{facts.fqdn}.yaml"
+ lookup_key: eyaml_lookup_key
+ options:
+ # If using the pkcs7 encryptor (default)
+ pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem"
+ pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem"
+
+ - name: "regular secrets"
+ paths:
+ - "secrets/role/%{facts.role}.yaml"
+ - "secrets/location/%{facts.location}.yaml"
+ - "secrets/domain/%{facts.domain}.yaml"
+
+ #
+ # All other stuff goes in regular YAML files.
+ #
+ - name: "public"
+ paths:
+ - "node/%{facts.fqdn}.yaml"
+ - "role/%{facts.role}.yaml"
+ - "virtual/%{facts.virtual}.yaml"
+ - "location/%{facts.location}.yaml"
+ - "domain/%{facts.domain}.yaml"
+ - "compiled.yaml"
+ - "common.yaml"