diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2020-10-01 15:02:47 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2020-10-01 15:02:47 -0300 |
| commit | 765ca2bd25384c3d33d243a5b2f0aa419edcd8fa (patch) | |
| tree | b59aa15319607ea45ba83516628539b420d8841b /puppet/config/hiera.yaml | |
| parent | b0d7b1d90860f858578455c5cf695c062c0ade07 (diff) | |
| parent | c212514035cffd38acbfac1413064937b28685b6 (diff) | |
| download | semanticscuttle-765ca2bd25384c3d33d243a5b2f0aa419edcd8fa.tar.gz semanticscuttle-765ca2bd25384c3d33d243a5b2f0aa419edcd8fa.tar.bz2 | |
Merge commit 'c212514035cffd38acbfac1413064937b28685b6' as 'puppet'
Diffstat (limited to 'puppet/config/hiera.yaml')
| -rw-r--r-- | puppet/config/hiera.yaml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/puppet/config/hiera.yaml b/puppet/config/hiera.yaml new file mode 100644 index 0000000..14e393d --- /dev/null +++ b/puppet/config/hiera.yaml @@ -0,0 +1,38 @@ +--- +version: 5 +defaults: + datadir: "config" + data_hash: "yaml_data" +hierarchy: + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you"re using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - name: "encrypted secrets" + path: "secrets/node/%{facts.fqdn}.yaml" + lookup_key: eyaml_lookup_key + options: + # If using the pkcs7 encryptor (default) + pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem" + pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem" + + - name: "regular secrets" + paths: + - "secrets/role/%{facts.role}.yaml" + - "secrets/location/%{facts.location}.yaml" + - "secrets/domain/%{facts.domain}.yaml" + + # + # All other stuff goes in regular YAML files. + # + - name: "public" + paths: + - "node/%{facts.fqdn}.yaml" + - "role/%{facts.role}.yaml" + - "virtual/%{facts.virtual}.yaml" + - "location/%{facts.location}.yaml" + - "domain/%{facts.domain}.yaml" + - "compiled.yaml" + - "common.yaml" |