From c212514035cffd38acbfac1413064937b28685b6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 1 Oct 2020 15:02:47 -0300 Subject: Squashed 'puppet/' content from commit eb5ecc4 git-subtree-dir: puppet git-subtree-split: eb5ecc4fcad6bd4f75e38683ae12a8dba4382c0b --- config/hiera.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 config/hiera.yaml (limited to 'config/hiera.yaml') diff --git a/config/hiera.yaml b/config/hiera.yaml new file mode 100644 index 0000000..14e393d --- /dev/null +++ b/config/hiera.yaml @@ -0,0 +1,38 @@ +--- +version: 5 +defaults: + datadir: "config" + data_hash: "yaml_data" +hierarchy: + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you"re using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - name: "encrypted secrets" + path: "secrets/node/%{facts.fqdn}.yaml" + lookup_key: eyaml_lookup_key + options: + # If using the pkcs7 encryptor (default) + pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem" + pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem" + + - name: "regular secrets" + paths: + - "secrets/role/%{facts.role}.yaml" + - "secrets/location/%{facts.location}.yaml" + - "secrets/domain/%{facts.domain}.yaml" + + # + # All other stuff goes in regular YAML files. + # + - name: "public" + paths: + - "node/%{facts.fqdn}.yaml" + - "role/%{facts.role}.yaml" + - "virtual/%{facts.virtual}.yaml" + - "location/%{facts.location}.yaml" + - "domain/%{facts.domain}.yaml" + - "compiled.yaml" + - "common.yaml" -- cgit v1.2.3