Changeset 30ef5ea3 in darkpeak-services


Ignore:
Timestamp:
Jul 14, 2018, 1:40:55 PM (19 months ago)
Author:
Caolan McMahon <caolan.mcmahon@…>
Branches:
ansible, keycloak, master, matrix, pleroma
Children:
3b6afabd
Parents:
63df04e1
git-author:
Caolan McMahon <caolan.mcmahon@…> (07/14/18 13:40:02)
git-committer:
Caolan McMahon <caolan.mcmahon@…> (07/14/18 13:40:55)
Message:

Move all passwords into prod-playbook.yml and encrypt with ansible vault

Files:
8 edited

Legend:

Unmodified
Added
Removed
  • README.md

    r63df04e1 r30ef5ea3  
    3333
    3434Then set the "development_mode" variable to "true" and the "domain_name" variable to something appropriate, like "darkpeak.dev" and you are ready to go.
     35
     36You'll also need to replace the ansible-vault encrypted passwords with
     37hard=coded development data. For example:
     38
     39    ttrss_postgresql_password: "correcthorsebatterystaple"
     40    sabredav_mysql_password: "correcthorsebatterystaple"
     41    trac_postgresql_password: "correcthorsebatterystaple"
     42    mediawiki_admin_pass: "correcthorsebatterystaple"
    3543
    3644## Developing With Vagrant
  • prod-playbook.yml

    r63df04e1 r30ef5ea3  
    5151    ldap_group_basedn: "cn=groups,cn=accounts,{{ ldap_basedn }}"
    5252
     53    ttrss_postgresql_password: !vault |
     54      $ANSIBLE_VAULT;1.1;AES256
     55      30306238393464653733343463343865333339393930376461376237616339353336326666616537
     56      3531343965353839346361393337636535383962386639370a616132323937373739366339333536
     57      61613730313261386238396661346461303066323435653937643536663735623837343339386662
     58      3534613136643766620a363834376633316565656436666162366365613364666139613732643262
     59      64353637373161343738346166313133656333336165616138636335633264396564343332393734
     60      3137623139356464653533353435333139373565303466346335
     61
     62    sabredav_mysql_password: !vault |
     63      $ANSIBLE_VAULT;1.1;AES256
     64      30323938306338323032363835616564666534653164313436383965663432653533396134643566
     65      3563643338313765346236373262356535346635653563610a633331613336646666636166376561
     66      38653438616163333135393263353963356338666362623834616133363332616639636535666533
     67      3962616662643139300a663531666630363939363232303564613539386266636538333931613237
     68      63306634326664613233323963343930623230393236346261333961326663613431656338316261
     69      3761323261646538393536616261613862396162616330343465
     70
     71    trac_postgresql_password: !vault |
     72      $ANSIBLE_VAULT;1.1;AES256
     73      62393631373263303130373331356635646565663330656363666363653965363037613361316566
     74      3866383232326236616331353332623039656562376539360a623637313832613936333639313437
     75      64303332303335613431623630373063323261626533383232613164633165623266616564346331
     76      3834663736653662660a623333633764353563353235666636623533613262313363373434396537
     77      30373464393362636634323163663065316661316135343932376338346465336461336564613362
     78      6563353332633166393435326233376230666336313062663363
     79
     80    mediawiki_admin_pass: !vault |
     81      $ANSIBLE_VAULT;1.1;AES256
     82      38653238656364653761656562386130636164303765373039313361646638373465343736366133
     83      3136316666336361633164636637323636346662613032340a323536393032626134306237346536
     84      38646636323135646437663534623163313463316535353036386638393033376435663261663637
     85      3265623666386336310a313161313637346239623435353537336436633633396632636531346166
     86      32623436613431386461646330656462636230623737393961363033356461653232303063336364
     87      3531336563363265653530363033383762656133643734623461
     88
     89    # before deploying to production, make encrypted versions of these
     90    mastodon_postgresql_password: "Tahgoh3vAmoo8EXooghoh2iy"
     91    mastodon_paperclip_secret: "59c571efc27215e088195f9df1b0cbbd6a11fcc0268d08daa05b6a7b847da5d46425709b2c80c0a98701916c447b223ecea5e3cb13e54562cf2223a0bcc7ca3c"
     92    mastodon_secret_key_base: "f07b4325dc3579002d123b413753e7d23c1089d4512f3416e21371e19816da68aecb7e2cf7803ca4e322e6c824c50ce9e881a26943cea15325cce8d3777971b0"
     93    mastodon_otp_secret: "55529853e78ab27547601064e0f34bef510cffb699b516abc34085e929b9edf00eb8f6ee7ede87123c005508e4e788033e6b86312fafab97940b54f6a1449a70"
     94    mastodon_vapid_private_key: "gAvUv0js5f3cFOxNqvc3V7pwlW8rJLCM91eC3KJqnNc="
     95    mastodon_vapid_public_key: "BIAEFqq5cAKpVpt6D53dEF5cBy4RJ8cpZx7EU_n4n3izLG0fLDOVdJGHyzL1aevo9x7EcszjTaWFyhgPkeNuZ1Y="
  • roles/mastodon/defaults/main.yml

    r63df04e1 r30ef5ea3  
    66postgresql_users:
    77  - name: "{{ service_name }}"
    8     password: Tahgoh3vAmoo8EXooghoh2iy
     8    password: "{{ mastodon_postgresql_password }}"
    99    role_attr_flags: CREATEDB,NOSUPERUSER
    1010
     
    2222rbenv_tag: v1.1.1
    2323ruby_build_tag: v20180224
    24 paperclip_secret: 59c571efc27215e088195f9df1b0cbbd6a11fcc0268d08daa05b6a7b847da5d46425709b2c80c0a98701916c447b223ecea5e3cb13e54562cf2223a0bcc7ca3c
    25 secret_key_base: f07b4325dc3579002d123b413753e7d23c1089d4512f3416e21371e19816da68aecb7e2cf7803ca4e322e6c824c50ce9e881a26943cea15325cce8d3777971b0
    26 otp_secret: 55529853e78ab27547601064e0f34bef510cffb699b516abc34085e929b9edf00eb8f6ee7ede87123c005508e4e788033e6b86312fafab97940b54f6a1449a70
    27 vapid_private_key: gAvUv0js5f3cFOxNqvc3V7pwlW8rJLCM91eC3KJqnNc=
    28 vapid_public_key: BIAEFqq5cAKpVpt6D53dEF5cBy4RJ8cpZx7EU_n4n3izLG0fLDOVdJGHyzL1aevo9x7EcszjTaWFyhgPkeNuZ1Y=
     24paperclip_secret: "{{ mastodon_paperclip_secret }}"
     25secret_key_base: "{{ mastodon_secret_key_base }}"
     26otp_secret: "{{ mastodon_otp_secret }}"
     27vapid_private_key: "{{ mastodon_vapid_private_key }}"
     28vapid_public_key: "{{ mastodon_vapid_public_key }}"
  • roles/mediawiki/defaults/main.yml

    r63df04e1 r30ef5ea3  
    1717admin_user:
    1818  name: DarkPeaker
    19   pass: correcthorsebatterystaple
     19  pass: "{{ mediawiki_admin_pass }}"
  • roles/sabredav/defaults/main.yml

    r63df04e1 r30ef5ea3  
    1111mysql_users:
    1212  - name: "{{ service_name }}"
    13     password: correcthorsebatterystaple
     13    password: "{{ sabredav_mysql_password }}"
    1414    priv: "{{ service_name }}.*:ALL"
    1515
  • roles/trac/defaults/main.yml

    r63df04e1 r30ef5ea3  
    1111postgresql_users:
    1212  - name: "{{ service_name }}"
    13     password: correcthorsebatterystaple
     13    password: "{{ trac_postgresql_password }}"
    1414    role_attr_flags: CREATEDB,NOSUPERUSER
    1515
  • roles/trac/tasks/main.yml

    r63df04e1 r30ef5ea3  
    5353
    5454- name: Initialise a new Trac environment
    55   command: "trac-admin {{ data_dir }} initenv 'Dark Peak' 'postgres://trac:correcthorsebatterystaple@/trac?host=/var/run/postgresql'"
     55  command: "trac-admin {{ data_dir }} initenv 'Dark Peak' 'postgres://trac:{{ trac_postgresql_password }}@/trac?host=/var/run/postgresql'"
    5656  args:
    5757    creates: "{{ data_dir }}/VERSION"
  • roles/ttrss/defaults/main.yml

    r63df04e1 r30ef5ea3  
    99postgresql_users:
    1010  - name: "{{ service_name }}"
    11     password: correcthorsebatterystaple
     11    password: "{{ ttrss_postgresql_password }}"
    1212    role_attr_flags: CREATEDB,NOSUPERUSER
    1313
Note: See TracChangeset for help on using the changeset viewer.