magic_rb/cluster
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/cluster synced 2024-11-24 00:56:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adjust secrets paths for new Vault deployment

Browse source 
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2023-04-23 22:54:54 +02:00
parent 5eb84dd9e7
commit 2c832617b6
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
4 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nomad/regions/homelab-1/email.tf
View file

@ -1,7 +1,7 @@
resource "vault_policy" "dovecot-policy" { resource "vault_policy" "dovecot-policy" {
name = "dovecot-policy" name = "dovecot-policy"
policy = <<EOF policy = <<EOF
path "kv/data/dovecot" { path "kv/data/cluster/dovecot" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF
@ -10,7 +10,7 @@ EOF
resource "vault_policy" "getmail-policy" { resource "vault_policy" "getmail-policy" {
name = "getmail-policy" name = "getmail-policy"
policy = <<EOF policy = <<EOF
path "kv/data/getmail" { path "kv/data/cluster/getmail" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF

8
nomad/regions/homelab-1/home-assistant.tf
View file

@ -101,7 +101,7 @@ resource "nomad_volume" "home-assistant_mosquitto" {
resource "vault_policy" "home-assistant-policy" { resource "vault_policy" "home-assistant-policy" {
name = "home-assistant-policy" name = "home-assistant-policy"
policy = <<EOF policy = <<EOF
path "kv/data/home-assistant" { path "kv/data/cluster/home-assistant" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF
@ -110,11 +110,11 @@ EOF
resource "vault_policy" "zigbee2mqtt-policy" { resource "vault_policy" "zigbee2mqtt-policy" {
name = "zigbee2mqtt-policy" name = "zigbee2mqtt-policy"
policy = <<EOF policy = <<EOF
path "kv/data/mqtt" { path "kv/data/cluster/mqtt" {
capabilities = ["read"] capabilities = ["read"]
} }
path "kv/data/zigbee2mqtt" { path "kv/data/cluster/zigbee2mqtt" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF
@ -123,7 +123,7 @@ EOF
resource "vault_policy" "mosquitto-policy" { resource "vault_policy" "mosquitto-policy" {
name = "mosquitto-policy" name = "mosquitto-policy"
policy = <<EOF policy = <<EOF
path "kv/data/mqtt" { path "kv/data/cluster/mqtt" {
capabilities = ["read"] capabilities = ["read"]
} }
EOF EOF

4
nomad/regions/homelab-1/job/email.hcl
View file

@ -74,7 +74,7 @@ job "email" {
template { template {
data = <<EOF data = <<EOF
{{ secret "kv/data/getmail" | toJSON }} {{ with secret "kv/data/cluster/getmail" }}{{ .Data.data | toJSON }}{{ end }}
EOF EOF
destination = "secrets/getmail.passwd" destination = "secrets/getmail.passwd"
change_mode = "restart" change_mode = "restart"
@ -170,7 +170,7 @@ EOF
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/dovecot" }}{{ .Data.data.passwd }}{{ end }} {{ with secret "kv/data/cluster/dovecot" }}{{ .Data.data.passwd }}{{ end }}
EOF EOF
destination = "secrets/passwd.dovecot" destination = "secrets/passwd.dovecot"
change_mode = "noop" change_mode = "noop"

10
nomad/regions/homelab-1/job/home-assistant.hcl
View file

@ -92,10 +92,10 @@ job "home-assistant" {
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/zigbee2mqtt" }} {{ with secret "kv/data/cluster/zigbee2mqtt" }}
XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }} XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }}
{{ end }} {{ end }}
{{ with secret "kv/data/mqtt" }} {{ with secret "kv/data/cluster/mqtt" }}
MQTT_PASSWORD={{ .Data.data.password }} MQTT_PASSWORD={{ .Data.data.password }}
MQTT_USER={{ .Data.data.user }} MQTT_USER={{ .Data.data.user }}
{{ end }} {{ end }}
@ -164,7 +164,7 @@ EOF
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/mqtt" }} {{ with secret "kv/data/cluster/mqtt" }}
{{ .Data.data.user}}:{{ .Data.data.hash }} {{ .Data.data.user}}:{{ .Data.data.hash }}
{{ end }} {{ end }}
EOF EOF
@ -255,7 +255,7 @@ EOF
template { template {
data = <<EOF data = <<EOF
alter user hass with encrypted password '{{ with secret "kv/data/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}'; alter user hass with password '{{ with secret "kv/data/cluster/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
EOF EOF
destination = "secrets/init.sql" destination = "secrets/init.sql"
} }
@ -298,7 +298,7 @@ EOF
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/home-assistant" }} {{ with secret "kv/data/cluster/home-assistant" }}
PSQL_PASSWORD={{ .Data.data.pgpass }} PSQL_PASSWORD={{ .Data.data.pgpass }}
LATITUDE={{ .Data.data.latitude }} LATITUDE={{ .Data.data.latitude }}
LONGTITUDE={{ .Data.data.longtitude }} LONGTITUDE={{ .Data.data.longtitude }}