Adjust secrets paths for new Vault deployment

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-24 00:56:16 +01:00 · 2023-04-23 22:54:54 +02:00 · 2023-04-23 22:54:54 +02:00 · 2c832617b6
parent 5eb84dd9e7
commit 2c832617b6
4 changed files with 13 additions and 13 deletions
--- a/nomad/regions/homelab-1/email.tf
+++ b/nomad/regions/homelab-1/email.tf
@ -1,7 +1,7 @@
 resource "vault_policy" "dovecot-policy" {
  name = "dovecot-policy"
  policy = <<EOF
-path "kv/data/dovecot" {
+path "kv/data/cluster/dovecot" {
  capabilities = ["read"]
 }
 EOF
@ -10,7 +10,7 @@ EOF
 resource "vault_policy" "getmail-policy" {
  name = "getmail-policy"
  policy = <<EOF
-path "kv/data/getmail" {
+path "kv/data/cluster/getmail" {
  capabilities = ["read"]
 }
 EOF
--- a/nomad/regions/homelab-1/home-assistant.tf
+++ b/nomad/regions/homelab-1/home-assistant.tf
@ -101,7 +101,7 @@ resource "nomad_volume" "home-assistant_mosquitto" {
 resource "vault_policy" "home-assistant-policy" {
  name = "home-assistant-policy"
  policy = <<EOF
-path "kv/data/home-assistant" {
+path "kv/data/cluster/home-assistant" {
  capabilities = ["read"]
 }
 EOF
@ -110,11 +110,11 @@ EOF
 resource "vault_policy" "zigbee2mqtt-policy" {
  name = "zigbee2mqtt-policy"
  policy = <<EOF
-path "kv/data/mqtt" {
+path "kv/data/cluster/mqtt" {
  capabilities = ["read"]
 }

-path "kv/data/zigbee2mqtt" {
+path "kv/data/cluster/zigbee2mqtt" {
  capabilities = ["read"]
 }
 EOF
@ -123,7 +123,7 @@ EOF
 resource "vault_policy" "mosquitto-policy" {
  name = "mosquitto-policy"
  policy = <<EOF
-path "kv/data/mqtt" {
+path "kv/data/cluster/mqtt" {
  capabilities = ["read"]
 }
 EOF
--- a/nomad/regions/homelab-1/job/email.hcl
+++ b/nomad/regions/homelab-1/job/email.hcl
@ -74,7 +74,7 @@ job "email" {

      template {
        data = <<EOF
-{{ secret "kv/data/getmail" | toJSON }}
+{{ with secret "kv/data/cluster/getmail" }}{{ .Data.data | toJSON }}{{ end }}
 EOF
        destination = "secrets/getmail.passwd"
        change_mode = "restart"
@ -170,7 +170,7 @@ EOF

      template {
        data = <<EOF
-{{ with secret "kv/data/dovecot" }}{{ .Data.data.passwd }}{{ end }}
+{{ with secret "kv/data/cluster/dovecot" }}{{ .Data.data.passwd }}{{ end }}
 EOF
        destination = "secrets/passwd.dovecot"
        change_mode = "noop"
--- a/nomad/regions/homelab-1/job/home-assistant.hcl
+++ b/nomad/regions/homelab-1/job/home-assistant.hcl
@ -92,10 +92,10 @@ job "home-assistant" {

      template {
        data = <<EOF
-{{ with secret "kv/data/zigbee2mqtt" }}
+{{ with secret "kv/data/cluster/zigbee2mqtt" }}
 XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }}
 {{ end }}
-{{ with secret "kv/data/mqtt" }}
+{{ with secret "kv/data/cluster/mqtt" }}
 MQTT_PASSWORD={{ .Data.data.password }}
 MQTT_USER={{ .Data.data.user }}
 {{ end }}
@ -164,7 +164,7 @@ EOF

      template {
        data = <<EOF
-{{ with secret "kv/data/mqtt" }}
+{{ with secret "kv/data/cluster/mqtt" }}
 {{ .Data.data.user}}:{{ .Data.data.hash }}
 {{ end }}
 EOF
@ -255,7 +255,7 @@ EOF

      template {
        data = <<EOF
-alter user hass with encrypted password '{{ with secret "kv/data/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
+alter user hass with password '{{ with secret "kv/data/cluster/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
 EOF
        destination = "secrets/init.sql"
      }
@ -298,7 +298,7 @@ EOF

      template {
        data = <<EOF
-{{ with secret "kv/data/home-assistant" }}
+{{ with secret "kv/data/cluster/home-assistant" }}
 PSQL_PASSWORD={{ .Data.data.pgpass }}
 LATITUDE={{ .Data.data.latitude }}
 LONGTITUDE={{ .Data.data.longtitude }}