Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3768308
D3302.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
15 KB
Referenced Files
None
Subscribers
None
D3302.id.diff
View Options
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -95,8 +95,8 @@
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
opensearch:
- - ops/secrets/nasqueron.opensearch.infra-logs.internal_users.admin
- - ops/secrets/nasqueron.opensearch.infra-logs.internal_users.dashboards
+ - ops/secrets/nasqueron/opensearch/infra-logs/internal_users/admin
+ - ops/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards
paas-docker-prod:
@@ -112,80 +112,73 @@
# Format: ops/secrets/nasqueron/service/<...>
#
+ - ops/secrets/nasqueron/acquisitariat/mysql
+
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/dbserver/cluster-A/users/airflow
+ - ops/secrets/nasqueron/auth-grove/mysql
+
+ - ops/secrets/nasqueron/cachet/app_key
+ - ops/secrets/nasqueron/cachet/mysql
+
+ - ops/secrets/nasqueron/etherpad/api
- ops/secrets/nasqueron/etherpad/mysql
- ops/secrets/nasqueron/etherpad/users/dereckson
+ - ops/secrets/nasqueron/notifications/broker
+ - ops/secrets/nasqueron/notifications/mailgun
+ - ops/secrets/nasqueron/notifications/sentry
+
+ - ops/secrets/nasqueron/notifications/credentials/github/nasqueron
+ - ops/secrets/nasqueron/notifications/credentials/github/wolfplex
+ - ops/secrets/nasqueron/notifications/credentials/github/keruald
+ - ops/secrets/nasqueron/notifications/credentials/github/trustspace
+ - ops/secrets/nasqueron/notifications/credentials/github/eglide
+ - ops/secrets/nasqueron/notifications/credentials/phabricator/nasqueron
+
+ - apps/notifications-center/dockerhub/notifications
+ - apps/notifications-center/dockerhub/auth-grove
+
- ops/secrets/nasqueron/penpot/github
- ops/secrets/nasqueron/penpot/postgresql
- ops/secrets/nasqueron/penpot/secret_key
+ - ops/secrets/nasqueron/pixelfed/app_key
+ - ops/secrets/nasqueron/pixelfed/mailgun
+ - ops/secrets/nasqueron/pixelfed/mysql
+
- ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/white-rabbit/root
+ - ops/secrets/nasqueron/sentry/app_key
- ops/secrets/nasqueron/sentry/geoipupdate
-
- #
- # Credentials used by Nasqueron services
- # Format: ops/secrets/nasqueron.<service>.<type>
- #
-
- - ops/secrets/nasqueron.acquisitariat.mysql
-
- - ops/secrets/nasqueron.auth-grove.mysql
-
- - ops/secrets/nasqueron.cachet.app_key
- - ops/secrets/nasqueron.cachet.mysql
-
- - ops/secrets/nasqueron.etherpad.api
-
- - ops/secrets/nasqueron.notifications.broker
- - ops/secrets/nasqueron.notifications.mailgun
- - ops/secrets/nasqueron.notifications.sentry
-
- - ops/secrets/nasqueron.notifications.credentials_github_nasqueron
- - ops/secrets/nasqueron.notifications.credentials_github_wolfplex
- - ops/secrets/nasqueron.notifications.credentials_github_keruald
- - ops/secrets/nasqueron.notifications.credentials_github_trustspace
- - ops/secrets/nasqueron.notifications.credentials_github_eglide
- - ops/secrets/nasqueron.notifications.credentials_phabricator_nasqueron
-
- - apps/notifications-center/dockerhub/notifications
- - apps/notifications-center/dockerhub/auth-grove
-
- - ops/secrets/nasqueron.pixelfed.app_key
- - ops/secrets/nasqueron.pixelfed.mailgun
- - ops/secrets/nasqueron.pixelfed.mysql
-
- - ops/secrets/nasqueron.sentry.app_key
- - ops/secrets/nasqueron.sentry.postgresql
- - ops/secrets/nasqueron.sentry.vault
+ - ops/secrets/nasqueron/sentry/postgresql
+ - ops/secrets/nasqueron/sentry/vault
#
# Credentials used by Nasqueron members private services
- # Format: <username>.<service>.<type>
+ # Format: <username>/<service>/<type>
#
- - ops/secrets/dereckson.phabricator.mysql
+ - ops/secrets/dereckson/phabricator/mysql
#
# Credentials used by projects hosted by Nasqueron
- # Format: <project name>.<service>.<type>
+ # Format: <project name>/<service>/<type>
#
- ops/secrets/dbserver/cluster-A/users/corspat
- - ops/secrets/espacewin.phpbb.mysql_root
+ - ops/secrets/espacewin/phpbb/mysql_root
- - ops/secrets/wolfplex.phabricator.mailgun
- - ops/secrets/wolfplex.phabricator.mysql
+ - ops/secrets/wolfplex/phabricator/mailgun
+ - ops/secrets/wolfplex/phabricator/mysql
- - ops/secrets/zed.phabricator.mysql
- - ops/secrets/zed.phabricator.sendgrid
+ - ops/secrets/zed/phabricator/mysql
+ - ops/secrets/zed/phabricator/sendgrid
paas-docker-dev:
@@ -208,15 +201,15 @@
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/root
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/notifications
- - ops/secrets/nasqueron.notifications.sentry
+ - ops/secrets/nasqueron/notifications/sentry
#
# Credentials used by projects hosted by Nasqueron
- # Format: <project name>.<service>.<type>
+ # Format: <project name>/<service>/<type>
#
- - ops/secrets/espacewin.bugzilla.mysql
- - ops/secrets/espacewin.bugzilla.mysql_root
+ - ops/secrets/espacewin/bugzilla/mysql
+ - ops/secrets/espacewin/bugzilla/mysql_root
saas-mediawiki:
- ops/secrets/dbserver/cluster-B/users/saas-mediawiki
@@ -228,7 +221,7 @@
- ops/secrets/dereckson/wordpress/secrets
viperserv:
- - ops/secrets/nasqueron.viperserv.vault
+ - ops/secrets/nasqueron/viperserv/vault
webserver-alkane-prod:
- ops/secrets/dbserver/cluster-B/users/dereckson_www
@@ -242,7 +235,7 @@
# Wolfplex credentials
#
- - ops/secrets/nasqueron.etherpad.api
+ - ops/secrets/nasqueron/etherpad/api
webserver-alkane-dev:
- ops/secrets/dbserver/cluster-B/users/dereckson_www51
@@ -253,7 +246,7 @@
# Wolfplex credentials
#
- - ops/secrets/nasqueron.etherpad.api
+ - ops/secrets/nasqueron/etherpad/api
# -------------------------------------------------------------
# Vault secrets by dbserver cluster
diff --git a/pillar/notifications/config.sls b/pillar/notifications/config.sls
--- a/pillar/notifications/config.sls
+++ b/pillar/notifications/config.sls
@@ -19,28 +19,28 @@
- gate: GitHub
door: Nasqueron
- secret: nasqueron.notifications.credentials_github_nasqueron
+ secret: nasqueron/notifications/credentials/github/nasqueron
- gate: GitHub
door: Wolfplex
- secret: nasqueron.notifications.credentials_github_wolfplex
+ secret: nasqueron/notifications/credentials/github/wolfplex
- gate: GitHub
door: Keruald
- secret: nasqueron.notifications.credentials_github_keruald
+ secret: nasqueron/notifications/credentials/github/keruald
- gate: GitHub
door: TrustSpace
- secret: nasqueron.notifications.credentials_github_trustspace
+ secret: nasqueron/notifications/credentials/github/trustspace
- gate: GitHub
door: Eglide
- secret: nasqueron.notifications.credentials_github_eglide
+ secret: nasqueron/notifications/credentials/github/eglide
- gate: Phabricator
door: Nasqueron
instance: https://devcentral.nasqueron.org
- secret: nasqueron.notifications.credentials_phabricator_nasqueron
+ secret: nasqueron/notifications/credentials/phabricator/nasqueron
# -------------------------------------------------------------
# Docker Hub build triggers
diff --git a/pillar/opensearch/clusters.sls b/pillar/opensearch/clusters.sls
--- a/pillar/opensearch/clusters.sls
+++ b/pillar/opensearch/clusters.sls
@@ -14,6 +14,6 @@
nodes:
- cloudhugger
users:
- admin: nasqueron.opensearch.infra-logs.internal_users.admin
- dashboards: nasqueron.opensearch.infra-logs.internal_users.dashboards
+ admin: nasqueron/opensearch/infra-logs/internal_users/admin
+ dashboards: nasqueron/opensearch/infra-logs/internal_users/dashboards
heap_size: 26G
diff --git a/pillar/paas/docker/docker-002/etherpad.sls b/pillar/paas/docker/docker-002/etherpad.sls
--- a/pillar/paas/docker/docker-002/etherpad.sls
+++ b/pillar/paas/docker/docker-002/etherpad.sls
@@ -16,7 +16,7 @@
aliases:
- pad.wolfplex.org
- pad.wolfplex.be
- credential: nasqueron.etherpad.api
+ credential: nasqueron/etherpad/api
mysql_link: acquisitariat
etherpad_settings:
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
--- a/pillar/paas/docker/docker-002/main.sls
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -95,10 +95,10 @@
mysql:
acquisitariat:
credentials:
- root: nasqueron.acquisitariat.mysql
+ root: nasqueron/acquisitariat/mysql
phpbb_db:
credentials:
- root: espacewin.phpbb.mysql_root
+ root: espacewin/phpbb/mysql_root
redis:
pixelfed_redis: {}
@@ -146,7 +146,7 @@
- serveurs.nasqueron.org
mailer: mailgun
credentials:
- mysql: zed.phabricator.mysql
+ mysql: zed/phabricator/mysql
static_host: devcentral.nasqueron-user-content.org
title: Nasqueron DevCentral
mysql_link: acquisitariat
@@ -159,7 +159,7 @@
static_host: river-sector.nasqueron-user-content.org
mailer: _
credentials:
- mysql: dereckson.phabricator.mysql
+ mysql: dereckson/phabricator/mysql
storage:
namespace: river_sector
title: River Sector
@@ -174,8 +174,8 @@
static_host: wolfplex.phabricator.nasqueron-user-content.org
mailer: mailgun
credentials:
- mailgun: wolfplex.phabricator.mailgun
- mysql: wolfplex.phabricator.mysql
+ mailgun: wolfplex/phabricator/mailgun
+ mysql: wolfplex/phabricator/mysql
storage:
namespace: wolfphab
title: Wolfplex Phabricator
@@ -188,8 +188,8 @@
static_host: zed.phabricator.nasqueron-user-content.org
mailer: sendgrid
credentials:
- mysql: zed.phabricator.mysql
- sendgrid: zed.phabricator.sendgrid
+ mysql: zed/phabricator/mysql
+ sendgrid: zed/phabricator/sendgrid
storage:
namespace: zedphab
title: Zed
@@ -211,12 +211,12 @@
app_port: 37080
broker_link: white-rabbit
credentials:
- broker: nasqueron.notifications.broker
- mailgun: nasqueron.notifications.mailgun
+ broker: nasqueron/notifications/broker
+ mailgun: nasqueron/notifications/mailgun
sentry:
realm: nasqueron
project_id: 2
- credential: nasqueron.notifications.sentry
+ credential: nasqueron/notifications/sentry
#
# Community and development services
@@ -258,15 +258,15 @@
cachet:
app_port: 39080
host: status.nasqueron.org
- credential: nasqueron.cachet.mysql
- app_key: nasqueron.cachet.app_key
+ credential: nasqueron/cachet/mysql
+ app_key: nasqueron/cachet/app_key
mysql_link: acquisitariat
auth-grove:
login:
app_port: 25080
host: login.nasqueron.org
- credential: nasqueron.auth-grove.mysql
+ credential: nasqueron/auth-grove/mysql
mysql_link: acquisitariat
# API microservices
@@ -296,9 +296,9 @@
mysql: acquisitariat
redis: pixelfed_redis
credentials:
- app_key: nasqueron.pixelfed.app_key
- mailgun: nasqueron.pixelfed.mailgun
- mysql: nasqueron.pixelfed.mysql
+ app_key: nasqueron/pixelfed/app_key
+ mailgun: nasqueron/pixelfed/mailgun
+ mysql: nasqueron/pixelfed/mysql
app:
title: Nasqueron Photos
max_album_length: 16
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
--- a/pillar/paas/docker/docker-002/sentry.sls
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -43,7 +43,7 @@
postgresql:
sentry_db:
image: nasqueron/postgres-sentry
- credential: nasqueron.sentry.postgresql
+ credential: nasqueron/sentry/postgresql
network: sentry
#
@@ -247,9 +247,9 @@
symbolicator: sentry_symbolicator
web: sentry_web
credentials:
- secret_key: nasqueron.sentry.app_key
- postgresql: nasqueron.sentry.postgresql
- vault: nasqueron.sentry.vault
+ secret_key: nasqueron/sentry/app_key
+ postgresql: nasqueron/sentry/postgresql
+ vault: nasqueron/sentry/vault
hostname: sentry.nasqueron.org
email_from: noreply@sentry.nasqueron.org
diff --git a/pillar/paas/docker/dwellers/main.sls b/pillar/paas/docker/dwellers/main.sls
--- a/pillar/paas/docker/dwellers/main.sls
+++ b/pillar/paas/docker/dwellers/main.sls
@@ -82,7 +82,7 @@
network: bugzilla
version: 5.7
credentials:
- root: espacewin.bugzilla.mysql_root
+ root: espacewin/bugzilla/mysql_root
#
# Bugzilla
@@ -96,7 +96,7 @@
mysql:
host: bugzilla_db
db: EspaceWin_Bugs
- credential: espacewin.bugzilla.mysql
+ credential: espacewin/bugzilla/mysql
#
# Jenkins
diff --git a/pillar/paas/docker/dwellers/notifications.sls b/pillar/paas/docker/dwellers/notifications.sls
--- a/pillar/paas/docker/dwellers/notifications.sls
+++ b/pillar/paas/docker/dwellers/notifications.sls
@@ -48,5 +48,5 @@
sentry:
realm: nasqueron
project_id: 2
- credential: nasqueron.notifications.sentry
+ credential: nasqueron/notifications/sentry
environment: integration
diff --git a/pillar/saas/rabbitmq.sls b/pillar/saas/rabbitmq.sls
--- a/pillar/saas/rabbitmq.sls
+++ b/pillar/saas/rabbitmq.sls
@@ -148,7 +148,7 @@
users:
# Notifications center server and clients
- notifications: ops/secrets/nasqueron.notifications.broker
+ notifications: ops/secrets/nasqueron/notifications/broker
wearg: apps/viperserv/broker
notifications-ysul: ops/secrets/nasqueron/notifications/notifications-cli/ysul
notifications-windriver: ops/secrets/nasqueron/notifications/notifications-cli/windriver
diff --git a/roles/vault/policies/files/sentry.hcl b/roles/vault/policies/files/sentry.hcl
--- a/roles/vault/policies/files/sentry.hcl
+++ b/roles/vault/policies/files/sentry.hcl
@@ -17,10 +17,10 @@
capabilities = [ "read" ]
}
-path "ops/data/secrets/nasqueron.sentry.app_key" {
+path "ops/data/secrets/nasqueron/sentry/app_key" {
capabilities = [ "read" ]
}
-path "ops/data/secrets/nasqueron.sentry.postgresql" {
+path "ops/data/secrets/nasqueron/sentry/postgresql" {
capabilities = [ "read" ]
}
diff --git a/roles/viperserv/eggdrop/config.sls b/roles/viperserv/eggdrop/config.sls
--- a/roles/viperserv/eggdrop/config.sls
+++ b/roles/viperserv/eggdrop/config.sls
@@ -65,7 +65,7 @@
host: {{ pillar["nasqueron_services"]["db-B"] }}
database: Nasqueron
vault:
- approle: {{ salt['credentials.read_secret']('nasqueron.viperserv.vault') }}
+ approle: {{ salt['credentials.read_secret']('nasqueron/viperserv/vault') }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
{% for botname, bot in pillar['viperserv_bots'].items() %}
diff --git a/roles/webserver-content/org/wolfplex/api.sls b/roles/webserver-content/org/wolfplex/api.sls
--- a/roles/webserver-content/org/wolfplex/api.sls
+++ b/roles/webserver-content/org/wolfplex/api.sls
@@ -22,7 +22,7 @@
- show_changes: False
- context:
secrets:
- etherpad.api.key: {{ salt['credentials.get_token']("nasqueron.etherpad.api") }}
+ etherpad.api.key: {{ salt['credentials.get_token']("nasqueron/etherpad/api") }}
# -------------------------------------------------------------
# Base part
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Nov 24, 07:26 (17 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2257171
Default Alt Text
D3302.id.diff (15 KB)
Attached To
Mode
D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path
Attached
Detach File
Event Timeline
Log In to Comment