diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-23 01:44:05 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-23 01:44:05 -0400 |
commit | 2df0388fe6a90c5d15220acbd19264254a00a153 (patch) | |
tree | ec8c3e33ad62f00034ef0ff234677af6b2b9cc2f /mail | |
parent | 36a451bc29ef9187b273cf14e52a129292ae93c3 (diff) | |
download | puppet-tozt-2df0388fe6a90c5d15220acbd19264254a00a153.tar.gz puppet-tozt-2df0388fe6a90c5d15220acbd19264254a00a153.zip |
autogenerate mailu secret key
and stop using local secrets at all
Diffstat (limited to 'mail')
-rw-r--r-- | mail/mail/manifests/mailu.pp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/mail/mail/manifests/mailu.pp b/mail/mail/manifests/mailu.pp index eb19375..9e468a1 100644 --- a/mail/mail/manifests/mailu.pp +++ b/mail/mail/manifests/mailu.pp @@ -2,6 +2,10 @@ class mail::mailu { include mail::persistent include docker + package { "haveged": + ensure => installed; + } + file { "/mailu/docker-compose.yml": source => "puppet:///modules/mail/docker-compose.yml", @@ -17,9 +21,16 @@ class mail::mailu { require => File["/mailu/certs"]; } - secret { "/mailu/secret-key": - source => "mailu-secret-key", - require => Class["mail::persistent"]; + exec { "generate mailu secret key": + provider => shell, + command => " + echo SECRET_KEY=$(dd if=/dev/urandom bs=64 count=1 status=none | base64 -w 0 | cut -b -16) > /mailu/secret-key + ", + creates => "/mailu/secret-key", + require => [ + Package["haveged"], + Class["mail::persistent"], + ] } exec { "create env file": @@ -30,7 +41,7 @@ class mail::mailu { ", refreshonly => true, subscribe => [ - Secret["/mailu/secret-key"], + Exec["generate mailu secret key"], File["/mailu/.env.tmpl"], ]; } |