aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-01-16 17:37:34 +0100
committerAlex Auvolat <alex@adnab.me>2021-01-16 17:37:34 +0100
commitd4d0b100ad39bf7ae560c2f714b75fdcf47e9a87 (patch)
tree6ca1be19d3b15c61cdb3fe4de448c20fc12b769f /app
parentc74dc92febd1841c8ea5ff31caab0f941d57527d (diff)
downloadinfrastructure-d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87.tar.gz
infrastructure-d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87.zip
Document secrets and add stub utility to manage them
Diffstat (limited to 'app')
-rw-r--r--app/.gitignore11
-rw-r--r--app/email/config/dkim/smtp.private.sample0
-rw-r--r--app/email/config/dkim/smtp.txt.sample0
-rw-r--r--app/email/secrets/email/dkim/smtp.private1
-rw-r--r--app/email/secrets/email/dkim/smtp.private.sample0
-rw-r--r--app/email/secrets/email/dovecot/dovecot.crt1
-rw-r--r--app/email/secrets/email/dovecot/dovecot.crt.sample0
-rw-r--r--app/email/secrets/email/dovecot/dovecot.key1
-rw-r--r--app/email/secrets/email/dovecot/dovecot.key.sample0
-rw-r--r--app/email/secrets/email/dovecot/ldap_binddn1
-rw-r--r--app/email/secrets/email/dovecot/ldap_binddn.sample0
-rw-r--r--app/email/secrets/email/dovecot/ldap_bindpwd1
-rw-r--r--app/email/secrets/email/dovecot/ldap_bindpwd.sample0
-rw-r--r--app/email/secrets/email/postfix/postfix.crt1
-rw-r--r--app/email/secrets/email/postfix/postfix.crt.sample0
-rw-r--r--app/email/secrets/email/postfix/postfix.key1
-rw-r--r--app/email/secrets/email/postfix/postfix.key.sample0
-rw-r--r--app/email/secrets/email/sogo/ldap_binddn1
-rw-r--r--app/email/secrets/email/sogo/ldap_binddn.sample0
-rw-r--r--app/email/secrets/email/sogo/ldap_bindpw1
-rw-r--r--app/email/secrets/email/sogo/ldap_bindpw.sample0
-rw-r--r--app/email/secrets/email/sogo/postgre_auth1
-rw-r--r--app/email/secrets/email/sogo/postgre_auth.sample0
-rw-r--r--app/im/secrets/chat/coturn/static-auth1
-rw-r--r--app/im/secrets/chat/coturn/static-auth.sample0
-rw-r--r--app/im/secrets/chat/fb2mx/as_token1
-rw-r--r--app/im/secrets/chat/fb2mx/as_token.sample0
-rw-r--r--app/im/secrets/chat/fb2mx/db_url1
-rw-r--r--app/im/secrets/chat/fb2mx/db_url.sample1
-rw-r--r--app/im/secrets/chat/fb2mx/hs_token1
-rw-r--r--app/im/secrets/chat/fb2mx/hs_token.sample0
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.crt1
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.crt.sample0
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.dh1
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.dh.sample0
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.key1
-rw-r--r--app/im/secrets/chat/synapse/homeserver.tls.key.sample0
-rw-r--r--app/im/secrets/chat/synapse/ldap_binddn1
-rw-r--r--app/im/secrets/chat/synapse/ldap_binddn.sample0
-rw-r--r--app/im/secrets/chat/synapse/ldap_bindpw1
-rw-r--r--app/im/secrets/chat/synapse/ldap_bindpw.sample0
-rw-r--r--app/im/secrets/chat/synapse/postgres_db1
-rw-r--r--app/im/secrets/chat/synapse/postgres_db.sample0
-rw-r--r--app/im/secrets/chat/synapse/postgres_pwd1
-rw-r--r--app/im/secrets/chat/synapse/postgres_pwd.sample0
-rw-r--r--app/im/secrets/chat/synapse/postgres_user1
-rw-r--r--app/im/secrets/chat/synapse/postgres_user.sample0
-rw-r--r--app/im/secrets/chat/synapse/registration_shared_secret1
-rw-r--r--app/im/secrets/chat/synapse/registration_shared_secret.sample0
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt1
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample0
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key1
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample0
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt1
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample0
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key1
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample0
-rw-r--r--app/platoo/secrets/platoo/bddpw1
-rw-r--r--app/platoo/secrets/platoo/bddpw.sample0
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_repl_pwd1
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample0
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_repl_username1
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_repl_username.sample0
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_su_pwd1
-rw-r--r--app/postgres/secrets/postgres/keeper/pg_su_pwd.sample0
-rw-r--r--app/seafile/config/conf/mykey.peer.sample0
-rw-r--r--app/seafile/secrets/mariadb/main/ldap_binddn1
-rw-r--r--app/seafile/secrets/mariadb/main/ldap_binddn.sample0
-rw-r--r--app/seafile/secrets/mariadb/main/ldap_bindpwd1
-rw-r--r--app/seafile/secrets/mariadb/main/ldap_bindpwd.sample0
-rw-r--r--app/seafile/secrets/mariadb/main/mysql_pwd1
-rw-r--r--app/seafile/secrets/mariadb/main/mysql_pwd.sample0
-rw-r--r--app/seafile/secrets/seafile/conf/mykey.peer1
-rw-r--r--app/seafile/secrets/seafile/conf/mykey.peer.sample0
-rw-r--r--app/secrets.py44
-rw-r--r--app/web_static/secrets/web/home_token1
-rw-r--r--app/web_static/secrets/web/home_token.sample0
-rw-r--r--app/web_static/secrets/web/quentin.dufour.io_token1
-rw-r--r--app/web_static/secrets/web/quentin.dufour.io_token.sample0
79 files changed, 81 insertions, 12 deletions
diff --git a/app/.gitignore b/app/.gitignore
deleted file mode 100644
index cc6b143..0000000
--- a/app/.gitignore
+++ /dev/null
@@ -1,11 +0,0 @@
-# Blacklist everything cleverly
-*/secrets/*
-!*/secrets/*/
-
-# Whitelist some patterns
-!*.sample
-!*.gen
-!*.sh
-!.gitignore
-
-# Whitelist specific files
diff --git a/app/email/config/dkim/smtp.private.sample b/app/email/config/dkim/smtp.private.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/config/dkim/smtp.private.sample
+++ /dev/null
diff --git a/app/email/config/dkim/smtp.txt.sample b/app/email/config/dkim/smtp.txt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/config/dkim/smtp.txt.sample
+++ /dev/null
diff --git a/app/email/secrets/email/dkim/smtp.private b/app/email/secrets/email/dkim/smtp.private
new file mode 100644
index 0000000..3aa3621
--- /dev/null
+++ b/app/email/secrets/email/dkim/smtp.private
@@ -0,0 +1 @@
+RSA_PRIVATE_KEY dkim
diff --git a/app/email/secrets/email/dkim/smtp.private.sample b/app/email/secrets/email/dkim/smtp.private.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/dkim/smtp.private.sample
+++ /dev/null
diff --git a/app/email/secrets/email/dovecot/dovecot.crt b/app/email/secrets/email/dovecot/dovecot.crt
new file mode 100644
index 0000000..7229cfc
--- /dev/null
+++ b/app/email/secrets/email/dovecot/dovecot.crt
@@ -0,0 +1 @@
+SSL_CERT dovecot deuxfleurs.fr
diff --git a/app/email/secrets/email/dovecot/dovecot.crt.sample b/app/email/secrets/email/dovecot/dovecot.crt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/dovecot/dovecot.crt.sample
+++ /dev/null
diff --git a/app/email/secrets/email/dovecot/dovecot.key b/app/email/secrets/email/dovecot/dovecot.key
new file mode 100644
index 0000000..0d42c79
--- /dev/null
+++ b/app/email/secrets/email/dovecot/dovecot.key
@@ -0,0 +1 @@
+SSL_KEY dovecot
diff --git a/app/email/secrets/email/dovecot/dovecot.key.sample b/app/email/secrets/email/dovecot/dovecot.key.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/dovecot/dovecot.key.sample
+++ /dev/null
diff --git a/app/email/secrets/email/dovecot/ldap_binddn b/app/email/secrets/email/dovecot/ldap_binddn
new file mode 100644
index 0000000..da380f2
--- /dev/null
+++ b/app/email/secrets/email/dovecot/ldap_binddn
@@ -0,0 +1 @@
+SERVICE_DN dovecot Dovecot IMAP server
diff --git a/app/email/secrets/email/dovecot/ldap_binddn.sample b/app/email/secrets/email/dovecot/ldap_binddn.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/dovecot/ldap_binddn.sample
+++ /dev/null
diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd b/app/email/secrets/email/dovecot/ldap_bindpwd
new file mode 100644
index 0000000..068f663
--- /dev/null
+++ b/app/email/secrets/email/dovecot/ldap_bindpwd
@@ -0,0 +1 @@
+SERVICE_PASSWORD dovecot
diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd.sample b/app/email/secrets/email/dovecot/ldap_bindpwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/dovecot/ldap_bindpwd.sample
+++ /dev/null
diff --git a/app/email/secrets/email/postfix/postfix.crt b/app/email/secrets/email/postfix/postfix.crt
new file mode 100644
index 0000000..f004d67
--- /dev/null
+++ b/app/email/secrets/email/postfix/postfix.crt
@@ -0,0 +1 @@
+SSL_CERT postfix deuxfleurs.fr
diff --git a/app/email/secrets/email/postfix/postfix.crt.sample b/app/email/secrets/email/postfix/postfix.crt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/postfix/postfix.crt.sample
+++ /dev/null
diff --git a/app/email/secrets/email/postfix/postfix.key b/app/email/secrets/email/postfix/postfix.key
new file mode 100644
index 0000000..2cf1706
--- /dev/null
+++ b/app/email/secrets/email/postfix/postfix.key
@@ -0,0 +1 @@
+SSL_KEY postfix
diff --git a/app/email/secrets/email/postfix/postfix.key.sample b/app/email/secrets/email/postfix/postfix.key.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/postfix/postfix.key.sample
+++ /dev/null
diff --git a/app/email/secrets/email/sogo/ldap_binddn b/app/email/secrets/email/sogo/ldap_binddn
new file mode 100644
index 0000000..df627d3
--- /dev/null
+++ b/app/email/secrets/email/sogo/ldap_binddn
@@ -0,0 +1 @@
+SERVICE_DN sogo SoGo email frontend
diff --git a/app/email/secrets/email/sogo/ldap_binddn.sample b/app/email/secrets/email/sogo/ldap_binddn.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/sogo/ldap_binddn.sample
+++ /dev/null
diff --git a/app/email/secrets/email/sogo/ldap_bindpw b/app/email/secrets/email/sogo/ldap_bindpw
new file mode 100644
index 0000000..8d2f35b
--- /dev/null
+++ b/app/email/secrets/email/sogo/ldap_bindpw
@@ -0,0 +1 @@
+SERVICE_PASSWORD sogo
diff --git a/app/email/secrets/email/sogo/ldap_bindpw.sample b/app/email/secrets/email/sogo/ldap_bindpw.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/sogo/ldap_bindpw.sample
+++ /dev/null
diff --git a/app/email/secrets/email/sogo/postgre_auth b/app/email/secrets/email/sogo/postgre_auth
new file mode 100644
index 0000000..4f66253
--- /dev/null
+++ b/app/email/secrets/email/sogo/postgre_auth
@@ -0,0 +1 @@
+USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)
diff --git a/app/email/secrets/email/sogo/postgre_auth.sample b/app/email/secrets/email/sogo/postgre_auth.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/email/secrets/email/sogo/postgre_auth.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth
new file mode 100644
index 0000000..d23be29
--- /dev/null
+++ b/app/im/secrets/chat/coturn/static-auth
@@ -0,0 +1 @@
+USER cotorn static-auth (what is this?)
diff --git a/app/im/secrets/chat/coturn/static-auth.sample b/app/im/secrets/chat/coturn/static-auth.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/coturn/static-auth.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/fb2mx/as_token b/app/im/secrets/chat/fb2mx/as_token
new file mode 100644
index 0000000..20b76d4
--- /dev/null
+++ b/app/im/secrets/chat/fb2mx/as_token
@@ -0,0 +1 @@
+USER fb2mx API server token
diff --git a/app/im/secrets/chat/fb2mx/as_token.sample b/app/im/secrets/chat/fb2mx/as_token.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/fb2mx/as_token.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/fb2mx/db_url b/app/im/secrets/chat/fb2mx/db_url
new file mode 100644
index 0000000..f06e265
--- /dev/null
+++ b/app/im/secrets/chat/fb2mx/db_url
@@ -0,0 +1 @@
+USER fb2mx database URL, format: postgres://username:password@hostname/dbname
diff --git a/app/im/secrets/chat/fb2mx/db_url.sample b/app/im/secrets/chat/fb2mx/db_url.sample
deleted file mode 100644
index aff4635..0000000
--- a/app/im/secrets/chat/fb2mx/db_url.sample
+++ /dev/null
@@ -1 +0,0 @@
-postgres://username:password@hostname/dbname
diff --git a/app/im/secrets/chat/fb2mx/hs_token b/app/im/secrets/chat/fb2mx/hs_token
new file mode 100644
index 0000000..8808f8f
--- /dev/null
+++ b/app/im/secrets/chat/fb2mx/hs_token
@@ -0,0 +1 @@
+USER fb2mx homeserver token
diff --git a/app/im/secrets/chat/fb2mx/hs_token.sample b/app/im/secrets/chat/fb2mx/hs_token.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/fb2mx/hs_token.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt b/app/im/secrets/chat/synapse/homeserver.tls.crt
new file mode 100644
index 0000000..b696093
--- /dev/null
+++ b/app/im/secrets/chat/synapse/homeserver.tls.crt
@@ -0,0 +1 @@
+SSL_CERT synapse im.deuxfleurs.fr
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt.sample b/app/im/secrets/chat/synapse/homeserver.tls.crt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/homeserver.tls.crt.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh b/app/im/secrets/chat/synapse/homeserver.tls.dh
new file mode 100644
index 0000000..0231fed
--- /dev/null
+++ b/app/im/secrets/chat/synapse/homeserver.tls.dh
@@ -0,0 +1 @@
+USER_LONG DH parameters for matrix ssl key? how does this work?
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh.sample b/app/im/secrets/chat/synapse/homeserver.tls.dh.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/homeserver.tls.dh.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key b/app/im/secrets/chat/synapse/homeserver.tls.key
new file mode 100644
index 0000000..feee544
--- /dev/null
+++ b/app/im/secrets/chat/synapse/homeserver.tls.key
@@ -0,0 +1 @@
+SSL_KEY synapse im.deuxfleurs.fr
diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key.sample b/app/im/secrets/chat/synapse/homeserver.tls.key.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/homeserver.tls.key.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/ldap_binddn b/app/im/secrets/chat/synapse/ldap_binddn
new file mode 100644
index 0000000..2631bef
--- /dev/null
+++ b/app/im/secrets/chat/synapse/ldap_binddn
@@ -0,0 +1 @@
+SERVICE_DN matrix Matrix chat server
diff --git a/app/im/secrets/chat/synapse/ldap_binddn.sample b/app/im/secrets/chat/synapse/ldap_binddn.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/ldap_binddn.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/ldap_bindpw b/app/im/secrets/chat/synapse/ldap_bindpw
new file mode 100644
index 0000000..ba07446
--- /dev/null
+++ b/app/im/secrets/chat/synapse/ldap_bindpw
@@ -0,0 +1 @@
+SERVICE_PASSWORD matrix
diff --git a/app/im/secrets/chat/synapse/ldap_bindpw.sample b/app/im/secrets/chat/synapse/ldap_bindpw.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/ldap_bindpw.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/postgres_db b/app/im/secrets/chat/synapse/postgres_db
new file mode 100644
index 0000000..74eefa7
--- /dev/null
+++ b/app/im/secrets/chat/synapse/postgres_db
@@ -0,0 +1 @@
+CONST synapse
diff --git a/app/im/secrets/chat/synapse/postgres_db.sample b/app/im/secrets/chat/synapse/postgres_db.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/postgres_db.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/postgres_pwd b/app/im/secrets/chat/synapse/postgres_pwd
new file mode 100644
index 0000000..ba07446
--- /dev/null
+++ b/app/im/secrets/chat/synapse/postgres_pwd
@@ -0,0 +1 @@
+SERVICE_PASSWORD matrix
diff --git a/app/im/secrets/chat/synapse/postgres_pwd.sample b/app/im/secrets/chat/synapse/postgres_pwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/postgres_pwd.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/postgres_user b/app/im/secrets/chat/synapse/postgres_user
new file mode 100644
index 0000000..b08e86a
--- /dev/null
+++ b/app/im/secrets/chat/synapse/postgres_user
@@ -0,0 +1 @@
+CONST matrix
diff --git a/app/im/secrets/chat/synapse/postgres_user.sample b/app/im/secrets/chat/synapse/postgres_user.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/postgres_user.sample
+++ /dev/null
diff --git a/app/im/secrets/chat/synapse/registration_shared_secret b/app/im/secrets/chat/synapse/registration_shared_secret
new file mode 100644
index 0000000..395cccc
--- /dev/null
+++ b/app/im/secrets/chat/synapse/registration_shared_secret
@@ -0,0 +1 @@
+USER Shared secret for homeserver registrations (?)
diff --git a/app/im/secrets/chat/synapse/registration_shared_secret.sample b/app/im/secrets/chat/synapse/registration_shared_secret.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/im/secrets/chat/synapse/registration_shared_secret.sample
+++ /dev/null
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt
new file mode 100644
index 0000000..f2c4d4b
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt
@@ -0,0 +1 @@
+SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample
+++ /dev/null
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key
new file mode 100644
index 0000000..4a332f8
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key
@@ -0,0 +1 @@
+SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample
+++ /dev/null
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt
new file mode 100644
index 0000000..32750d3
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt
@@ -0,0 +1 @@
+SSL_CERT jitsi jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample
+++ /dev/null
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key
new file mode 100644
index 0000000..7676132
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key
@@ -0,0 +1 @@
+SSL_KEY jitsi
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample
+++ /dev/null
diff --git a/app/platoo/secrets/platoo/bddpw b/app/platoo/secrets/platoo/bddpw
new file mode 100644
index 0000000..1c9d86e
--- /dev/null
+++ b/app/platoo/secrets/platoo/bddpw
@@ -0,0 +1 @@
+SERVICE_PASSWORD platoo
diff --git a/app/platoo/secrets/platoo/bddpw.sample b/app/platoo/secrets/platoo/bddpw.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/platoo/secrets/platoo/bddpw.sample
+++ /dev/null
diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd b/app/postgres/secrets/postgres/keeper/pg_repl_pwd
new file mode 100644
index 0000000..ae0c229
--- /dev/null
+++ b/app/postgres/secrets/postgres/keeper/pg_repl_pwd
@@ -0,0 +1 @@
+SERVICE_PASSWORD replicator
diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample
+++ /dev/null
diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username b/app/postgres/secrets/postgres/keeper/pg_repl_username
new file mode 100644
index 0000000..58e6e46
--- /dev/null
+++ b/app/postgres/secrets/postgres/keeper/pg_repl_username
@@ -0,0 +1 @@
+CONST replicator
diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username.sample b/app/postgres/secrets/postgres/keeper/pg_repl_username.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/postgres/secrets/postgres/keeper/pg_repl_username.sample
+++ /dev/null
diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd b/app/postgres/secrets/postgres/keeper/pg_su_pwd
new file mode 100644
index 0000000..a193b9e
--- /dev/null
+++ b/app/postgres/secrets/postgres/keeper/pg_su_pwd
@@ -0,0 +1 @@
+SERVICE_PASSWORD postgres
diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample
+++ /dev/null
diff --git a/app/seafile/config/conf/mykey.peer.sample b/app/seafile/config/conf/mykey.peer.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/seafile/config/conf/mykey.peer.sample
+++ /dev/null
diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn b/app/seafile/secrets/mariadb/main/ldap_binddn
new file mode 100644
index 0000000..e77ff39
--- /dev/null
+++ b/app/seafile/secrets/mariadb/main/ldap_binddn
@@ -0,0 +1 @@
+SERVICE_DN mysql MySQL/MariaDB database
diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn.sample b/app/seafile/secrets/mariadb/main/ldap_binddn.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/seafile/secrets/mariadb/main/ldap_binddn.sample
+++ /dev/null
diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd b/app/seafile/secrets/mariadb/main/ldap_bindpwd
new file mode 100644
index 0000000..c29f983
--- /dev/null
+++ b/app/seafile/secrets/mariadb/main/ldap_bindpwd
@@ -0,0 +1 @@
+SERVICE_PASSWORD mysql
diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample b/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample
+++ /dev/null
diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd b/app/seafile/secrets/mariadb/main/mysql_pwd
new file mode 100644
index 0000000..ae7fd75
--- /dev/null
+++ b/app/seafile/secrets/mariadb/main/mysql_pwd
@@ -0,0 +1 @@
+USER mysql_pwd (what is this?)
diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd.sample b/app/seafile/secrets/mariadb/main/mysql_pwd.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/seafile/secrets/mariadb/main/mysql_pwd.sample
+++ /dev/null
diff --git a/app/seafile/secrets/seafile/conf/mykey.peer b/app/seafile/secrets/seafile/conf/mykey.peer
new file mode 100644
index 0000000..12f0e5f
--- /dev/null
+++ b/app/seafile/secrets/seafile/conf/mykey.peer
@@ -0,0 +1 @@
+USER Seafile peer key
diff --git a/app/seafile/secrets/seafile/conf/mykey.peer.sample b/app/seafile/secrets/seafile/conf/mykey.peer.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/seafile/secrets/seafile/conf/mykey.peer.sample
+++ /dev/null
diff --git a/app/secrets.py b/app/secrets.py
new file mode 100644
index 0000000..00f6016
--- /dev/null
+++ b/app/secrets.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python3
+
+"""
+TODO: this will be a utility to handle secrets in the Consul database
+for the various components of the Deuxfleurs infrastructure
+
+Functionnalities:
+- check that secrets are correctly configured
+- help user fill in secrets
+- create LDAP service users and fill in corresponding secrets
+- maybe one day: manage SSL certificates and keys
+
+It uses files placed in <module_name>/secrets/* to know what secrets
+it should handle. These secret files contain directives for what to do
+about these secrets.
+
+Example directives:
+
+USER <description>
+(a secret that must be filled in by the user)
+
+USER_LONG <description>
+(the same, indicates that the secret fits on several lines)
+
+CONST <constant value>
+(the secret has a constant value set here)
+
+CONST_LONG
+<constant value, several lines>
+(same)
+
+SERVICE_DN <service name> <service description>
+(the LDAP DN of a service user)
+
+SERVICE_PASSWORD <service name>
+(the LDAP password for the corresponding service user)
+
+SSL_CERT <cert name> <list of domains>
+(a SSL domain for the given domains)
+
+SSL_KEY <cert name>
+(the SSL key going with corresponding certificate)
+"""
+
diff --git a/app/web_static/secrets/web/home_token b/app/web_static/secrets/web/home_token
new file mode 100644
index 0000000..d0cf281
--- /dev/null
+++ b/app/web_static/secrets/web/home_token
@@ -0,0 +1 @@
+USER web home_token (what is this?)
diff --git a/app/web_static/secrets/web/home_token.sample b/app/web_static/secrets/web/home_token.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/web_static/secrets/web/home_token.sample
+++ /dev/null
diff --git a/app/web_static/secrets/web/quentin.dufour.io_token b/app/web_static/secrets/web/quentin.dufour.io_token
new file mode 100644
index 0000000..c47c82c
--- /dev/null
+++ b/app/web_static/secrets/web/quentin.dufour.io_token
@@ -0,0 +1 @@
+USER web quentin.dufour.io token (what is this?)
diff --git a/app/web_static/secrets/web/quentin.dufour.io_token.sample b/app/web_static/secrets/web/quentin.dufour.io_token.sample
deleted file mode 100644
index e69de29..0000000
--- a/app/web_static/secrets/web/quentin.dufour.io_token.sample
+++ /dev/null