diff options
author | Alex Auvolat <alex@adnab.me> | 2021-01-16 17:37:34 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-01-16 17:37:34 +0100 |
commit | d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87 (patch) | |
tree | 6ca1be19d3b15c61cdb3fe4de448c20fc12b769f /app | |
parent | c74dc92febd1841c8ea5ff31caab0f941d57527d (diff) | |
download | infrastructure-d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87.tar.gz infrastructure-d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87.zip |
Document secrets and add stub utility to manage them
Diffstat (limited to 'app')
79 files changed, 81 insertions, 12 deletions
diff --git a/app/.gitignore b/app/.gitignore deleted file mode 100644 index cc6b143..0000000 --- a/app/.gitignore +++ /dev/null @@ -1,11 +0,0 @@ -# Blacklist everything cleverly -*/secrets/* -!*/secrets/*/ - -# Whitelist some patterns -!*.sample -!*.gen -!*.sh -!.gitignore - -# Whitelist specific files diff --git a/app/email/config/dkim/smtp.private.sample b/app/email/config/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/config/dkim/smtp.private.sample +++ /dev/null diff --git a/app/email/config/dkim/smtp.txt.sample b/app/email/config/dkim/smtp.txt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/config/dkim/smtp.txt.sample +++ /dev/null diff --git a/app/email/secrets/email/dkim/smtp.private b/app/email/secrets/email/dkim/smtp.private new file mode 100644 index 0000000..3aa3621 --- /dev/null +++ b/app/email/secrets/email/dkim/smtp.private @@ -0,0 +1 @@ +RSA_PRIVATE_KEY dkim diff --git a/app/email/secrets/email/dkim/smtp.private.sample b/app/email/secrets/email/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/dkim/smtp.private.sample +++ /dev/null diff --git a/app/email/secrets/email/dovecot/dovecot.crt b/app/email/secrets/email/dovecot/dovecot.crt new file mode 100644 index 0000000..7229cfc --- /dev/null +++ b/app/email/secrets/email/dovecot/dovecot.crt @@ -0,0 +1 @@ +SSL_CERT dovecot deuxfleurs.fr diff --git a/app/email/secrets/email/dovecot/dovecot.crt.sample b/app/email/secrets/email/dovecot/dovecot.crt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/dovecot/dovecot.crt.sample +++ /dev/null diff --git a/app/email/secrets/email/dovecot/dovecot.key b/app/email/secrets/email/dovecot/dovecot.key new file mode 100644 index 0000000..0d42c79 --- /dev/null +++ b/app/email/secrets/email/dovecot/dovecot.key @@ -0,0 +1 @@ +SSL_KEY dovecot diff --git a/app/email/secrets/email/dovecot/dovecot.key.sample b/app/email/secrets/email/dovecot/dovecot.key.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/dovecot/dovecot.key.sample +++ /dev/null diff --git a/app/email/secrets/email/dovecot/ldap_binddn b/app/email/secrets/email/dovecot/ldap_binddn new file mode 100644 index 0000000..da380f2 --- /dev/null +++ b/app/email/secrets/email/dovecot/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN dovecot Dovecot IMAP server diff --git a/app/email/secrets/email/dovecot/ldap_binddn.sample b/app/email/secrets/email/dovecot/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/dovecot/ldap_binddn.sample +++ /dev/null diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd b/app/email/secrets/email/dovecot/ldap_bindpwd new file mode 100644 index 0000000..068f663 --- /dev/null +++ b/app/email/secrets/email/dovecot/ldap_bindpwd @@ -0,0 +1 @@ +SERVICE_PASSWORD dovecot diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd.sample b/app/email/secrets/email/dovecot/ldap_bindpwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/dovecot/ldap_bindpwd.sample +++ /dev/null diff --git a/app/email/secrets/email/postfix/postfix.crt b/app/email/secrets/email/postfix/postfix.crt new file mode 100644 index 0000000..f004d67 --- /dev/null +++ b/app/email/secrets/email/postfix/postfix.crt @@ -0,0 +1 @@ +SSL_CERT postfix deuxfleurs.fr diff --git a/app/email/secrets/email/postfix/postfix.crt.sample b/app/email/secrets/email/postfix/postfix.crt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/postfix/postfix.crt.sample +++ /dev/null diff --git a/app/email/secrets/email/postfix/postfix.key b/app/email/secrets/email/postfix/postfix.key new file mode 100644 index 0000000..2cf1706 --- /dev/null +++ b/app/email/secrets/email/postfix/postfix.key @@ -0,0 +1 @@ +SSL_KEY postfix diff --git a/app/email/secrets/email/postfix/postfix.key.sample b/app/email/secrets/email/postfix/postfix.key.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/postfix/postfix.key.sample +++ /dev/null diff --git a/app/email/secrets/email/sogo/ldap_binddn b/app/email/secrets/email/sogo/ldap_binddn new file mode 100644 index 0000000..df627d3 --- /dev/null +++ b/app/email/secrets/email/sogo/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN sogo SoGo email frontend diff --git a/app/email/secrets/email/sogo/ldap_binddn.sample b/app/email/secrets/email/sogo/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/sogo/ldap_binddn.sample +++ /dev/null diff --git a/app/email/secrets/email/sogo/ldap_bindpw b/app/email/secrets/email/sogo/ldap_bindpw new file mode 100644 index 0000000..8d2f35b --- /dev/null +++ b/app/email/secrets/email/sogo/ldap_bindpw @@ -0,0 +1 @@ +SERVICE_PASSWORD sogo diff --git a/app/email/secrets/email/sogo/ldap_bindpw.sample b/app/email/secrets/email/sogo/ldap_bindpw.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/sogo/ldap_bindpw.sample +++ /dev/null diff --git a/app/email/secrets/email/sogo/postgre_auth b/app/email/secrets/email/sogo/postgre_auth new file mode 100644 index 0000000..4f66253 --- /dev/null +++ b/app/email/secrets/email/sogo/postgre_auth @@ -0,0 +1 @@ +USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template) diff --git a/app/email/secrets/email/sogo/postgre_auth.sample b/app/email/secrets/email/sogo/postgre_auth.sample deleted file mode 100644 index e69de29..0000000 --- a/app/email/secrets/email/sogo/postgre_auth.sample +++ /dev/null diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth new file mode 100644 index 0000000..d23be29 --- /dev/null +++ b/app/im/secrets/chat/coturn/static-auth @@ -0,0 +1 @@ +USER cotorn static-auth (what is this?) diff --git a/app/im/secrets/chat/coturn/static-auth.sample b/app/im/secrets/chat/coturn/static-auth.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/coturn/static-auth.sample +++ /dev/null diff --git a/app/im/secrets/chat/fb2mx/as_token b/app/im/secrets/chat/fb2mx/as_token new file mode 100644 index 0000000..20b76d4 --- /dev/null +++ b/app/im/secrets/chat/fb2mx/as_token @@ -0,0 +1 @@ +USER fb2mx API server token diff --git a/app/im/secrets/chat/fb2mx/as_token.sample b/app/im/secrets/chat/fb2mx/as_token.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/fb2mx/as_token.sample +++ /dev/null diff --git a/app/im/secrets/chat/fb2mx/db_url b/app/im/secrets/chat/fb2mx/db_url new file mode 100644 index 0000000..f06e265 --- /dev/null +++ b/app/im/secrets/chat/fb2mx/db_url @@ -0,0 +1 @@ +USER fb2mx database URL, format: postgres://username:password@hostname/dbname diff --git a/app/im/secrets/chat/fb2mx/db_url.sample b/app/im/secrets/chat/fb2mx/db_url.sample deleted file mode 100644 index aff4635..0000000 --- a/app/im/secrets/chat/fb2mx/db_url.sample +++ /dev/null @@ -1 +0,0 @@ -postgres://username:password@hostname/dbname diff --git a/app/im/secrets/chat/fb2mx/hs_token b/app/im/secrets/chat/fb2mx/hs_token new file mode 100644 index 0000000..8808f8f --- /dev/null +++ b/app/im/secrets/chat/fb2mx/hs_token @@ -0,0 +1 @@ +USER fb2mx homeserver token diff --git a/app/im/secrets/chat/fb2mx/hs_token.sample b/app/im/secrets/chat/fb2mx/hs_token.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/fb2mx/hs_token.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt b/app/im/secrets/chat/synapse/homeserver.tls.crt new file mode 100644 index 0000000..b696093 --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.crt @@ -0,0 +1 @@ +SSL_CERT synapse im.deuxfleurs.fr diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt.sample b/app/im/secrets/chat/synapse/homeserver.tls.crt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/homeserver.tls.crt.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh b/app/im/secrets/chat/synapse/homeserver.tls.dh new file mode 100644 index 0000000..0231fed --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.dh @@ -0,0 +1 @@ +USER_LONG DH parameters for matrix ssl key? how does this work? diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh.sample b/app/im/secrets/chat/synapse/homeserver.tls.dh.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/homeserver.tls.dh.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key b/app/im/secrets/chat/synapse/homeserver.tls.key new file mode 100644 index 0000000..feee544 --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.key @@ -0,0 +1 @@ +SSL_KEY synapse im.deuxfleurs.fr diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key.sample b/app/im/secrets/chat/synapse/homeserver.tls.key.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/homeserver.tls.key.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/ldap_binddn b/app/im/secrets/chat/synapse/ldap_binddn new file mode 100644 index 0000000..2631bef --- /dev/null +++ b/app/im/secrets/chat/synapse/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN matrix Matrix chat server diff --git a/app/im/secrets/chat/synapse/ldap_binddn.sample b/app/im/secrets/chat/synapse/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/ldap_binddn.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/ldap_bindpw b/app/im/secrets/chat/synapse/ldap_bindpw new file mode 100644 index 0000000..ba07446 --- /dev/null +++ b/app/im/secrets/chat/synapse/ldap_bindpw @@ -0,0 +1 @@ +SERVICE_PASSWORD matrix diff --git a/app/im/secrets/chat/synapse/ldap_bindpw.sample b/app/im/secrets/chat/synapse/ldap_bindpw.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/ldap_bindpw.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/postgres_db b/app/im/secrets/chat/synapse/postgres_db new file mode 100644 index 0000000..74eefa7 --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_db @@ -0,0 +1 @@ +CONST synapse diff --git a/app/im/secrets/chat/synapse/postgres_db.sample b/app/im/secrets/chat/synapse/postgres_db.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/postgres_db.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/postgres_pwd b/app/im/secrets/chat/synapse/postgres_pwd new file mode 100644 index 0000000..ba07446 --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD matrix diff --git a/app/im/secrets/chat/synapse/postgres_pwd.sample b/app/im/secrets/chat/synapse/postgres_pwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/postgres_pwd.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/postgres_user b/app/im/secrets/chat/synapse/postgres_user new file mode 100644 index 0000000..b08e86a --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_user @@ -0,0 +1 @@ +CONST matrix diff --git a/app/im/secrets/chat/synapse/postgres_user.sample b/app/im/secrets/chat/synapse/postgres_user.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/postgres_user.sample +++ /dev/null diff --git a/app/im/secrets/chat/synapse/registration_shared_secret b/app/im/secrets/chat/synapse/registration_shared_secret new file mode 100644 index 0000000..395cccc --- /dev/null +++ b/app/im/secrets/chat/synapse/registration_shared_secret @@ -0,0 +1 @@ +USER Shared secret for homeserver registrations (?) diff --git a/app/im/secrets/chat/synapse/registration_shared_secret.sample b/app/im/secrets/chat/synapse/registration_shared_secret.sample deleted file mode 100644 index e69de29..0000000 --- a/app/im/secrets/chat/synapse/registration_shared_secret.sample +++ /dev/null diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt new file mode 100644 index 0000000..f2c4d4b --- /dev/null +++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt @@ -0,0 +1 @@ +SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample +++ /dev/null diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key new file mode 100644 index 0000000..4a332f8 --- /dev/null +++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key @@ -0,0 +1 @@ +SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample deleted file mode 100644 index e69de29..0000000 --- a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample +++ /dev/null diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt new file mode 100644 index 0000000..32750d3 --- /dev/null +++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt @@ -0,0 +1 @@ +SSL_CERT jitsi jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample deleted file mode 100644 index e69de29..0000000 --- a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample +++ /dev/null diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key new file mode 100644 index 0000000..7676132 --- /dev/null +++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key @@ -0,0 +1 @@ +SSL_KEY jitsi diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample deleted file mode 100644 index e69de29..0000000 --- a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample +++ /dev/null diff --git a/app/platoo/secrets/platoo/bddpw b/app/platoo/secrets/platoo/bddpw new file mode 100644 index 0000000..1c9d86e --- /dev/null +++ b/app/platoo/secrets/platoo/bddpw @@ -0,0 +1 @@ +SERVICE_PASSWORD platoo diff --git a/app/platoo/secrets/platoo/bddpw.sample b/app/platoo/secrets/platoo/bddpw.sample deleted file mode 100644 index e69de29..0000000 --- a/app/platoo/secrets/platoo/bddpw.sample +++ /dev/null diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd b/app/postgres/secrets/postgres/keeper/pg_repl_pwd new file mode 100644 index 0000000..ae0c229 --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_repl_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD replicator diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample +++ /dev/null diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username b/app/postgres/secrets/postgres/keeper/pg_repl_username new file mode 100644 index 0000000..58e6e46 --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_repl_username @@ -0,0 +1 @@ +CONST replicator diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username.sample b/app/postgres/secrets/postgres/keeper/pg_repl_username.sample deleted file mode 100644 index e69de29..0000000 --- a/app/postgres/secrets/postgres/keeper/pg_repl_username.sample +++ /dev/null diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd b/app/postgres/secrets/postgres/keeper/pg_su_pwd new file mode 100644 index 0000000..a193b9e --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_su_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD postgres diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample +++ /dev/null diff --git a/app/seafile/config/conf/mykey.peer.sample b/app/seafile/config/conf/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 --- a/app/seafile/config/conf/mykey.peer.sample +++ /dev/null diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn b/app/seafile/secrets/mariadb/main/ldap_binddn new file mode 100644 index 0000000..e77ff39 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN mysql MySQL/MariaDB database diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn.sample b/app/seafile/secrets/mariadb/main/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 --- a/app/seafile/secrets/mariadb/main/ldap_binddn.sample +++ /dev/null diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd b/app/seafile/secrets/mariadb/main/ldap_bindpwd new file mode 100644 index 0000000..c29f983 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/ldap_bindpwd @@ -0,0 +1 @@ +SERVICE_PASSWORD mysql diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample b/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample +++ /dev/null diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd b/app/seafile/secrets/mariadb/main/mysql_pwd new file mode 100644 index 0000000..ae7fd75 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/mysql_pwd @@ -0,0 +1 @@ +USER mysql_pwd (what is this?) diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd.sample b/app/seafile/secrets/mariadb/main/mysql_pwd.sample deleted file mode 100644 index e69de29..0000000 --- a/app/seafile/secrets/mariadb/main/mysql_pwd.sample +++ /dev/null diff --git a/app/seafile/secrets/seafile/conf/mykey.peer b/app/seafile/secrets/seafile/conf/mykey.peer new file mode 100644 index 0000000..12f0e5f --- /dev/null +++ b/app/seafile/secrets/seafile/conf/mykey.peer @@ -0,0 +1 @@ +USER Seafile peer key diff --git a/app/seafile/secrets/seafile/conf/mykey.peer.sample b/app/seafile/secrets/seafile/conf/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 --- a/app/seafile/secrets/seafile/conf/mykey.peer.sample +++ /dev/null diff --git a/app/secrets.py b/app/secrets.py new file mode 100644 index 0000000..00f6016 --- /dev/null +++ b/app/secrets.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +""" +TODO: this will be a utility to handle secrets in the Consul database +for the various components of the Deuxfleurs infrastructure + +Functionnalities: +- check that secrets are correctly configured +- help user fill in secrets +- create LDAP service users and fill in corresponding secrets +- maybe one day: manage SSL certificates and keys + +It uses files placed in <module_name>/secrets/* to know what secrets +it should handle. These secret files contain directives for what to do +about these secrets. + +Example directives: + +USER <description> +(a secret that must be filled in by the user) + +USER_LONG <description> +(the same, indicates that the secret fits on several lines) + +CONST <constant value> +(the secret has a constant value set here) + +CONST_LONG +<constant value, several lines> +(same) + +SERVICE_DN <service name> <service description> +(the LDAP DN of a service user) + +SERVICE_PASSWORD <service name> +(the LDAP password for the corresponding service user) + +SSL_CERT <cert name> <list of domains> +(a SSL domain for the given domains) + +SSL_KEY <cert name> +(the SSL key going with corresponding certificate) +""" + diff --git a/app/web_static/secrets/web/home_token b/app/web_static/secrets/web/home_token new file mode 100644 index 0000000..d0cf281 --- /dev/null +++ b/app/web_static/secrets/web/home_token @@ -0,0 +1 @@ +USER web home_token (what is this?) diff --git a/app/web_static/secrets/web/home_token.sample b/app/web_static/secrets/web/home_token.sample deleted file mode 100644 index e69de29..0000000 --- a/app/web_static/secrets/web/home_token.sample +++ /dev/null diff --git a/app/web_static/secrets/web/quentin.dufour.io_token b/app/web_static/secrets/web/quentin.dufour.io_token new file mode 100644 index 0000000..c47c82c --- /dev/null +++ b/app/web_static/secrets/web/quentin.dufour.io_token @@ -0,0 +1 @@ +USER web quentin.dufour.io token (what is this?) diff --git a/app/web_static/secrets/web/quentin.dufour.io_token.sample b/app/web_static/secrets/web/quentin.dufour.io_token.sample deleted file mode 100644 index e69de29..0000000 --- a/app/web_static/secrets/web/quentin.dufour.io_token.sample +++ /dev/null |