From d4d0b100ad39bf7ae560c2f714b75fdcf47e9a87 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sat, 16 Jan 2021 17:37:34 +0100 Subject: Document secrets and add stub utility to manage them --- app/.gitignore | 11 ------ app/email/config/dkim/smtp.private.sample | 0 app/email/config/dkim/smtp.txt.sample | 0 app/email/secrets/email/dkim/smtp.private | 1 + app/email/secrets/email/dkim/smtp.private.sample | 0 app/email/secrets/email/dovecot/dovecot.crt | 1 + app/email/secrets/email/dovecot/dovecot.crt.sample | 0 app/email/secrets/email/dovecot/dovecot.key | 1 + app/email/secrets/email/dovecot/dovecot.key.sample | 0 app/email/secrets/email/dovecot/ldap_binddn | 1 + app/email/secrets/email/dovecot/ldap_binddn.sample | 0 app/email/secrets/email/dovecot/ldap_bindpwd | 1 + .../secrets/email/dovecot/ldap_bindpwd.sample | 0 app/email/secrets/email/postfix/postfix.crt | 1 + app/email/secrets/email/postfix/postfix.crt.sample | 0 app/email/secrets/email/postfix/postfix.key | 1 + app/email/secrets/email/postfix/postfix.key.sample | 0 app/email/secrets/email/sogo/ldap_binddn | 1 + app/email/secrets/email/sogo/ldap_binddn.sample | 0 app/email/secrets/email/sogo/ldap_bindpw | 1 + app/email/secrets/email/sogo/ldap_bindpw.sample | 0 app/email/secrets/email/sogo/postgre_auth | 1 + app/email/secrets/email/sogo/postgre_auth.sample | 0 app/im/secrets/chat/coturn/static-auth | 1 + app/im/secrets/chat/coturn/static-auth.sample | 0 app/im/secrets/chat/fb2mx/as_token | 1 + app/im/secrets/chat/fb2mx/as_token.sample | 0 app/im/secrets/chat/fb2mx/db_url | 1 + app/im/secrets/chat/fb2mx/db_url.sample | 1 - app/im/secrets/chat/fb2mx/hs_token | 1 + app/im/secrets/chat/fb2mx/hs_token.sample | 0 app/im/secrets/chat/synapse/homeserver.tls.crt | 1 + .../secrets/chat/synapse/homeserver.tls.crt.sample | 0 app/im/secrets/chat/synapse/homeserver.tls.dh | 1 + .../secrets/chat/synapse/homeserver.tls.dh.sample | 0 app/im/secrets/chat/synapse/homeserver.tls.key | 1 + .../secrets/chat/synapse/homeserver.tls.key.sample | 0 app/im/secrets/chat/synapse/ldap_binddn | 1 + app/im/secrets/chat/synapse/ldap_binddn.sample | 0 app/im/secrets/chat/synapse/ldap_bindpw | 1 + app/im/secrets/chat/synapse/ldap_bindpw.sample | 0 app/im/secrets/chat/synapse/postgres_db | 1 + app/im/secrets/chat/synapse/postgres_db.sample | 0 app/im/secrets/chat/synapse/postgres_pwd | 1 + app/im/secrets/chat/synapse/postgres_pwd.sample | 0 app/im/secrets/chat/synapse/postgres_user | 1 + app/im/secrets/chat/synapse/postgres_user.sample | 0 .../chat/synapse/registration_shared_secret | 1 + .../chat/synapse/registration_shared_secret.sample | 0 .../secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt | 1 + .../jitsi/auth.jitsi.deuxfleurs.fr.crt.sample | 0 .../secrets/jitsi/auth.jitsi.deuxfleurs.fr.key | 1 + .../jitsi/auth.jitsi.deuxfleurs.fr.key.sample | 0 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt | 1 + .../secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample | 0 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key | 1 + .../secrets/jitsi/jitsi.deuxfleurs.fr.key.sample | 0 app/platoo/secrets/platoo/bddpw | 1 + app/platoo/secrets/platoo/bddpw.sample | 0 app/postgres/secrets/postgres/keeper/pg_repl_pwd | 1 + .../secrets/postgres/keeper/pg_repl_pwd.sample | 0 .../secrets/postgres/keeper/pg_repl_username | 1 + .../postgres/keeper/pg_repl_username.sample | 0 app/postgres/secrets/postgres/keeper/pg_su_pwd | 1 + .../secrets/postgres/keeper/pg_su_pwd.sample | 0 app/seafile/config/conf/mykey.peer.sample | 0 app/seafile/secrets/mariadb/main/ldap_binddn | 1 + .../secrets/mariadb/main/ldap_binddn.sample | 0 app/seafile/secrets/mariadb/main/ldap_bindpwd | 1 + .../secrets/mariadb/main/ldap_bindpwd.sample | 0 app/seafile/secrets/mariadb/main/mysql_pwd | 1 + app/seafile/secrets/mariadb/main/mysql_pwd.sample | 0 app/seafile/secrets/seafile/conf/mykey.peer | 1 + app/seafile/secrets/seafile/conf/mykey.peer.sample | 0 app/secrets.py | 44 ++++++++++++++++++++++ app/web_static/secrets/web/home_token | 1 + app/web_static/secrets/web/home_token.sample | 0 app/web_static/secrets/web/quentin.dufour.io_token | 1 + .../secrets/web/quentin.dufour.io_token.sample | 0 79 files changed, 81 insertions(+), 12 deletions(-) delete mode 100644 app/.gitignore delete mode 100644 app/email/config/dkim/smtp.private.sample delete mode 100644 app/email/config/dkim/smtp.txt.sample create mode 100644 app/email/secrets/email/dkim/smtp.private delete mode 100644 app/email/secrets/email/dkim/smtp.private.sample create mode 100644 app/email/secrets/email/dovecot/dovecot.crt delete mode 100644 app/email/secrets/email/dovecot/dovecot.crt.sample create mode 100644 app/email/secrets/email/dovecot/dovecot.key delete mode 100644 app/email/secrets/email/dovecot/dovecot.key.sample create mode 100644 app/email/secrets/email/dovecot/ldap_binddn delete mode 100644 app/email/secrets/email/dovecot/ldap_binddn.sample create mode 100644 app/email/secrets/email/dovecot/ldap_bindpwd delete mode 100644 app/email/secrets/email/dovecot/ldap_bindpwd.sample create mode 100644 app/email/secrets/email/postfix/postfix.crt delete mode 100644 app/email/secrets/email/postfix/postfix.crt.sample create mode 100644 app/email/secrets/email/postfix/postfix.key delete mode 100644 app/email/secrets/email/postfix/postfix.key.sample create mode 100644 app/email/secrets/email/sogo/ldap_binddn delete mode 100644 app/email/secrets/email/sogo/ldap_binddn.sample create mode 100644 app/email/secrets/email/sogo/ldap_bindpw delete mode 100644 app/email/secrets/email/sogo/ldap_bindpw.sample create mode 100644 app/email/secrets/email/sogo/postgre_auth delete mode 100644 app/email/secrets/email/sogo/postgre_auth.sample create mode 100644 app/im/secrets/chat/coturn/static-auth delete mode 100644 app/im/secrets/chat/coturn/static-auth.sample create mode 100644 app/im/secrets/chat/fb2mx/as_token delete mode 100644 app/im/secrets/chat/fb2mx/as_token.sample create mode 100644 app/im/secrets/chat/fb2mx/db_url delete mode 100644 app/im/secrets/chat/fb2mx/db_url.sample create mode 100644 app/im/secrets/chat/fb2mx/hs_token delete mode 100644 app/im/secrets/chat/fb2mx/hs_token.sample create mode 100644 app/im/secrets/chat/synapse/homeserver.tls.crt delete mode 100644 app/im/secrets/chat/synapse/homeserver.tls.crt.sample create mode 100644 app/im/secrets/chat/synapse/homeserver.tls.dh delete mode 100644 app/im/secrets/chat/synapse/homeserver.tls.dh.sample create mode 100644 app/im/secrets/chat/synapse/homeserver.tls.key delete mode 100644 app/im/secrets/chat/synapse/homeserver.tls.key.sample create mode 100644 app/im/secrets/chat/synapse/ldap_binddn delete mode 100644 app/im/secrets/chat/synapse/ldap_binddn.sample create mode 100644 app/im/secrets/chat/synapse/ldap_bindpw delete mode 100644 app/im/secrets/chat/synapse/ldap_bindpw.sample create mode 100644 app/im/secrets/chat/synapse/postgres_db delete mode 100644 app/im/secrets/chat/synapse/postgres_db.sample create mode 100644 app/im/secrets/chat/synapse/postgres_pwd delete mode 100644 app/im/secrets/chat/synapse/postgres_pwd.sample create mode 100644 app/im/secrets/chat/synapse/postgres_user delete mode 100644 app/im/secrets/chat/synapse/postgres_user.sample create mode 100644 app/im/secrets/chat/synapse/registration_shared_secret delete mode 100644 app/im/secrets/chat/synapse/registration_shared_secret.sample create mode 100644 app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt delete mode 100644 app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample create mode 100644 app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key delete mode 100644 app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample create mode 100644 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt delete mode 100644 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample create mode 100644 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key delete mode 100644 app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample create mode 100644 app/platoo/secrets/platoo/bddpw delete mode 100644 app/platoo/secrets/platoo/bddpw.sample create mode 100644 app/postgres/secrets/postgres/keeper/pg_repl_pwd delete mode 100644 app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample create mode 100644 app/postgres/secrets/postgres/keeper/pg_repl_username delete mode 100644 app/postgres/secrets/postgres/keeper/pg_repl_username.sample create mode 100644 app/postgres/secrets/postgres/keeper/pg_su_pwd delete mode 100644 app/postgres/secrets/postgres/keeper/pg_su_pwd.sample delete mode 100644 app/seafile/config/conf/mykey.peer.sample create mode 100644 app/seafile/secrets/mariadb/main/ldap_binddn delete mode 100644 app/seafile/secrets/mariadb/main/ldap_binddn.sample create mode 100644 app/seafile/secrets/mariadb/main/ldap_bindpwd delete mode 100644 app/seafile/secrets/mariadb/main/ldap_bindpwd.sample create mode 100644 app/seafile/secrets/mariadb/main/mysql_pwd delete mode 100644 app/seafile/secrets/mariadb/main/mysql_pwd.sample create mode 100644 app/seafile/secrets/seafile/conf/mykey.peer delete mode 100644 app/seafile/secrets/seafile/conf/mykey.peer.sample create mode 100644 app/secrets.py create mode 100644 app/web_static/secrets/web/home_token delete mode 100644 app/web_static/secrets/web/home_token.sample create mode 100644 app/web_static/secrets/web/quentin.dufour.io_token delete mode 100644 app/web_static/secrets/web/quentin.dufour.io_token.sample diff --git a/app/.gitignore b/app/.gitignore deleted file mode 100644 index cc6b143..0000000 --- a/app/.gitignore +++ /dev/null @@ -1,11 +0,0 @@ -# Blacklist everything cleverly -*/secrets/* -!*/secrets/*/ - -# Whitelist some patterns -!*.sample -!*.gen -!*.sh -!.gitignore - -# Whitelist specific files diff --git a/app/email/config/dkim/smtp.private.sample b/app/email/config/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/config/dkim/smtp.txt.sample b/app/email/config/dkim/smtp.txt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/dkim/smtp.private b/app/email/secrets/email/dkim/smtp.private new file mode 100644 index 0000000..3aa3621 --- /dev/null +++ b/app/email/secrets/email/dkim/smtp.private @@ -0,0 +1 @@ +RSA_PRIVATE_KEY dkim diff --git a/app/email/secrets/email/dkim/smtp.private.sample b/app/email/secrets/email/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/dovecot/dovecot.crt b/app/email/secrets/email/dovecot/dovecot.crt new file mode 100644 index 0000000..7229cfc --- /dev/null +++ b/app/email/secrets/email/dovecot/dovecot.crt @@ -0,0 +1 @@ +SSL_CERT dovecot deuxfleurs.fr diff --git a/app/email/secrets/email/dovecot/dovecot.crt.sample b/app/email/secrets/email/dovecot/dovecot.crt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/dovecot/dovecot.key b/app/email/secrets/email/dovecot/dovecot.key new file mode 100644 index 0000000..0d42c79 --- /dev/null +++ b/app/email/secrets/email/dovecot/dovecot.key @@ -0,0 +1 @@ +SSL_KEY dovecot diff --git a/app/email/secrets/email/dovecot/dovecot.key.sample b/app/email/secrets/email/dovecot/dovecot.key.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/dovecot/ldap_binddn b/app/email/secrets/email/dovecot/ldap_binddn new file mode 100644 index 0000000..da380f2 --- /dev/null +++ b/app/email/secrets/email/dovecot/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN dovecot Dovecot IMAP server diff --git a/app/email/secrets/email/dovecot/ldap_binddn.sample b/app/email/secrets/email/dovecot/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd b/app/email/secrets/email/dovecot/ldap_bindpwd new file mode 100644 index 0000000..068f663 --- /dev/null +++ b/app/email/secrets/email/dovecot/ldap_bindpwd @@ -0,0 +1 @@ +SERVICE_PASSWORD dovecot diff --git a/app/email/secrets/email/dovecot/ldap_bindpwd.sample b/app/email/secrets/email/dovecot/ldap_bindpwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/postfix/postfix.crt b/app/email/secrets/email/postfix/postfix.crt new file mode 100644 index 0000000..f004d67 --- /dev/null +++ b/app/email/secrets/email/postfix/postfix.crt @@ -0,0 +1 @@ +SSL_CERT postfix deuxfleurs.fr diff --git a/app/email/secrets/email/postfix/postfix.crt.sample b/app/email/secrets/email/postfix/postfix.crt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/postfix/postfix.key b/app/email/secrets/email/postfix/postfix.key new file mode 100644 index 0000000..2cf1706 --- /dev/null +++ b/app/email/secrets/email/postfix/postfix.key @@ -0,0 +1 @@ +SSL_KEY postfix diff --git a/app/email/secrets/email/postfix/postfix.key.sample b/app/email/secrets/email/postfix/postfix.key.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/sogo/ldap_binddn b/app/email/secrets/email/sogo/ldap_binddn new file mode 100644 index 0000000..df627d3 --- /dev/null +++ b/app/email/secrets/email/sogo/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN sogo SoGo email frontend diff --git a/app/email/secrets/email/sogo/ldap_binddn.sample b/app/email/secrets/email/sogo/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/sogo/ldap_bindpw b/app/email/secrets/email/sogo/ldap_bindpw new file mode 100644 index 0000000..8d2f35b --- /dev/null +++ b/app/email/secrets/email/sogo/ldap_bindpw @@ -0,0 +1 @@ +SERVICE_PASSWORD sogo diff --git a/app/email/secrets/email/sogo/ldap_bindpw.sample b/app/email/secrets/email/sogo/ldap_bindpw.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/email/secrets/email/sogo/postgre_auth b/app/email/secrets/email/sogo/postgre_auth new file mode 100644 index 0000000..4f66253 --- /dev/null +++ b/app/email/secrets/email/sogo/postgre_auth @@ -0,0 +1 @@ +USER SoGo postgres auth (format: sogo:) (TODO: replace this with two separate files and change template) diff --git a/app/email/secrets/email/sogo/postgre_auth.sample b/app/email/secrets/email/sogo/postgre_auth.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth new file mode 100644 index 0000000..d23be29 --- /dev/null +++ b/app/im/secrets/chat/coturn/static-auth @@ -0,0 +1 @@ +USER cotorn static-auth (what is this?) diff --git a/app/im/secrets/chat/coturn/static-auth.sample b/app/im/secrets/chat/coturn/static-auth.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/fb2mx/as_token b/app/im/secrets/chat/fb2mx/as_token new file mode 100644 index 0000000..20b76d4 --- /dev/null +++ b/app/im/secrets/chat/fb2mx/as_token @@ -0,0 +1 @@ +USER fb2mx API server token diff --git a/app/im/secrets/chat/fb2mx/as_token.sample b/app/im/secrets/chat/fb2mx/as_token.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/fb2mx/db_url b/app/im/secrets/chat/fb2mx/db_url new file mode 100644 index 0000000..f06e265 --- /dev/null +++ b/app/im/secrets/chat/fb2mx/db_url @@ -0,0 +1 @@ +USER fb2mx database URL, format: postgres://username:password@hostname/dbname diff --git a/app/im/secrets/chat/fb2mx/db_url.sample b/app/im/secrets/chat/fb2mx/db_url.sample deleted file mode 100644 index aff4635..0000000 --- a/app/im/secrets/chat/fb2mx/db_url.sample +++ /dev/null @@ -1 +0,0 @@ -postgres://username:password@hostname/dbname diff --git a/app/im/secrets/chat/fb2mx/hs_token b/app/im/secrets/chat/fb2mx/hs_token new file mode 100644 index 0000000..8808f8f --- /dev/null +++ b/app/im/secrets/chat/fb2mx/hs_token @@ -0,0 +1 @@ +USER fb2mx homeserver token diff --git a/app/im/secrets/chat/fb2mx/hs_token.sample b/app/im/secrets/chat/fb2mx/hs_token.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt b/app/im/secrets/chat/synapse/homeserver.tls.crt new file mode 100644 index 0000000..b696093 --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.crt @@ -0,0 +1 @@ +SSL_CERT synapse im.deuxfleurs.fr diff --git a/app/im/secrets/chat/synapse/homeserver.tls.crt.sample b/app/im/secrets/chat/synapse/homeserver.tls.crt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh b/app/im/secrets/chat/synapse/homeserver.tls.dh new file mode 100644 index 0000000..0231fed --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.dh @@ -0,0 +1 @@ +USER_LONG DH parameters for matrix ssl key? how does this work? diff --git a/app/im/secrets/chat/synapse/homeserver.tls.dh.sample b/app/im/secrets/chat/synapse/homeserver.tls.dh.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key b/app/im/secrets/chat/synapse/homeserver.tls.key new file mode 100644 index 0000000..feee544 --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.tls.key @@ -0,0 +1 @@ +SSL_KEY synapse im.deuxfleurs.fr diff --git a/app/im/secrets/chat/synapse/homeserver.tls.key.sample b/app/im/secrets/chat/synapse/homeserver.tls.key.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/ldap_binddn b/app/im/secrets/chat/synapse/ldap_binddn new file mode 100644 index 0000000..2631bef --- /dev/null +++ b/app/im/secrets/chat/synapse/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN matrix Matrix chat server diff --git a/app/im/secrets/chat/synapse/ldap_binddn.sample b/app/im/secrets/chat/synapse/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/ldap_bindpw b/app/im/secrets/chat/synapse/ldap_bindpw new file mode 100644 index 0000000..ba07446 --- /dev/null +++ b/app/im/secrets/chat/synapse/ldap_bindpw @@ -0,0 +1 @@ +SERVICE_PASSWORD matrix diff --git a/app/im/secrets/chat/synapse/ldap_bindpw.sample b/app/im/secrets/chat/synapse/ldap_bindpw.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/postgres_db b/app/im/secrets/chat/synapse/postgres_db new file mode 100644 index 0000000..74eefa7 --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_db @@ -0,0 +1 @@ +CONST synapse diff --git a/app/im/secrets/chat/synapse/postgres_db.sample b/app/im/secrets/chat/synapse/postgres_db.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/postgres_pwd b/app/im/secrets/chat/synapse/postgres_pwd new file mode 100644 index 0000000..ba07446 --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD matrix diff --git a/app/im/secrets/chat/synapse/postgres_pwd.sample b/app/im/secrets/chat/synapse/postgres_pwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/postgres_user b/app/im/secrets/chat/synapse/postgres_user new file mode 100644 index 0000000..b08e86a --- /dev/null +++ b/app/im/secrets/chat/synapse/postgres_user @@ -0,0 +1 @@ +CONST matrix diff --git a/app/im/secrets/chat/synapse/postgres_user.sample b/app/im/secrets/chat/synapse/postgres_user.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/im/secrets/chat/synapse/registration_shared_secret b/app/im/secrets/chat/synapse/registration_shared_secret new file mode 100644 index 0000000..395cccc --- /dev/null +++ b/app/im/secrets/chat/synapse/registration_shared_secret @@ -0,0 +1 @@ +USER Shared secret for homeserver registrations (?) diff --git a/app/im/secrets/chat/synapse/registration_shared_secret.sample b/app/im/secrets/chat/synapse/registration_shared_secret.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt new file mode 100644 index 0000000..f2c4d4b --- /dev/null +++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt @@ -0,0 +1 @@ +SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key new file mode 100644 index 0000000..4a332f8 --- /dev/null +++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key @@ -0,0 +1 @@ +SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt new file mode 100644 index 0000000..32750d3 --- /dev/null +++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt @@ -0,0 +1 @@ +SSL_CERT jitsi jitsi.deuxfleurs.fr diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key new file mode 100644 index 0000000..7676132 --- /dev/null +++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key @@ -0,0 +1 @@ +SSL_KEY jitsi diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/platoo/secrets/platoo/bddpw b/app/platoo/secrets/platoo/bddpw new file mode 100644 index 0000000..1c9d86e --- /dev/null +++ b/app/platoo/secrets/platoo/bddpw @@ -0,0 +1 @@ +SERVICE_PASSWORD platoo diff --git a/app/platoo/secrets/platoo/bddpw.sample b/app/platoo/secrets/platoo/bddpw.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd b/app/postgres/secrets/postgres/keeper/pg_repl_pwd new file mode 100644 index 0000000..ae0c229 --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_repl_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD replicator diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_repl_pwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username b/app/postgres/secrets/postgres/keeper/pg_repl_username new file mode 100644 index 0000000..58e6e46 --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_repl_username @@ -0,0 +1 @@ +CONST replicator diff --git a/app/postgres/secrets/postgres/keeper/pg_repl_username.sample b/app/postgres/secrets/postgres/keeper/pg_repl_username.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd b/app/postgres/secrets/postgres/keeper/pg_su_pwd new file mode 100644 index 0000000..a193b9e --- /dev/null +++ b/app/postgres/secrets/postgres/keeper/pg_su_pwd @@ -0,0 +1 @@ +SERVICE_PASSWORD postgres diff --git a/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample b/app/postgres/secrets/postgres/keeper/pg_su_pwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/seafile/config/conf/mykey.peer.sample b/app/seafile/config/conf/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn b/app/seafile/secrets/mariadb/main/ldap_binddn new file mode 100644 index 0000000..e77ff39 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/ldap_binddn @@ -0,0 +1 @@ +SERVICE_DN mysql MySQL/MariaDB database diff --git a/app/seafile/secrets/mariadb/main/ldap_binddn.sample b/app/seafile/secrets/mariadb/main/ldap_binddn.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd b/app/seafile/secrets/mariadb/main/ldap_bindpwd new file mode 100644 index 0000000..c29f983 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/ldap_bindpwd @@ -0,0 +1 @@ +SERVICE_PASSWORD mysql diff --git a/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample b/app/seafile/secrets/mariadb/main/ldap_bindpwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd b/app/seafile/secrets/mariadb/main/mysql_pwd new file mode 100644 index 0000000..ae7fd75 --- /dev/null +++ b/app/seafile/secrets/mariadb/main/mysql_pwd @@ -0,0 +1 @@ +USER mysql_pwd (what is this?) diff --git a/app/seafile/secrets/mariadb/main/mysql_pwd.sample b/app/seafile/secrets/mariadb/main/mysql_pwd.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/seafile/secrets/seafile/conf/mykey.peer b/app/seafile/secrets/seafile/conf/mykey.peer new file mode 100644 index 0000000..12f0e5f --- /dev/null +++ b/app/seafile/secrets/seafile/conf/mykey.peer @@ -0,0 +1 @@ +USER Seafile peer key diff --git a/app/seafile/secrets/seafile/conf/mykey.peer.sample b/app/seafile/secrets/seafile/conf/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/secrets.py b/app/secrets.py new file mode 100644 index 0000000..00f6016 --- /dev/null +++ b/app/secrets.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +""" +TODO: this will be a utility to handle secrets in the Consul database +for the various components of the Deuxfleurs infrastructure + +Functionnalities: +- check that secrets are correctly configured +- help user fill in secrets +- create LDAP service users and fill in corresponding secrets +- maybe one day: manage SSL certificates and keys + +It uses files placed in /secrets/* to know what secrets +it should handle. These secret files contain directives for what to do +about these secrets. + +Example directives: + +USER +(a secret that must be filled in by the user) + +USER_LONG +(the same, indicates that the secret fits on several lines) + +CONST +(the secret has a constant value set here) + +CONST_LONG + +(same) + +SERVICE_DN +(the LDAP DN of a service user) + +SERVICE_PASSWORD +(the LDAP password for the corresponding service user) + +SSL_CERT +(a SSL domain for the given domains) + +SSL_KEY +(the SSL key going with corresponding certificate) +""" + diff --git a/app/web_static/secrets/web/home_token b/app/web_static/secrets/web/home_token new file mode 100644 index 0000000..d0cf281 --- /dev/null +++ b/app/web_static/secrets/web/home_token @@ -0,0 +1 @@ +USER web home_token (what is this?) diff --git a/app/web_static/secrets/web/home_token.sample b/app/web_static/secrets/web/home_token.sample deleted file mode 100644 index e69de29..0000000 diff --git a/app/web_static/secrets/web/quentin.dufour.io_token b/app/web_static/secrets/web/quentin.dufour.io_token new file mode 100644 index 0000000..c47c82c --- /dev/null +++ b/app/web_static/secrets/web/quentin.dufour.io_token @@ -0,0 +1 @@ +USER web quentin.dufour.io token (what is this?) diff --git a/app/web_static/secrets/web/quentin.dufour.io_token.sample b/app/web_static/secrets/web/quentin.dufour.io_token.sample deleted file mode 100644 index e69de29..0000000 -- cgit v1.2.3