Add Nomad var example and remove old examples
This commit is contained in:
parent
72c30d4d74
commit
9b11ad9a69
@ -75,10 +75,6 @@
|
|||||||
{
|
{
|
||||||
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
|
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"path": "detect_secrets.filters.common.is_baseline_file",
|
|
||||||
"filename": ".secrets-baseline"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
|
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
|
||||||
"min_level": 2
|
"min_level": 2
|
||||||
@ -113,7 +109,7 @@
|
|||||||
{
|
{
|
||||||
"path": "detect_secrets.filters.regex.should_exclude_secret",
|
"path": "detect_secrets.filters.regex.should_exclude_secret",
|
||||||
"pattern": [
|
"pattern": [
|
||||||
"(\\${.*}|from_env|fake|!secret)"
|
"(\\${.*}|from_env|fake|!secret|VALUE)"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@ -124,24 +120,21 @@
|
|||||||
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
||||||
"hashed_secret": "f2baa52d02ca888455ce47823f47bf372d5eecb3",
|
"hashed_secret": "f2baa52d02ca888455ce47823f47bf372d5eecb3",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 8,
|
"line_number": 8
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
||||||
"hashed_secret": "18960546905b75c869e7de63961dc185f9a0a7c9",
|
"hashed_secret": "18960546905b75c869e7de63961dc185f9a0a7c9",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 10,
|
"line_number": 10
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
"filename": "ansible_playbooks/vars/vault_hashi_vault_values.example.yml",
|
||||||
"hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
|
"hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 22,
|
"line_number": 22
|
||||||
"is_secret": false
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"core/authelia.yml": [
|
"core/authelia.yml": [
|
||||||
@ -150,16 +143,14 @@
|
|||||||
"filename": "core/authelia.yml",
|
"filename": "core/authelia.yml",
|
||||||
"hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
|
"hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 54,
|
"line_number": 54
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/authelia.yml",
|
"filename": "core/authelia.yml",
|
||||||
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 185,
|
"line_number": 191
|
||||||
"is_secret": false
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"core/metrics/grafana/grafana.ini": [
|
"core/metrics/grafana/grafana.ini": [
|
||||||
@ -168,50 +159,44 @@
|
|||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
|
"hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 78,
|
"line_number": 78
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "55ebda65c08313526e7ba08ad733e5ebea9900bd",
|
"hashed_secret": "55ebda65c08313526e7ba08ad733e5ebea9900bd",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 109,
|
"line_number": 109
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997",
|
"hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 151,
|
"line_number": 151
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "10bea62ff1e1a7540dc7a6bc10f5fa992349023f",
|
"hashed_secret": "10bea62ff1e1a7540dc7a6bc10f5fa992349023f",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 154,
|
"line_number": 154
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "5718bce97710e6be87ea160b36eaefb5032857d3",
|
"hashed_secret": "5718bce97710e6be87ea160b36eaefb5032857d3",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 239,
|
"line_number": 239
|
||||||
"is_secret": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "Secret Keyword",
|
"type": "Secret Keyword",
|
||||||
"filename": "core/metrics/grafana/grafana.ini",
|
"filename": "core/metrics/grafana/grafana.ini",
|
||||||
"hashed_secret": "10aed9d7ebef778a9b3033dba3f7813b639e0d50",
|
"hashed_secret": "10aed9d7ebef778a9b3033dba3f7813b639e0d50",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 252,
|
"line_number": 252
|
||||||
"is_secret": false
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"generated_at": "2023-07-07T23:34:07Z"
|
"generated_at": "2023-07-11T19:43:38Z"
|
||||||
}
|
}
|
||||||
|
4
Makefile
4
Makefile
@ -30,8 +30,8 @@ check: $(VENV)
|
|||||||
$(VENV)/bin/pre-commit run --all-files
|
$(VENV)/bin/pre-commit run --all-files
|
||||||
|
|
||||||
# Creates a new secrets baseline
|
# Creates a new secrets baseline
|
||||||
.secrets-baseline: $(VENV)
|
.secrets-baseline: $(VENV) Makefile
|
||||||
$(VENV)/bin/detect-secrets scan --exclude-secrets '(\$${.*}|from_env|fake|!secret)' > .secrets-baseline
|
$(VENV)/bin/detect-secrets scan --exclude-secrets '(\$${.*}|from_env|fake|!secret|VALUE)' > .secrets-baseline
|
||||||
|
|
||||||
# Audits secrets against baseline
|
# Audits secrets against baseline
|
||||||
.PHONY: secrets-audit
|
.PHONY: secrets-audit
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
consul_values:
|
|
||||||
"blocky/whitelists/ads": |
|
|
||||||
- |
|
|
||||||
somedomain.com
|
|
168
ansible_playbooks/vars/nomad_vars.sample.yml
Normal file
168
ansible_playbooks/vars/nomad_vars.sample.yml
Normal file
@ -0,0 +1,168 @@
|
|||||||
|
nomad/jobs:
|
||||||
|
base_hostname: VALUE
|
||||||
|
db_user_ro: VALUE
|
||||||
|
ldap_base_dn: VALUE
|
||||||
|
mysql_root_password: VALUE
|
||||||
|
notify_email: VALUE
|
||||||
|
smtp_password: VALUE
|
||||||
|
smtp_port: VALUE
|
||||||
|
smtp_server: VALUE
|
||||||
|
smtp_tls: VALUE
|
||||||
|
smtp_user: VALUE
|
||||||
|
nomad/jobs/adminer:
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/authelia:
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
email_sender: VALUE
|
||||||
|
jwt_secret: VALUE
|
||||||
|
ldap_stunnel_psk: VALUE
|
||||||
|
lldap_admin_password: VALUE
|
||||||
|
lldap_admin_user: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
oidc_clients: VALUE
|
||||||
|
oidc_hmac_secret: VALUE
|
||||||
|
oidc_issuer_certificate_chain: VALUE
|
||||||
|
oidc_issuer_private_key: VALUE
|
||||||
|
redis_stunnel_psk: VALUE
|
||||||
|
session_secret: VALUE
|
||||||
|
storage_encryption_key: VALUE
|
||||||
|
nomad/jobs/backup:
|
||||||
|
backup_passphrase: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nas_ftp_host: VALUE
|
||||||
|
nas_ftp_pass: VALUE
|
||||||
|
nas_ftp_user: VALUE
|
||||||
|
nomad/jobs/backup-oneoff-n1:
|
||||||
|
backup_passphrase: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nas_ftp_host: VALUE
|
||||||
|
nas_ftp_pass: VALUE
|
||||||
|
nas_ftp_user: VALUE
|
||||||
|
nomad/jobs/backup-oneoff-n2:
|
||||||
|
backup_passphrase: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nas_ftp_host: VALUE
|
||||||
|
nas_ftp_pass: VALUE
|
||||||
|
nas_ftp_user: VALUE
|
||||||
|
nomad/jobs/backup-oneoff-pi4:
|
||||||
|
backup_passphrase: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nas_ftp_host: VALUE
|
||||||
|
nas_ftp_pass: VALUE
|
||||||
|
nas_ftp_user: VALUE
|
||||||
|
nomad/jobs/blocky:
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
mappings: VALUE
|
||||||
|
whitelists_ads: VALUE
|
||||||
|
nomad/jobs/blocky/blocky/stunnel:
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
redis_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/ddclient:
|
||||||
|
domain: VALUE
|
||||||
|
domain_ddclient: VALUE
|
||||||
|
zone: VALUE
|
||||||
|
nomad/jobs/diun:
|
||||||
|
slack_hook_url: VALUE
|
||||||
|
nomad/jobs/gitea:
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
secret_key: VALUE
|
||||||
|
nomad/jobs/grafana:
|
||||||
|
admin_pw: VALUE
|
||||||
|
alert_email_addresses: VALUE
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_pass_ro: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
db_user_ro: VALUE
|
||||||
|
minio_access_key: VALUE
|
||||||
|
minio_secret_key: VALUE
|
||||||
|
oidc_secret: VALUE
|
||||||
|
slack_bot_token: VALUE
|
||||||
|
slack_bot_url: VALUE
|
||||||
|
slack_hook_url: VALUE
|
||||||
|
smtp_password: VALUE
|
||||||
|
smtp_user: VALUE
|
||||||
|
nomad/jobs/grafana/grafana/stunnel:
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/immich:
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
nomad/jobs/ipdvr/bazarr:
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
nomad/jobs/ipdvr/bazarr/bootstrap:
|
||||||
|
superuser: VALUE
|
||||||
|
superuser_pass: VALUE
|
||||||
|
nomad/jobs/ipdvr/lidarr:
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
nomad/jobs/ipdvr/lidarr/bootstrap:
|
||||||
|
superuser: VALUE
|
||||||
|
superuser_pass: VALUE
|
||||||
|
nomad/jobs/ipdvr/radarr:
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
nomad/jobs/ipdvr/radarr/bootstrap:
|
||||||
|
superuser: VALUE
|
||||||
|
superuser_pass: VALUE
|
||||||
|
nomad/jobs/lldap:
|
||||||
|
admin_email: VALUE
|
||||||
|
admin_password: VALUE
|
||||||
|
admin_user: VALUE
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
jwt_secret: VALUE
|
||||||
|
key_seed: VALUE
|
||||||
|
smtp_from: VALUE
|
||||||
|
smtp_reply_to: VALUE
|
||||||
|
nomad/jobs/lldap/lldap/bootstrap:
|
||||||
|
mysql_root_password: VALUE
|
||||||
|
nomad/jobs/lldap/lldap/stunnel:
|
||||||
|
allowed_psks: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/minitor:
|
||||||
|
mailgun_api_key: VALUE
|
||||||
|
nomad/jobs/mysql-server:
|
||||||
|
allowed_psks: VALUE
|
||||||
|
root_password: VALUE
|
||||||
|
nomad/jobs/photoprism:
|
||||||
|
admin_password: VALUE
|
||||||
|
admin_user: VALUE
|
||||||
|
db_name: VALUE
|
||||||
|
db_pass: VALUE
|
||||||
|
db_user: VALUE
|
||||||
|
mysql_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/postgres-server:
|
||||||
|
superuser: VALUE
|
||||||
|
superuser_pass: VALUE
|
||||||
|
nomad/jobs/redis-authelia:
|
||||||
|
allowed_psks: VALUE
|
||||||
|
nomad/jobs/redis-blocky:
|
||||||
|
allowed_psks: VALUE
|
||||||
|
nomad/jobs/rediscommander:
|
||||||
|
redis_stunnel_psk: VALUE
|
||||||
|
nomad/jobs/traefik:
|
||||||
|
acme_email: VALUE
|
||||||
|
domain_lego_dns: VALUE
|
||||||
|
usersfile: VALUE
|
||||||
|
nomad/oidc:
|
||||||
|
secret: VALUE
|
||||||
|
secrets/mysql:
|
||||||
|
mysql_root_password: VALUE
|
||||||
|
secrets/postgres:
|
||||||
|
superuser: VALUE
|
||||||
|
superuser_pass: VALUE
|
||||||
|
secrets/smtp:
|
||||||
|
password: VALUE
|
||||||
|
port: VALUE
|
||||||
|
server: VALUE
|
||||||
|
tls: VALUE
|
||||||
|
user: VALUE
|
@ -1,23 +0,0 @@
|
|||||||
# Example map of vault values to bootstrap
|
|
||||||
# These should be encrypted with Ansible Vault if actually stored here
|
|
||||||
hashi_vault_values:
|
|
||||||
nextcloud:
|
|
||||||
db_name: nextcloud
|
|
||||||
# Eventually replace this with dynamic secrets from Hashicorp Vault
|
|
||||||
db_user: nextcloud
|
|
||||||
db_pass: nextcloud
|
|
||||||
mysql:
|
|
||||||
root_password: supersecretpassword
|
|
||||||
slack:
|
|
||||||
bot_url: ...
|
|
||||||
bot_token: ...
|
|
||||||
hook_url: ...
|
|
||||||
grafana:
|
|
||||||
alert_email_addresses: email@example.com
|
|
||||||
backups:
|
|
||||||
backup_passphrase: tellnoone
|
|
||||||
|
|
||||||
vault_userpass:
|
|
||||||
- name: admin
|
|
||||||
password: foo
|
|
||||||
policies: default
|
|
@ -1,4 +1,5 @@
|
|||||||
#! /usr/bin/env python3
|
#! /usr/bin/env python3
|
||||||
|
import sys
|
||||||
import yaml
|
import yaml
|
||||||
from nomad import Nomad
|
from nomad import Nomad
|
||||||
|
|
||||||
@ -25,7 +26,24 @@ def write_nomad():
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def print_sample():
|
||||||
|
clean_vars = {}
|
||||||
|
with open("./ansible_playbooks/vars/nomad_vars.yml") as f:
|
||||||
|
vars = yaml.load(f, yaml.CLoader)
|
||||||
|
|
||||||
|
for path, items in vars.items():
|
||||||
|
if items == "DELETE":
|
||||||
|
continue
|
||||||
|
else:
|
||||||
|
clean_vars[path] = {k: "VALUE" for k in items}
|
||||||
|
|
||||||
|
print(yaml.dump(clean_vars))
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
if len(sys.argv) > 1 and sys.argv[1] == "print":
|
||||||
|
print_sample()
|
||||||
|
else:
|
||||||
write_nomad()
|
write_nomad()
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user