summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_apt/manifests/leap_repo.pp8
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp1
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb1
3 files changed, 9 insertions, 1 deletions
diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 3d95d8b6..7c6c49c5 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -4,8 +4,14 @@ class site_apt::leap_repo {
$platform = hiera_hash('platform')
$major_version = $platform['major_version']
+ if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
+ $archive_key = '/usr/share/keyrings/leap-experimental-archive.gpg'
+ } else {
+ $archive_key = '/usr/share/keyrings/leap-archive.gpg'
+ }
+
apt::sources_list { 'leap.list':
- content => "deb ${::site_apt::apt_url_platform_basic} ${::site_apt::apt_platform_codename} ${::site_apt::apt_platform_component}\n",
+ content => "deb [signed-by=${archive_key}] ${::site_apt::apt_url_platform_basic} ${::site_apt::apt_platform_codename} ${::site_apt::apt_platform_component}\n",
before => Exec[refresh_apt]
}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 1ae80012..deb8e8c8 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,6 +10,7 @@ class site_webapp {
$provider_domain = $node_domain['full_suffix']
$webapp = hiera('webapp')
$api_version = $webapp['api_version']
+ $secret_key_base = $webapp['secret_key_base']
$secret_token = $webapp['secret_token']
$tor = hiera('tor', false)
$sources = hiera('sources')
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index dd55d3e9..1a802f4c 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -8,6 +8,7 @@ production = {
"force_ssl" => @webapp['secure'],
"client_ca_key" => "%s/%s.key" % [scope.lookupvar('x509::variables::keys'), scope.lookupvar('site_config::params::client_ca_name')],
"client_ca_cert" => "%s/%s.crt" % [scope.lookupvar('x509::variables::local_CAs'), scope.lookupvar('site_config::params::client_ca_name')],
+ "secret_key_base" => @secret_key_base,
"secret_token" => @secret_token,
"client_cert_lifespan" => cert_options['life_span'],
"client_cert_bit_size" => cert_options['bit_size'].to_i,