Tobias Wüst
01fd12d75c
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
26 lines
887 B
Bash
Executable file
26 lines
887 B
Bash
Executable file
#!/usr/bin/env bash
|
|
# Bootstrap the OpenBao secret needed by the ess-pro Ansible role.
|
|
# Single KV v2 entry at kv/digitalboard/ess-pro with all keys flat
|
|
# (same layout as digitalboard/bookstack, digitalboard/opnform, etc.).
|
|
#
|
|
# Requires: `bao` CLI in PATH, `BAO_ADDR` exported, authenticated.
|
|
|
|
set -euo pipefail
|
|
|
|
MOUNT="${MOUNT:-kv}"
|
|
PATH_="${PATH_:-digitalboard/ess-pro}"
|
|
|
|
read -p "Element registry username (from customer.element.io): " REG_USER
|
|
read -s -p "Element registry token: " REG_TOKEN; echo
|
|
read -s -p "Keycloak ess-mas client secret: " OIDC_SECRET; echo
|
|
read -p "Garage S3 access key: " S3_AK
|
|
read -s -p "Garage S3 secret key: " S3_SK; echo
|
|
|
|
bao kv put "${MOUNT}/${PATH_}" \
|
|
username="${REG_USER}" \
|
|
token="${REG_TOKEN}" \
|
|
client_secret="${OIDC_SECRET}" \
|
|
s3_access_key="${S3_AK}" \
|
|
s3_secret_key="${S3_SK}"
|
|
|
|
echo "Done. Verify with: bao kv get ${MOUNT}/${PATH_}"
|