8 files changed, 60 insertions, 25 deletions
diff --git a/environments/global/common.yaml b/environments/global/common.yaml
index 5b21dca..094e0ff 100644
--- a/environments/global/common.yaml
+++ b/environments/global/common.yaml
@@ -1,11 +1,17 @@
 ---
 lookup_options:
-  base_installation::mounts:
+  profile::fstab::mounts:
    merge: unique
  classes:
    merge: deep
  base_installation::system_users:
    merge: unique
+  letsencrypt::hosts:
+    merge: unique
+  role::backup::backups:
+    merge: unique
+  profile::known_hosts::hosts:
+    merge: unique
 classes:
  stdlib: ~
@@ -16,22 +22,21 @@ base_installation::ldap_cn: "%{facts.ec2_metadata.hostname}"
 base_installation::ldap_server: "ldap.immae.eu"
 base_installation::ldap_uri: "ldaps://ldap.immae.eu"
 # FIXME: get all mounts without needing that hack?
-base_installation::mounts:
-  - "%{facts.ldapvar.self.vars.mounts.0}"
-  - "%{facts.ldapvar.self.vars.mounts.1}"
 base_installation::puppet_conf_path: "/etc/puppetlabs/puppet"
 base_installation::puppet_code_path: "/etc/puppetlabs/code"
 base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed"
 base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
 base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
 base_installation::system_timezone: "Europe/Paris"
-base_installation::system_users:
+base_installation::system_users: [] # Fetched via ldap
-  - userid: 1000
+profile::fstab::mounts:
-    username: "immae"
+  - "%{facts.ldapvar.self.vars.mounts.0}"
-    groups: ["wheel"]
+  - "%{facts.ldapvar.self.vars.mounts.1}"
-    keys:
+profile::xmr_stak::mining_pool: "" # Fetched via ldap
-      - host: "immae.eu"
+profile::xmr_stak::wallet: "" # Fetched via ldap
-        key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
+profile::mail::mailhub: "" # Fetched via ldap
-        key_type: "ssh-rsa"
+role::backup::mailto: "" # Fetched via ldap
-xmr_stak::mining_pool: "pool.minexmr.com:7777"
+role::backup::backups: [] # Fetched via ldap
-xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
+profile::known_hosts::hosts: [] # Fetched via ldap
+letsencrypt::email: ~ # Fetched via ldap
+letsencrypt::try_for_real_hostname: true
diff --git a/environments/global/roles/backup.yaml b/environments/global/roles/backup.yaml
new file mode 100644
index 0000000..cdd5f09
--- /dev/null
+++ b/environments/global/roles/backup.yaml
@@ -0,0 +1,11 @@
+---
+classes:
+  role::backup: ~
+role::backup::user: "backup"
+role::backup::group: "backup"
+base_installation::system_users:
+  - username: "%{lookup('role::backup::user')}"
+    userid: 2000
+    system: true
+    password: "!!"
diff --git a/environments/global/roles/cryptoportfolio.yaml b/environments/global/roles/cryptoportfolio.yaml
index 3d36e71..f875c1b 100644
--- a/environments/global/roles/cryptoportfolio.yaml
+++ b/environments/global/roles/cryptoportfolio.yaml
@@ -1,4 +1,19 @@
 ---
 classes:
  role::cryptoportfolio: ~
-cryptoportfolio::slack_webhook: "%{ldapvar.self.vars.cf_slack_webhook.0}"
+letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"
+role::cryptoportfolio::user: "cryptoportfolio"
+role::cryptoportfolio::group: "cryptoportfolio"
+role::cryptoportfolio::home: "/home/cryptoportfolio"
+role::cryptoportfolio::env: "prod"
+role::cryptoportfolio::webhook_url: "%{ldapvar.self.vars.cf_slack_webhook.0}"
+role::cryptoportfolio::pg_db: "cryptoportfolio"
+role::cryptoportfolio::pg_user: "cryptoportfolio"
+role::cryptoportfolio::pg_user_replication: "cryptoportfolio_replication"
+role::cryptoportfolio::web_host: "%{lookup('base_installation::system_hostname')}"
+role::cryptoportfolio::web_port: ""
+role::cryptoportfolio::web_ssl: true
+base_installation::system_users:
+  - username: "%{lookup('role::cryptoportfolio::user')}"
+    system: true
+    password: "!!"
diff --git a/environments/global/types/s1-2.yaml b/environments/global/types/s1-2.yaml
index 496b741..5bfdf9a 100644
--- a/environments/global/types/s1-2.yaml
+++ b/environments/global/types/s1-2.yaml
@@ -6,4 +6,5 @@ classes:
 base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
 base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
-ssl::try_letsencrypt_for_real_hostname: true
+letsencrypt::try_for_real_hostname: true
+profile::xmr_stak::cpulimit: "30"
diff --git a/environments/global/types/vps-ovhssd-1.yaml b/environments/global/types/vps-ovhssd-1.yaml
index 73f7a45..8dd512c 100644
--- a/environments/global/types/vps-ovhssd-1.yaml
+++ b/environments/global/types/vps-ovhssd-1.yaml
@@ -7,4 +7,5 @@ base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
 base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
 base_installation::grub_device: "/dev/sdb"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
-ssl::try_letsencrypt_for_real_hostname: false
+letsencrypt::try_for_real_hostname: false
+profile::xmr_stak::cpulimit: "90"
diff --git a/environments/hiera.yaml b/environments/hiera.yaml
index 5a9a6d6..61d40d8 100644
--- a/environments/hiera.yaml
+++ b/environments/hiera.yaml
@@ -8,6 +8,10 @@ defaults:
 hierarchy:
  - name: "Initialization variables"
    path: "/root/puppet_variables.json"
+    data_hash: json_data
+  - name: "Puppet ldap variables"
+    data_hash: ldap_data
  - name: "Per-role environment data"
    mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
diff --git a/environments/integration/roles/cryptoportfolio.yaml b/environments/integration/roles/cryptoportfolio.yaml
index 9825bce..6b8eb92 100644
--- a/environments/integration/roles/cryptoportfolio.yaml
+++ b/environments/integration/roles/cryptoportfolio.yaml
@@ -1,5 +1,3 @@
 ---
-cryptoportfolio::front_version: v0.0.2-3-g6200f9a
+role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a
-cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
+role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
-cryptoportfolio::bot_version: v0.5-8-g34eb08f
-cryptoportfolio::bot_sha256: f5b99c4a1cc4db0228f757705a5a909aa301e42787bc5842f8ba442fec0d3fd1
diff --git a/environments/production/roles/cryptoportfolio.yaml b/environments/production/roles/cryptoportfolio.yaml
index c9328e1..566c7f2 100644
--- a/environments/production/roles/cryptoportfolio.yaml
+++ b/environments/production/roles/cryptoportfolio.yaml
@@ -1,5 +1,5 @@
 ---
-cryptoportfolio::front_version: v0.0.2-3-g6200f9a
+role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a
-cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
+role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
-cryptoportfolio::bot_version: v0.5.1
+role::cryptoportfolio::bot_version: v0.5.1
-cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54
+role::cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54