`progfigsite.groups` Module¶

This module should contain a separate Python file for each group. For instance:

progfigsite/
    __init__.py
    ...
    groups/
        __init__.py
        group1.py
        group2.py
        group3.py
        universal.py

Note that all nodes are members of the universal group.

Group files¶

Each group file should contain a dict named group. Groups are only used for variable definitions, so the only thing inside each group is a mapping of group names to variable values.

For instance, the node defined in example_site.groups.group1:

"""Example group"""

group = dict(
    roles=dict(
        settz={
            "timezone": "UTC",
        }
    ),
)

Group secret files with AgeSecretStore¶

Note

Information in this section only applies to AgeSecretStore

This section only applies to sites that use the progfiguration.sitehelpers.agesecrets.AgeSecretStore secret storage implementation. It’s what ships with progfiguration core so it’s the easiest to get started with, but other secret storage backends will work differently.

If a group has secrets encrypted with progfiguration encrypt, they will be stored in a file named <group name>.secrets.json in the groups package.

Group secrets are encrypted with the public key of each member node.

When you add a node to a group with existing secrets, you must re-encrypt the secrets file so that it can be decrypted by the new node. You can do this with progfigsite decrypt ... | progfigsite encrypt .... TODO: Add a single command to re-encrypt a group’s secrets.

The `universal` group¶

The universal group is a special group that all nodes are members of. It is used to define variables and secrets that are common to all nodes.

progfigsite.groups Module¶

Group files¶

Group secret files with AgeSecretStore¶

The universal group¶

`progfigsite.groups` Module¶

The `universal` group¶