hiera.yaml

---
version: 5

defaults:
  datadir: hieradata
  data_hash: yaml_data

hierarchy:
  - name: "Top level private site settings"
    datadir: modules/site_private/hieradata
    paths:
      - "nodes/%{::trusted.certname}.yaml"
      - "firewall/defaults.yaml"
      - "firewall/%{::node_info.firewall}.yaml"
      - "users/site_admins.yaml"
      - "users/dice_service_accounts.yaml"
      - "users/poolaccounts.yaml"
      - "users/%{::node_info.users}.yaml"
      - "users/%{::node_info.admin_accounts}.yaml"
  - name: "Foreman hostgroups"
    mapped_paths: [sorted_path_array, tmp, "hostgroups/%{tmp}.yaml"]
  - name: "Top level public site settings"
    paths:
      - "virtual/%{::is_virtual}.yaml"
      - "generation/%{::node_info.generation}.yaml"
      - "groups/%{::node_info.group}.yaml"
      - "roles/%{::node_info.role}.yaml"
  - name: "Common private site settings"
    datadir: modules/site_private/hieradata
    paths:
      - "cluster/%{::node_info.cluster}.yaml"
      - common.yaml
  - name: 'Secrets'
    datadir: modules/site_private/hieradata
    paths:
      - secrets.eyaml
      - "nodes/%{::trusted.certname}.eyaml"
    lookup_key: eyaml_lookup_key
    options:
      pkcs7_private_key: /etc/puppetlabs/puppet/secure/keys/private_key.pkcs7.pem
      pkcs7_public_key: /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem
  - name: "Common public site settings"
    datadir: hieradata
    path: common.yaml