From 5af80933389b713c2ec76425760602509a5cab64 Mon Sep 17 00:00:00 2001
From: Johan Wassberg <jocar@sunet.se>
Date: Thu, 16 Feb 2023 07:44:00 +0100
Subject: [PATCH] Add support for eyaml in Hiera

And at the same time remove support for gpg.

The modern version of the configuration (v5) has been tested with 20.04 but
might work with older dists.
---
 global/overlay/etc/puppet/hiera.yaml | 36 ++++++++++++++++------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml
index 3663305..3de986b 100644
--- a/global/overlay/etc/puppet/hiera.yaml
+++ b/global/overlay/etc/puppet/hiera.yaml
@@ -1,21 +1,27 @@
+# Hiera version 5 configuration
+#
 ---
-:backends:
-  - yaml
-  - gpg
+version: 5
+defaults:
+  datadir: /etc/hiera/data
+  data_hash: yaml_data
 
-:logger: console
+hierarchy:
+  - name: "Per-node data"
+    path: "local.yaml"
 
-:hierarchy:
-  - "%{env}/%{location}/%{calling_module}"
-  - "%{env}/%{calling_module}"
-  - local
-  - secrets.yaml
-  - common
+  - name: "Per-group data"
+    path: "group.yaml"
 
+  - name: "Per-host secrets"
+    path: "local.eyaml"
+    lookup_key: eyaml_lookup_key
+    options:
+      pkcs7_private_key: /etc/hiera/eyaml/private_key.pkcs7.pem
+      pkcs7_public_key:  /etc/hiera/eyaml/public_certkey.pkcs7.pem
 
-:yaml:
-   :datadir: /etc/hiera/data
+  - name: "Overrides per distribution"
+    path: "dist_%{::lsbdistcodename}_override.yaml"
 
-:gpg:
-   :datadir: /etc/hiera/data
-   :key_dir: /etc/hiera/gpg
+  - name: "Data common to whole environment"
+    path: "common.yaml"
\ No newline at end of file