Verified Commit f1513f7c authored by Quentin Duchemin's avatar Quentin Duchemin
Browse files

[Lufi] Inject all secrets with environment variables

parent b3dac338
......@@ -28,13 +28,15 @@ services:
traefik.frontend.rule: Host:drop.picasoft.net
traefik.port: 8081
traefik.enable: true
env_file: ./secrets/lufi.secrets
env_file:
- ./secrets/lufi.secrets
- ./secrets/lufidb.secrets
restart: unless-stopped
lufidb:
image: postgres:12
container_name: lufidb
env_file: ./secrets/lufi.secrets
env_file: ./secrets/lufidb.secrets
volumes:
- lufidb-data:/var/lib/postgresql/data
networks:
......
#!/bin/sh
if [ -z "${EMAIL_PASSWORD}" ]; then
echo "EMAIL_PASSWORD not set, exiting!"
exit 1
fi
if [ -z "${POSTGRES_DB}" ]; then
echo "POSTGRES_DB not set, exiting!"
exit 1
fi
if [ -z "${POSTGRES_USER}" ]; then
echo "POSTGRES_USER not set, exiting!"
exit 1
fi
if [ -z "${POSTGRES_PASSWORD}" ]; then
echo "POSTGRES_PASSWORD not set, exiting!"
exit 1
fi
echo "Generate secret key for cookies..."
key=`tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1`
echo "Create crontab for cleaning tasks..."
# See https://framagit.org/fiat-tux/hat-softwares/lufi/-/wikis/cron-jobs
......@@ -10,7 +33,7 @@ echo "0 0 * * * carton exec $APP_HOME/script/lufi cron cleanfiles --mode product
echo "Start Lufi..."
$@ &
KEY_COOKIE=${key} $@ &
echo "Start supercronic..."
supercronic /crontab.conf
......@@ -30,7 +30,7 @@
# Array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
secrets => ['gizjvnkzahmpob'],
secrets => [$ENV{'KEY_COOKIE'}],
# Name of the instance, displayed next to the logo
# optional, default is Lufi
......@@ -139,7 +139,7 @@
mail => {
# Valid values are 'sendmail' and 'smtp'
how => 'smtp',
howargs => ['mail.picasoft.net:587', AuthUser => 'drop@picasoft.net', AuthPass => 'example']
howargs => ['mail.picasoft.net:587', AuthUser => 'drop@picasoft.net', AuthPass => $ENV{'EMAIL_PASSWORD'}]
},
# Email sender address
......@@ -166,12 +166,12 @@
# These are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
pgdb => {
database => 'lufi',
database => $ENV{'POSTGRES_DB'},
host => 'lufidb',
# optional, default is 5432
port => 5432,
user => 'lufidb',
pwd => 'passwd',
user => $ENV{'POSTGRES_USER'},
pwd => $ENV{'POSTGRES_PASSWORD'},
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
# optional, default is 1
#max_connections => 1,
......
POSTGRES_USER=lufidb
POSTGRES_PASSWORD=passwd
POSTGRES_DB=lufi
EMAIL_PASSWORD=password
POSTGRES_USER=lufidb
POSTGRES_PASSWORD=passwd
POSTGRES_DB=lufi
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment