diff --git a/pica-lufi/docker-compose.yml b/pica-lufi/docker-compose.yml
index e63904ba7a4263df5cf3f85ab7fba55462c5f4d4..6f50d31c6a3a0f931fd39c958dbab795c8b7d9d6 100644
--- a/pica-lufi/docker-compose.yml
+++ b/pica-lufi/docker-compose.yml
@@ -28,13 +28,15 @@ services:
traefik.frontend.rule: Host:drop.picasoft.net
traefik.port: 8081
traefik.enable: true
- env_file: ./secrets/lufi.secrets
+ env_file:
+ - ./secrets/lufi.secrets
+ - ./secrets/lufidb.secrets
restart: unless-stopped
lufidb:
image: postgres:12
container_name: lufidb
- env_file: ./secrets/lufi.secrets
+ env_file: ./secrets/lufidb.secrets
volumes:
- lufidb-data:/var/lib/postgresql/data
networks:
diff --git a/pica-lufi/entrypoint.sh b/pica-lufi/entrypoint.sh
index 6242d64e71cd2ac145d16b1db5f81947a86b018b..3a7149c669682c90b85d3e85823b73a61ae1447b 100644
--- a/pica-lufi/entrypoint.sh
+++ b/pica-lufi/entrypoint.sh
@@ -1,5 +1,28 @@
#!/bin/sh
+if [ -z "${EMAIL_PASSWORD}" ]; then
+ echo "EMAIL_PASSWORD not set, exiting!"
+ exit 1
+fi
+
+if [ -z "${POSTGRES_DB}" ]; then
+ echo "POSTGRES_DB not set, exiting!"
+ exit 1
+fi
+
+if [ -z "${POSTGRES_USER}" ]; then
+ echo "POSTGRES_USER not set, exiting!"
+ exit 1
+fi
+
+if [ -z "${POSTGRES_PASSWORD}" ]; then
+ echo "POSTGRES_PASSWORD not set, exiting!"
+ exit 1
+fi
+
+echo "Generate secret key for cookies..."
+key=`tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1`
+
echo "Create crontab for cleaning tasks..."
# See https://framagit.org/fiat-tux/hat-softwares/lufi/-/wikis/cron-jobs
@@ -10,7 +33,7 @@ echo "0 0 * * * carton exec $APP_HOME/script/lufi cron cleanfiles --mode product
echo "Start Lufi..."
-$@ &
+KEY_COOKIE=${key} $@ &
echo "Start supercronic..."
supercronic /crontab.conf
diff --git a/pica-lufi/lufi.conf b/pica-lufi/lufi.conf
index 2ac18b711848a6a2fb33167a8b6233730878f54e..95b2492baf9dbcbeb882d6db81f872425591a888 100644
--- a/pica-lufi/lufi.conf
+++ b/pica-lufi/lufi.conf
@@ -30,7 +30,7 @@
# Array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
- secrets => ['gizjvnkzahmpob'],
+ secrets => [$ENV{'KEY_COOKIE'}],
# Name of the instance, displayed next to the logo
# optional, default is Lufi
@@ -139,7 +139,7 @@
mail => {
# Valid values are 'sendmail' and 'smtp'
how => 'smtp',
- howargs => ['mail.picasoft.net:587', AuthUser => 'drop@picasoft.net', AuthPass => 'example']
+ howargs => ['mail.picasoft.net:587', AuthUser => 'drop@picasoft.net', AuthPass => $ENV{'EMAIL_PASSWORD'}]
},
# Email sender address
@@ -166,12 +166,12 @@
# These are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
pgdb => {
- database => 'lufi',
+ database => $ENV{'POSTGRES_DB'},
host => 'lufidb',
# optional, default is 5432
port => 5432,
- user => 'lufidb',
- pwd => 'passwd',
+ user => $ENV{'POSTGRES_USER'},
+ pwd => $ENV{'POSTGRES_PASSWORD'},
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
# optional, default is 1
#max_connections => 1,
diff --git a/pica-lufi/secrets/lufi.secrets.example b/pica-lufi/secrets/lufi.secrets.example
index fd7dc90c5a9e3e4e576829f5ad0eec50bb5917c2..4616ce956614b2766431168d5506dca7cfc2c7bc 100644
--- a/pica-lufi/secrets/lufi.secrets.example
+++ b/pica-lufi/secrets/lufi.secrets.example
@@ -1,3 +1 @@
-POSTGRES_USER=lufidb
-POSTGRES_PASSWORD=passwd
-POSTGRES_DB=lufi
+EMAIL_PASSWORD=password
diff --git a/pica-lufi/secrets/lufidb.secrets.example b/pica-lufi/secrets/lufidb.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..fd7dc90c5a9e3e4e576829f5ad0eec50bb5917c2
--- /dev/null
+++ b/pica-lufi/secrets/lufidb.secrets.example
@@ -0,0 +1,3 @@
+POSTGRES_USER=lufidb
+POSTGRES_PASSWORD=passwd
+POSTGRES_DB=lufi