diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..2657289 --- /dev/null +++ b/.env.example @@ -0,0 +1,28 @@ +# FORGEJO + +## OAUTH2 +FORGEJO_OAUTH2_JWT_SECRET = "" + +## SECURITY +FORGEJO_SECURITY_INTERNAL_TOKEN = "" +FORGEJO_SECURITY_SECRET_KEY = "" + +## DB +FORGEJO_DB_HOST = "" +FORGEJO_DB_USER = "" +FORGEJO_DB_NAME = "" +FORGEJO_DB_PASSWD = "" + +## SERVER +FORGEJO_SERVER_LFS_JWT_SECRET = "" + +# WIREGUARD + +## SERVER +WIREGUARD_SERVER_PRIVATE_KEY = "" +WIREGUARD_SERVER_PUBLIC_KEY = "" +WIREGUARD_SERVER_LISTEN_PORT = "" + +## WIFI_FABLAB +WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = "" +WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = "" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/forgejo/forgejo/app.ini b/forgejo/forgejo/app.ini index 8b43e60..9c57e1d 100644 --- a/forgejo/forgejo/app.ini +++ b/forgejo/forgejo/app.ini @@ -7,22 +7,22 @@ WORK_PATH = /var/lib/forgejo DISABLE_REGULAR_ORG_CREATION = false [oauth2] -JWT_SECRET = #! TODO use Secrets +JWT_SECRET = {{ FORGEJO_OAUTH2_JWT_SECRET }} [security] -INTERNAL_TOKEN = #! TODO use Secrets +INTERNAL_TOKEN = {{ FORGEJO_SECURITY_INTERNAL_TOKEN }} INSTALL_LOCK = true -SECRET_KEY = #! TODO use Secrets +SECRET_KEY = {{ FORGEJO_SECURITY_SECRET_KEY }} PASSWORD_HASH_ALGO = pbkdf2 # ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib) DISABLE_GIT_HOOKS = false [database] DB_TYPE = postgres -HOST = #! TODO use Secrets -NAME = #! TODO use Secrets -USER = #! TODO use Secrets -PASSWD = #! TODO use Secrets +HOST = {{ FORGEJO_DB_HOST }} +NAME = {{ FORGEJO_DB_NAME }} +USER = {{ FORGEJO_DB_USER }} +PASSWD = {{ FORGEJO_DB_PASSWD }} SCHEMA = SSL_MODE = disable CHARSET = utf8 @@ -48,7 +48,7 @@ SSH_LISTEN_HOST = 0.0.0.0 START_SSH_SERVER = true LFS_START_SERVER = true # LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs -LFS_JWT_SECRET = # TODO use Secrets +LFS_JWT_SECRET = {{ FORGEJO_SERVER_LFS_JWT_SECRET }} OFFLINE_MODE = false [mailer] diff --git a/wireguard/clients/wifi_fablab.conf b/wireguard/clients/wifi_fablab.conf index c1fef3e..d1c96f1 100644 --- a/wireguard/clients/wifi_fablab.conf +++ b/wireguard/clients/wifi_fablab.conf @@ -1,11 +1,11 @@ [Interface] Address = 10.0.0.2/24 -PrivateKey = #! TODO use Secrets +PrivateKey = {{ WIREGUARD_WIFI_FABLAB_PRIVATE_KEY }} DNS = 208.67.222.222, 208.67.220.220 MTU = 1420 [Peer] AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic -Endpoint = cohabit.fr:#! TODO use Secrets +Endpoint = cohabit.fr:{{ WIREGUARD_SERVER_LISTEN_PORT }} PersistentKeepalive = 25 -PublicKey = #! TODO use Secrets +PublicKey = {{ WIREGUARD_SERVER_PUBLIC_KEY }} diff --git a/wireguard/server/wg0.conf b/wireguard/server/wg0.conf index 344f22c..a20b6fe 100644 --- a/wireguard/server/wg0.conf +++ b/wireguard/server/wg0.conf @@ -1,13 +1,13 @@ [Interface] -PrivateKey = #! TODO use Secrets +PrivateKey = {{ WIREGUARD_SERVER_PRIVATE_KEY }} Address = 10.0.0.1/24 MTU = 1420 -ListenPort = #! TODO use Secrets +ListenPort = {{ WIREGUARD_SERVER_LISTEN_PORT }} PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE ### Wifi Fablab ### [Peer] -PublicKey = #! TODO use Secrets +PublicKey = {{ WIREGUARD_WIFI_FABLAB_PUBLIC_KEY }} AllowedIPs = 10.0.0.2/32 ###################