feat: provide .env file with matcher replace for config secrets

This commit is contained in:
Julien Oculi 2024-05-30 15:12:12 +02:00
parent dd73a3efb5
commit 4c0af61306
5 changed files with 43 additions and 14 deletions

28
.env.example Normal file
View file

@ -0,0 +1,28 @@
# FORGEJO
## OAUTH2
FORGEJO_OAUTH2_JWT_SECRET = ""
## SECURITY
FORGEJO_SECURITY_INTERNAL_TOKEN = ""
FORGEJO_SECURITY_SECRET_KEY = ""
## DB
FORGEJO_DB_HOST = ""
FORGEJO_DB_USER = ""
FORGEJO_DB_NAME = ""
FORGEJO_DB_PASSWD = ""
## SERVER
FORGEJO_SERVER_LFS_JWT_SECRET = ""
# WIREGUARD
## SERVER
WIREGUARD_SERVER_PRIVATE_KEY = ""
WIREGUARD_SERVER_PUBLIC_KEY = ""
WIREGUARD_SERVER_LISTEN_PORT = ""
## WIFI_FABLAB
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.env

View file

@ -7,22 +7,22 @@ WORK_PATH = /var/lib/forgejo
DISABLE_REGULAR_ORG_CREATION = false DISABLE_REGULAR_ORG_CREATION = false
[oauth2] [oauth2]
JWT_SECRET = #! TODO use Secrets JWT_SECRET = {{ FORGEJO_OAUTH2_JWT_SECRET }}
[security] [security]
INTERNAL_TOKEN = #! TODO use Secrets INTERNAL_TOKEN = {{ FORGEJO_SECURITY_INTERNAL_TOKEN }}
INSTALL_LOCK = true INSTALL_LOCK = true
SECRET_KEY = #! TODO use Secrets SECRET_KEY = {{ FORGEJO_SECURITY_SECRET_KEY }}
PASSWORD_HASH_ALGO = pbkdf2 PASSWORD_HASH_ALGO = pbkdf2
# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib) # ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
DISABLE_GIT_HOOKS = false DISABLE_GIT_HOOKS = false
[database] [database]
DB_TYPE = postgres DB_TYPE = postgres
HOST = #! TODO use Secrets HOST = {{ FORGEJO_DB_HOST }}
NAME = #! TODO use Secrets NAME = {{ FORGEJO_DB_NAME }}
USER = #! TODO use Secrets USER = {{ FORGEJO_DB_USER }}
PASSWD = #! TODO use Secrets PASSWD = {{ FORGEJO_DB_PASSWD }}
SCHEMA = SCHEMA =
SSL_MODE = disable SSL_MODE = disable
CHARSET = utf8 CHARSET = utf8
@ -48,7 +48,7 @@ SSH_LISTEN_HOST = 0.0.0.0
START_SSH_SERVER = true START_SSH_SERVER = true
LFS_START_SERVER = true LFS_START_SERVER = true
# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs # LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
LFS_JWT_SECRET = # TODO use Secrets LFS_JWT_SECRET = {{ FORGEJO_SERVER_LFS_JWT_SECRET }}
OFFLINE_MODE = false OFFLINE_MODE = false
[mailer] [mailer]

View file

@ -1,11 +1,11 @@
[Interface] [Interface]
Address = 10.0.0.2/24 Address = 10.0.0.2/24
PrivateKey = #! TODO use Secrets PrivateKey = {{ WIREGUARD_WIFI_FABLAB_PRIVATE_KEY }}
DNS = 208.67.222.222, 208.67.220.220 DNS = 208.67.222.222, 208.67.220.220
MTU = 1420 MTU = 1420
[Peer] [Peer]
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
Endpoint = cohabit.fr:#! TODO use Secrets Endpoint = cohabit.fr:{{ WIREGUARD_SERVER_LISTEN_PORT }}
PersistentKeepalive = 25 PersistentKeepalive = 25
PublicKey = #! TODO use Secrets PublicKey = {{ WIREGUARD_SERVER_PUBLIC_KEY }}

View file

@ -1,13 +1,13 @@
[Interface] [Interface]
PrivateKey = #! TODO use Secrets PrivateKey = {{ WIREGUARD_SERVER_PRIVATE_KEY }}
Address = 10.0.0.1/24 Address = 10.0.0.1/24
MTU = 1420 MTU = 1420
ListenPort = #! TODO use Secrets ListenPort = {{ WIREGUARD_SERVER_LISTEN_PORT }}
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
### Wifi Fablab ### ### Wifi Fablab ###
[Peer] [Peer]
PublicKey = #! TODO use Secrets PublicKey = {{ WIREGUARD_WIFI_FABLAB_PUBLIC_KEY }}
AllowedIPs = 10.0.0.2/32 AllowedIPs = 10.0.0.2/32
################### ###################