forked from cohabit/server_config
feat: provide .env
file with matcher replace for config secrets
This commit is contained in:
parent
dd73a3efb5
commit
4c0af61306
28
.env.example
Normal file
28
.env.example
Normal file
|
@ -0,0 +1,28 @@
|
|||
# FORGEJO
|
||||
|
||||
## OAUTH2
|
||||
FORGEJO_OAUTH2_JWT_SECRET = ""
|
||||
|
||||
## SECURITY
|
||||
FORGEJO_SECURITY_INTERNAL_TOKEN = ""
|
||||
FORGEJO_SECURITY_SECRET_KEY = ""
|
||||
|
||||
## DB
|
||||
FORGEJO_DB_HOST = ""
|
||||
FORGEJO_DB_USER = ""
|
||||
FORGEJO_DB_NAME = ""
|
||||
FORGEJO_DB_PASSWD = ""
|
||||
|
||||
## SERVER
|
||||
FORGEJO_SERVER_LFS_JWT_SECRET = ""
|
||||
|
||||
# WIREGUARD
|
||||
|
||||
## SERVER
|
||||
WIREGUARD_SERVER_PRIVATE_KEY = ""
|
||||
WIREGUARD_SERVER_PUBLIC_KEY = ""
|
||||
WIREGUARD_SERVER_LISTEN_PORT = ""
|
||||
|
||||
## WIFI_FABLAB
|
||||
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""
|
||||
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
.env
|
|
@ -7,22 +7,22 @@ WORK_PATH = /var/lib/forgejo
|
|||
DISABLE_REGULAR_ORG_CREATION = false
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = #! TODO use Secrets
|
||||
JWT_SECRET = {{ FORGEJO_OAUTH2_JWT_SECRET }}
|
||||
|
||||
[security]
|
||||
INTERNAL_TOKEN = #! TODO use Secrets
|
||||
INTERNAL_TOKEN = {{ FORGEJO_SECURITY_INTERNAL_TOKEN }}
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = #! TODO use Secrets
|
||||
SECRET_KEY = {{ FORGEJO_SECURITY_SECRET_KEY }}
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
||||
# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
|
||||
DISABLE_GIT_HOOKS = false
|
||||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = #! TODO use Secrets
|
||||
NAME = #! TODO use Secrets
|
||||
USER = #! TODO use Secrets
|
||||
PASSWD = #! TODO use Secrets
|
||||
HOST = {{ FORGEJO_DB_HOST }}
|
||||
NAME = {{ FORGEJO_DB_NAME }}
|
||||
USER = {{ FORGEJO_DB_USER }}
|
||||
PASSWD = {{ FORGEJO_DB_PASSWD }}
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
CHARSET = utf8
|
||||
|
@ -48,7 +48,7 @@ SSH_LISTEN_HOST = 0.0.0.0
|
|||
START_SSH_SERVER = true
|
||||
LFS_START_SERVER = true
|
||||
# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
|
||||
LFS_JWT_SECRET = # TODO use Secrets
|
||||
LFS_JWT_SECRET = {{ FORGEJO_SERVER_LFS_JWT_SECRET }}
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[mailer]
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
[Interface]
|
||||
Address = 10.0.0.2/24
|
||||
PrivateKey = #! TODO use Secrets
|
||||
PrivateKey = {{ WIREGUARD_WIFI_FABLAB_PRIVATE_KEY }}
|
||||
DNS = 208.67.222.222, 208.67.220.220
|
||||
MTU = 1420
|
||||
|
||||
[Peer]
|
||||
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
|
||||
Endpoint = cohabit.fr:#! TODO use Secrets
|
||||
Endpoint = cohabit.fr:{{ WIREGUARD_SERVER_LISTEN_PORT }}
|
||||
PersistentKeepalive = 25
|
||||
PublicKey = #! TODO use Secrets
|
||||
PublicKey = {{ WIREGUARD_SERVER_PUBLIC_KEY }}
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
[Interface]
|
||||
PrivateKey = #! TODO use Secrets
|
||||
PrivateKey = {{ WIREGUARD_SERVER_PRIVATE_KEY }}
|
||||
Address = 10.0.0.1/24
|
||||
MTU = 1420
|
||||
ListenPort = #! TODO use Secrets
|
||||
ListenPort = {{ WIREGUARD_SERVER_LISTEN_PORT }}
|
||||
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
||||
|
||||
### Wifi Fablab ###
|
||||
[Peer]
|
||||
PublicKey = #! TODO use Secrets
|
||||
PublicKey = {{ WIREGUARD_WIFI_FABLAB_PUBLIC_KEY }}
|
||||
AllowedIPs = 10.0.0.2/32
|
||||
###################
|
||||
|
|
Loading…
Reference in a new issue