forked from cohabit/server_config
feat: provide .env
file with matcher replace for config secrets
This commit is contained in:
parent
dd73a3efb5
commit
4c0af61306
28
.env.example
Normal file
28
.env.example
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# FORGEJO
|
||||||
|
|
||||||
|
## OAUTH2
|
||||||
|
FORGEJO_OAUTH2_JWT_SECRET = ""
|
||||||
|
|
||||||
|
## SECURITY
|
||||||
|
FORGEJO_SECURITY_INTERNAL_TOKEN = ""
|
||||||
|
FORGEJO_SECURITY_SECRET_KEY = ""
|
||||||
|
|
||||||
|
## DB
|
||||||
|
FORGEJO_DB_HOST = ""
|
||||||
|
FORGEJO_DB_USER = ""
|
||||||
|
FORGEJO_DB_NAME = ""
|
||||||
|
FORGEJO_DB_PASSWD = ""
|
||||||
|
|
||||||
|
## SERVER
|
||||||
|
FORGEJO_SERVER_LFS_JWT_SECRET = ""
|
||||||
|
|
||||||
|
# WIREGUARD
|
||||||
|
|
||||||
|
## SERVER
|
||||||
|
WIREGUARD_SERVER_PRIVATE_KEY = ""
|
||||||
|
WIREGUARD_SERVER_PUBLIC_KEY = ""
|
||||||
|
WIREGUARD_SERVER_LISTEN_PORT = ""
|
||||||
|
|
||||||
|
## WIFI_FABLAB
|
||||||
|
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""
|
||||||
|
WIREGUARD_WIFI_FABLAB_PRIVATE_KEY = ""
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.env
|
|
@ -7,22 +7,22 @@ WORK_PATH = /var/lib/forgejo
|
||||||
DISABLE_REGULAR_ORG_CREATION = false
|
DISABLE_REGULAR_ORG_CREATION = false
|
||||||
|
|
||||||
[oauth2]
|
[oauth2]
|
||||||
JWT_SECRET = #! TODO use Secrets
|
JWT_SECRET = {{ FORGEJO_OAUTH2_JWT_SECRET }}
|
||||||
|
|
||||||
[security]
|
[security]
|
||||||
INTERNAL_TOKEN = #! TODO use Secrets
|
INTERNAL_TOKEN = {{ FORGEJO_SECURITY_INTERNAL_TOKEN }}
|
||||||
INSTALL_LOCK = true
|
INSTALL_LOCK = true
|
||||||
SECRET_KEY = #! TODO use Secrets
|
SECRET_KEY = {{ FORGEJO_SECURITY_SECRET_KEY }}
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
PASSWORD_HASH_ALGO = pbkdf2
|
||||||
# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
|
# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
|
||||||
DISABLE_GIT_HOOKS = false
|
DISABLE_GIT_HOOKS = false
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
DB_TYPE = postgres
|
DB_TYPE = postgres
|
||||||
HOST = #! TODO use Secrets
|
HOST = {{ FORGEJO_DB_HOST }}
|
||||||
NAME = #! TODO use Secrets
|
NAME = {{ FORGEJO_DB_NAME }}
|
||||||
USER = #! TODO use Secrets
|
USER = {{ FORGEJO_DB_USER }}
|
||||||
PASSWD = #! TODO use Secrets
|
PASSWD = {{ FORGEJO_DB_PASSWD }}
|
||||||
SCHEMA =
|
SCHEMA =
|
||||||
SSL_MODE = disable
|
SSL_MODE = disable
|
||||||
CHARSET = utf8
|
CHARSET = utf8
|
||||||
|
@ -48,7 +48,7 @@ SSH_LISTEN_HOST = 0.0.0.0
|
||||||
START_SSH_SERVER = true
|
START_SSH_SERVER = true
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
|
# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
|
||||||
LFS_JWT_SECRET = # TODO use Secrets
|
LFS_JWT_SECRET = {{ FORGEJO_SERVER_LFS_JWT_SECRET }}
|
||||||
OFFLINE_MODE = false
|
OFFLINE_MODE = false
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
[Interface]
|
[Interface]
|
||||||
Address = 10.0.0.2/24
|
Address = 10.0.0.2/24
|
||||||
PrivateKey = #! TODO use Secrets
|
PrivateKey = {{ WIREGUARD_WIFI_FABLAB_PRIVATE_KEY }}
|
||||||
DNS = 208.67.222.222, 208.67.220.220
|
DNS = 208.67.222.222, 208.67.220.220
|
||||||
MTU = 1420
|
MTU = 1420
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
|
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
|
||||||
Endpoint = cohabit.fr:#! TODO use Secrets
|
Endpoint = cohabit.fr:{{ WIREGUARD_SERVER_LISTEN_PORT }}
|
||||||
PersistentKeepalive = 25
|
PersistentKeepalive = 25
|
||||||
PublicKey = #! TODO use Secrets
|
PublicKey = {{ WIREGUARD_SERVER_PUBLIC_KEY }}
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
[Interface]
|
[Interface]
|
||||||
PrivateKey = #! TODO use Secrets
|
PrivateKey = {{ WIREGUARD_SERVER_PRIVATE_KEY }}
|
||||||
Address = 10.0.0.1/24
|
Address = 10.0.0.1/24
|
||||||
MTU = 1420
|
MTU = 1420
|
||||||
ListenPort = #! TODO use Secrets
|
ListenPort = {{ WIREGUARD_SERVER_LISTEN_PORT }}
|
||||||
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
||||||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
||||||
|
|
||||||
### Wifi Fablab ###
|
### Wifi Fablab ###
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = #! TODO use Secrets
|
PublicKey = {{ WIREGUARD_WIFI_FABLAB_PUBLIC_KEY }}
|
||||||
AllowedIPs = 10.0.0.2/32
|
AllowedIPs = 10.0.0.2/32
|
||||||
###################
|
###################
|
||||||
|
|
Loading…
Reference in a new issue