Move secrets to SOPS, add REST_USER
All checks were successful
/ Ansible Lint (push) Successful in 9m15s
All checks were successful
/ Ansible Lint (push) Successful in 9m15s
This commit is contained in:
parent
cc5dfb3cf7
commit
a76f01aea7
3 changed files with 17 additions and 12 deletions
|
|
@ -1,4 +1,8 @@
|
||||||
ansible_pull__age_private_key: ENC[AES256_GCM,data:pUFhg492OUXVIlDZ3Z9A/H0doJCuTX0zh9qLU88nz18jMzWmzXhc2kbQkk4QeSTnZ12juiTbpUFW+1cE1bOontIu5qiQgpe3c8s=,iv:bONSyFUibcszUcxBt749aiVVnqLKBuEJmfege0dGaM8=,tag:cvapTnTN62XTR6tQBSe+IQ==,type:str]
|
ansible_pull__age_private_key: ENC[AES256_GCM,data:pUFhg492OUXVIlDZ3Z9A/H0doJCuTX0zh9qLU88nz18jMzWmzXhc2kbQkk4QeSTnZ12juiTbpUFW+1cE1bOontIu5qiQgpe3c8s=,iv:bONSyFUibcszUcxBt749aiVVnqLKBuEJmfege0dGaM8=,tag:cvapTnTN62XTR6tQBSe+IQ==,type:str]
|
||||||
|
secret__lists__hyperkitty_api_key: ENC[AES256_GCM,data:byO7x/r3E9mwxOwiK0Is+Mp+d2uRIBgNsX2YWUg20Cs=,iv:H9ufaS6JlKhkbsG5aM3owR0U10e0JNYX/s3AJagB6kY=,tag:5umAs792BwNF9bMCX69PBw==,type:str]
|
||||||
|
secret__lists__postgres_password: ENC[AES256_GCM,data:HcH4Lyw9uuuqXGrrXkUqzg==,iv:3adzec+Wnh37LjzwMp7zhWMf9jZzI6EyUmEGS9TUYBg=,tag:8/jZrUzkcM+U3nME6+DSSA==,type:str]
|
||||||
|
secret__lists__rest_password: ENC[AES256_GCM,data:BMCNEikejiDET0Mdlrzfcg==,iv:U5hVjM/epfzz2m/wXKhYhwFI/3zKX7XS/UMlBqwTZNk=,tag:0n79+5mP7ocY7jVQmWm+WA==,type:str]
|
||||||
|
secret__lists__web_secret_key: ENC[AES256_GCM,data:3DntszkNw5ciwRUJJdmHTGTpjm9ZMBf9wO3MHAeiXuw=,iv:GqqjRcg0zG193Y04UYIipB8BBk/JUtGvtTCVQ4HCjDw=,tag:aY4d+CPGxMvRz8t983p9sw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq
|
- recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq
|
||||||
|
|
@ -10,8 +14,8 @@ sops:
|
||||||
THpvS29mY1BIbktZYkhCYm1NMFdLcXcKBtXXokEi1nSVA099XXNrx3w4Fr1lnLMf
|
THpvS29mY1BIbktZYkhCYm1NMFdLcXcKBtXXokEi1nSVA099XXNrx3w4Fr1lnLMf
|
||||||
2KTuylUef8RUgHPx1wo5Q7xlYNR48GupHVQxb9VvyDTXOZEiAV7Pdw==
|
2KTuylUef8RUgHPx1wo5Q7xlYNR48GupHVQxb9VvyDTXOZEiAV7Pdw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-10-20T18:57:27Z"
|
lastmodified: "2026-05-16T11:00:16Z"
|
||||||
mac: ENC[AES256_GCM,data:IAM6vn4rI1l6qvPWEcDJ5xoD3I8/GWOr+PmRQ0QdkVMD9Pt7cHtMhHPpYvH3e8MfDPhC2g2uwt9FHsPqpcOXpflme0aF4E9PndGi1Pzi+yh40FSBAzLT3MEQ50vZ2rifzqUe5KSrXByF1WAnZxLTMST+xIlvEZOV0gx6y0G/iHQ=,iv:15MZsyClZ+WLBZgcRSq740LgDakuHAXAb3hAQyLKVSU=,tag:7+lRz4XKKVlkSeDVs4Jy9g==,type:str]
|
mac: ENC[AES256_GCM,data:vwQc2suUJ0KiSsYRcrvsYHNYF2c8SU58LxWoFpzTX5hSDNy8LOWJIa6Ouo8c7gk4gYB0mS/FbmgEo8LOCDvRKamfgrpZQ2wvxI7GdGRjR0LOsS8O2xZ8QZ3BK9DfEfnA5ESgzRzX6Iuc4ZBUGfAQoDDxXrnh2ogWUdYPC81T5qU=,iv:Vi74U97iZAqQ8DDW2p3ncg58l6+mxar4hC5f48AuPAQ=,tag:Jd09hXId+ogV4rB0AWS2NA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2026-04-18T22:36:23Z"
|
- created_at: "2026-04-18T22:36:23Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -204,4 +208,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
|
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.12.2
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/lists/docker_compose/compose.yaml') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/lists/docker_compose/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files:
|
docker_compose__configuration_files:
|
||||||
- name: settings_local.py
|
- name: settings_local.py
|
||||||
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/lists/docker_compose/settings_local.py') }}"
|
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/lists/docker_compose/settings_local.py') }}"
|
||||||
|
|
|
||||||
|
|
@ -12,11 +12,13 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
environment:
|
environment:
|
||||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
- "DATABASE_URL=postgresql://mailman:{{ secret__lists__postgres_password }}@database/mailmandb"
|
||||||
- DATABASE_TYPE=postgres
|
- DATABASE_TYPE=postgres
|
||||||
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
|
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
|
||||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
- HYPERKITTY_API_KEY={{ secret__lists__hyperkitty_api_key }}
|
||||||
- MTA=postfix
|
- MTA=postfix
|
||||||
|
- MAILMAN_REST_USER=restuser
|
||||||
|
- MAILMAN_REST_PASSWORD={{ secret__lists__rest_password }}
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:8001:8001" # API
|
- "127.0.0.1:8001:8001" # API
|
||||||
- "127.0.0.1:8024:8024" # LMTP - incoming emails
|
- "127.0.0.1:8024:8024" # LMTP - incoming emails
|
||||||
|
|
@ -39,11 +41,11 @@ services:
|
||||||
- ./files/templates:/opt/mailman-web/templates
|
- ./files/templates:/opt/mailman-web/templates
|
||||||
environment:
|
environment:
|
||||||
- DATABASE_TYPE=postgres
|
- DATABASE_TYPE=postgres
|
||||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
- "DATABASE_URL=postgresql://mailman:{{ secret__lists__postgres_password }}@database/mailmandb"
|
||||||
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
|
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
|
||||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
- HYPERKITTY_API_KEY={{ secret__lists__hyperkitty_api_key }}
|
||||||
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
|
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
|
||||||
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
|
- SECRET_KEY={{ secret__lists__web_secret_key }}
|
||||||
- MAILMAN_ADMIN_USER=ccchh-admin
|
- MAILMAN_ADMIN_USER=ccchh-admin
|
||||||
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
|
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -57,7 +59,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_DB=mailmandb
|
- POSTGRES_DB=mailmandb
|
||||||
- POSTGRES_USER=mailman
|
- POSTGRES_USER=mailman
|
||||||
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
|
- "POSTGRES_PASSWORD={{ secret__lists__postgres_password }}"
|
||||||
image: docker.io/library/postgres:12-alpine
|
image: docker.io/library/postgres:12-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- /opt/mailman/database:/var/lib/postgresql/data
|
- /opt/mailman/database:/var/lib/postgresql/data
|
||||||
|
|
@ -70,5 +72,4 @@ networks:
|
||||||
ipam:
|
ipam:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
-
|
- subnet: 172.19.199.0/24
|
||||||
subnet: 172.19.199.0/24
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue