From e961886972b540e8c8d7da5621fa9f7c817c5000 Mon Sep 17 00:00:00 2001 From: June Date: Mon, 9 Mar 2026 21:09:08 +0100 Subject: [PATCH] pad(host): set session secret, so users won't be logged out on restart Closes #74 --- inventories/chaosknoten/host_vars/pad.sops.yaml | 7 ++++--- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml index ae0d382..b256777 100644 --- a/inventories/chaosknoten/host_vars/pad.sops.yaml +++ b/inventories/chaosknoten/host_vars/pad.sops.yaml @@ -1,6 +1,7 @@ secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str] secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str] secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str] +secret__hedgedoc_session_secret: ENC[AES256_GCM,data:pHm05ETouEOfbjnallwvhifEz0qB/sMdhYNYqDKKcQyOpk970WRfjNYXh2Be+MCcM9aZjJkHv/2Jc23jngETfg==,iv:z+IWBen08PJGdz9kc8RbPu07oZua2e+IlOfhhleAqUo=,tag:JJ8MM8WP8z53TrafVJ0/PQ==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:r9j1ikemQXl+Fq3D141P/MVltGLR27UyHxCCWnZphOLyGhyhQgqcuFqwPy1kZhnbg/mj5DclJ8rzqyH65T0XQu9h8d/vh7Apm4c=,iv:xOmxBTVIOTRt3rzWM8wHKVD7UHeuPj2+NSHJnCvU4xo=,tag:CA9dR+/rB/wfcPuU/+zwsA==,type:str] sops: age: @@ -13,8 +14,8 @@ sops: SzRBbUNaWUZMb2hXckQ5ekFPQ0hSQ2MKYcb+ylmw46a5xmDZSW5HfxUvwtsH2Aqw hgMNTkiAKyo9JWjhbAwdkZd75BTsukIB5846Fbblpjo8kGdP10H6vg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-20T18:59:09Z" - mac: ENC[AES256_GCM,data:3BwneKrw8YKmfwIoDyNRo+SG6i6VMW5tECQrhMXiq/mB/14xHHrUcrWRanFknm6JB518Ohv5HEjeHsrYdUehwpzsl1vtCji95osa8JdZY5moAt+4f06viRFTYa6GrfnNKToUR9obZFiPAHlMXcTTx6y0m/nPrtFZhuNtFssOdxg=,iv:4fElvIvapfqSqxRLE/NSiWyun5hAA8JLsai/Eoa5K68=,tag:mPKOquAMj43I0WhK6budLQ==,type:str] + lastmodified: "2026-03-09T20:05:54Z" + mac: ENC[AES256_GCM,data:iTfsv2WoOoP4RHWRhau/8olT5BQn2jWE+iizKuVSGIqcG/MZKastj536ZjhM5GYZXyROXEObAenB7G7Zjy9rK5cv4QUIw0FiYN0irObOcXm6/mlVb0OoYHv4ObPhRvGidDNONhILIJwW8+TOHPMfwnhswff8+32gkVvdZtk1u4A=,iv:elNrdohgQVtqxSX6IC8lNUF0mWPV+maYX2MrletkqV0=,tag:RHAlazcp6mp+BLomFV7Z3w==,type:str] pgp: - created_at: "2026-03-05T19:18:04Z" enc: |- @@ -216,4 +217,4 @@ sops: -----END PGP MESSAGE----- fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index a1501dd..9ec25b2 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -37,6 +37,7 @@ services: - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}" - "CMD_OAUTH2_PROVIDERNAME=Keycloak" - "CMD_OAUTH2_SCOPE=openid email profile" + - "CMD_SESSION_SECRET={{ secret__hedgedoc_session_secret }}" volumes: - uploads:/hedgedoc/public/uploads ports: