Try registered variables to template app secrets
This commit is contained in:
parent
f5268d8ffd
commit
c332e83312
@ -3,6 +3,33 @@
|
||||
# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup
|
||||
# cron job
|
||||
|
||||
- name: Generate PAPERCLIP_SECRET and register it
|
||||
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
|
||||
register: PAPERCLIP_SECRET
|
||||
environment:
|
||||
RAILS_ENV: production
|
||||
args:
|
||||
executable: /bin/bash
|
||||
become: true
|
||||
become_user: mastodon
|
||||
- name: Generate SECRET_KEY_BASE and register it
|
||||
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
|
||||
register: SECRET_KEY_BASE
|
||||
environment:
|
||||
RAILS_ENV: production
|
||||
args:
|
||||
executable: /bin/bash
|
||||
become: true
|
||||
become_user: mastodon
|
||||
- name: Generate OTP_SECRET and register it
|
||||
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
|
||||
register: OTP_SECRET
|
||||
environment:
|
||||
RAILS_ENV: production
|
||||
args:
|
||||
executable: /bin/bash
|
||||
become: true
|
||||
become_user: mastodon
|
||||
- name: Copy Mastodon .env.production
|
||||
template:
|
||||
src: .env.production
|
||||
|
@ -21,11 +21,10 @@ LOCAL_DOMAIN={{ mastodon_hostname }}
|
||||
LOCAL_HTTPS=true
|
||||
|
||||
# Application secrets
|
||||
# Generate each with `RAILS_ENV=production bundle exec rake secret` on
|
||||
# the Mastodon host
|
||||
PAPERCLIP_SECRET=
|
||||
SECRET_KEY_BASE=
|
||||
OTP_SECRET=
|
||||
# Don't edit the 3 below, we get this from a registered variable
|
||||
PAPERCLIP_SECRET={{ PAPERCLIP_SECRET }}
|
||||
SECRET_KEY_BASE={{ SECRET_KEY_BASE }}
|
||||
OTP_SECRET={{ SECRET_KEY_BASE }}
|
||||
|
||||
# Web Push VAPID keys
|
||||
# Generate with `web-push generate-vapid-keys` on Mastodon host and then
|
||||
|
Loading…
Reference in New Issue
Block a user