Try registered variables to template app secrets

This commit is contained in:
staticsafe 2017-11-26 21:59:48 -05:00
parent f5268d8ffd
commit c332e83312
2 changed files with 31 additions and 5 deletions

View File

@ -3,6 +3,33 @@
# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup
# cron job
- name: Generate PAPERCLIP_SECRET and register it
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
register: PAPERCLIP_SECRET
environment:
RAILS_ENV: production
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate SECRET_KEY_BASE and register it
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
register: SECRET_KEY_BASE
environment:
RAILS_ENV: production
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate OTP_SECRET and register it
shell: cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake secret
register: OTP_SECRET
environment:
RAILS_ENV: production
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Copy Mastodon .env.production
template:
src: .env.production

View File

@ -21,11 +21,10 @@ LOCAL_DOMAIN={{ mastodon_hostname }}
LOCAL_HTTPS=true
# Application secrets
# Generate each with `RAILS_ENV=production bundle exec rake secret` on
# the Mastodon host
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=
# Don't edit the 3 below, we get this from a registered variable
PAPERCLIP_SECRET={{ PAPERCLIP_SECRET }}
SECRET_KEY_BASE={{ SECRET_KEY_BASE }}
OTP_SECRET={{ SECRET_KEY_BASE }}
# Web Push VAPID keys
# Generate with `web-push generate-vapid-keys` on Mastodon host and then