mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
cf20697629
The systemd environment variables can be read by anyone, so move the secret to the configuration file, which can only be read by root and the hedgedoc user. Fix #562
44 lines
1.3 KiB
Django/Jinja
44 lines
1.3 KiB
Django/Jinja
{
|
|
"production": {
|
|
"sessionSecret": "{{ vault_hedgedoc_session_secret }}",
|
|
"email": false,
|
|
"domain": "{{ hedgedoc_domain }}",
|
|
"loglevel": "info",
|
|
"protocolUseSSL": true,
|
|
"allowAnonymous": false,
|
|
"allowAnonymousEdits": true,
|
|
"sessionLife": {{ 30 * 24 * 60 * 60 * 1000 }},
|
|
"defaultPermission": "limited",
|
|
"uploadsPath": "/var/lib/hedgedoc/uploads",
|
|
"hsts": {
|
|
"enable": true,
|
|
"maxAgeSeconds": 31536000,
|
|
"includeSubdomains": true,
|
|
"preload": true
|
|
},
|
|
"csp": {
|
|
"enable": true,
|
|
"directives": {},
|
|
"upgradeInsecureRequests": "true",
|
|
"addDefaults": true,
|
|
"addDisqus": false,
|
|
"addGoogleAnalytics": false,
|
|
"allowFraming": false,
|
|
"allowPDFEmbed": false
|
|
},
|
|
"cookiePolicy": "lax",
|
|
"db": {
|
|
"dialect": "postgres",
|
|
"username": "hedgedoc",
|
|
"password": "{{ vault_postgres_users.hedgedoc }}",
|
|
"database": "hedgedoc",
|
|
"host": "localhost",
|
|
"port": "5432"
|
|
},
|
|
"linkifyHeaderStyle": "gfm",
|
|
"oauth2": {
|
|
"clientSecret": "{{ vault_hedgedoc_client_secret }}"
|
|
}
|
|
}
|
|
}
|