Replaced and rotated all secrets in docker-ext compose
This commit is contained in:
parent
d16fd7825a
commit
fa7fac3f65
@ -43,9 +43,9 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
- docker_default
|
- docker_default
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.authtest.basicauth.users=user:$$apr1$$VKJibd3x$$SwY/BRH.QTeVEaRDnLKvv0"
|
- "traefik.http.middlewares.authtest.basicauth.users=user:{{ traefik_basicauth_password }}"
|
||||||
- "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.enabled=true"
|
- "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.enabled=true"
|
||||||
- "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey=dTkMpqDs/ryjvw1tQaV3k0VtCFQUlh+hrdZMEWnxfXc"
|
- "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey={{ traefik_crowdsec_bouncer_lapi_key }}"
|
||||||
- "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
|
- "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
|
||||||
- "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
|
- "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
|
||||||
- "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
|
- "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
|
||||||
@ -178,13 +178,13 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
# - MYSQL_ROOT_PASSWORD=wallaroot
|
# - MYSQL_ROOT_PASSWORD=wallaroot
|
||||||
- POSTGRES_USER=wallabag
|
- POSTGRES_USER=wallabag
|
||||||
- POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t
|
- POSTGRES_PASSWORD="{{ wallabag_postgres_password }}"
|
||||||
- SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
|
- SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
|
||||||
- SYMFONY__ENV__DATABASE_HOST=postgres.injust.us
|
- SYMFONY__ENV__DATABASE_HOST=postgres.injust.us
|
||||||
- SYMFONY__ENV__DATABASE_PORT=5432
|
- SYMFONY__ENV__DATABASE_PORT=5432
|
||||||
- SYMFONY__ENV__DATABASE_NAME=wallabag
|
- SYMFONY__ENV__DATABASE_NAME=wallabag
|
||||||
- SYMFONY__ENV__DATABASE_USER=wallabag
|
- SYMFONY__ENV__DATABASE_USER=wallabag
|
||||||
- SYMFONY__ENV__DATABASE_PASSWORD=Mo8ntF92q5oWNV6TbS7t
|
- SYMFONY__ENV__DATABASE_PASSWORD="{{ wallabag_postgres_password }}"
|
||||||
- SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
|
- SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
|
||||||
- SYMFONY__ENV__MAILER_DSN=smtp://127.0.0.1
|
- SYMFONY__ENV__MAILER_DSN=smtp://127.0.0.1
|
||||||
- SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
|
- SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
|
||||||
@ -511,7 +511,7 @@ services:
|
|||||||
- DB_HOST=bookstack_db
|
- DB_HOST=bookstack_db
|
||||||
- DB_PORT=3306
|
- DB_PORT=3306
|
||||||
- DB_USER=bookstack
|
- DB_USER=bookstack
|
||||||
- DB_PASS=Chn8i#ExmX@J1C
|
- DB_PASS="{{ bookstack_db_password }}"
|
||||||
- DB_DATABASE=bookstackapp
|
- DB_DATABASE=bookstackapp
|
||||||
env_file:
|
env_file:
|
||||||
- .env-bookstack
|
- .env-bookstack
|
||||||
@ -529,16 +529,16 @@ services:
|
|||||||
- "traefik.http.routers.bookstack.tls.certresolver=myresolver"
|
- "traefik.http.routers.bookstack.tls.certresolver=myresolver"
|
||||||
- "traefik.http.routers.bookstack.tls=true"
|
- "traefik.http.routers.bookstack.tls=true"
|
||||||
bookstack_db:
|
bookstack_db:
|
||||||
image: lscr.io/linuxserver/mariadb:v24.10.1-ls173
|
image: lscr.io/linuxserver/mariadb:10.11.10-r0-ls161
|
||||||
container_name: bookstack_db
|
container_name: bookstack_db
|
||||||
environment:
|
environment:
|
||||||
- PUID=1000
|
- PUID=1000
|
||||||
- PGID=1000
|
- PGID=1000
|
||||||
- TZ=America/Thunder_Bay
|
- TZ=America/Thunder_Bay
|
||||||
- MYSQL_ROOT_PASSWORD=cSoO1dcaS5sI&t
|
- MYSQL_ROOT_PASSWORD="{{ bookstack_db_root_password }}"
|
||||||
- MYSQL_DATABASE=bookstackapp
|
- MYSQL_DATABASE=bookstackapp
|
||||||
- MYSQL_USER=bookstack
|
- MYSQL_USER=bookstack
|
||||||
- MYSQL_PASSWORD=Chn8i#ExmX@J1C
|
- MYSQL_PASSWORD="{{ bookstack_db_password }}"
|
||||||
volumes:
|
volumes:
|
||||||
- ./bookstack_db_data:/config
|
- ./bookstack_db_data:/config
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@ -550,7 +550,7 @@ services:
|
|||||||
DB_HOST: postgres.injust.us
|
DB_HOST: postgres.injust.us
|
||||||
DB_PORT: 5432
|
DB_PORT: 5432
|
||||||
DB_USER: wikijs
|
DB_USER: wikijs
|
||||||
DB_PASS: 3Jfr7nmY4KBauR3nuHno
|
DB_PASS: "{{ wikijs_postgres_password }}"
|
||||||
DB_NAME: wikijs
|
DB_NAME: wikijs
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
labels:
|
labels:
|
||||||
|
|||||||
7
ansible/inventory/host_vars/docker-ext/vars
Normal file
7
ansible/inventory/host_vars/docker-ext/vars
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
traefik_basicauth_password: "{{ vault_traefik_basicauth_password }}"
|
||||||
|
traefik_crowdsec_bouncer_lapi_key: "{{ vault_traefik_crowdsec_bouncer_lapi_key }}"
|
||||||
|
wallabag_postgres_password: "{{ vault_wallabag_postgres_password }}"
|
||||||
|
bookstack_db_password: "{{ vault_bookstack_db_password }}"
|
||||||
|
bookstack_db_root_password: "{{ vault_bookstack_db_root_password }}"
|
||||||
|
wikijs_postgres_password: "{{ vault_wikijs_postgres_password }}"
|
||||||
23
ansible/inventory/host_vars/docker-ext/vault
Normal file
23
ansible/inventory/host_vars/docker-ext/vault
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32646563666534663266663566376431616161363333386234313761663134333734616233396133
|
||||||
|
6563303763323332666264633964363366316136383332610a306365663331363737626664373234
|
||||||
|
31346265613762636538353865613438386636643038303166303362616336323837323034333333
|
||||||
|
6430646535656334360a633835343963623332633065323666346337396134316461376666363861
|
||||||
|
33333465323366613837616134666139663162323035366162663466366261646661393262636133
|
||||||
|
63663230353131363363313062323932643064386462646432613232643166386632626662336139
|
||||||
|
66326238393733396337666430323265346635356562366432636635353938613033663562613934
|
||||||
|
33376663623665323262396230313936343363333763393762373565303536666363326337316136
|
||||||
|
31313262366538393362383762616166626561346339656466396331363338393663313361376163
|
||||||
|
35386334623363353530373464663733616639313063386266626666663262616532373738386237
|
||||||
|
32613136306463656433383035373737363735303538336462386461613664393635623463646434
|
||||||
|
66366138333938646138643664643136663164613536626234663335643466396237373431393464
|
||||||
|
63636132663436613465636239666533376666303235636235323838313830353936393563353235
|
||||||
|
61336331356639623336643030393466336662383136386330636465613735633539636161323333
|
||||||
|
39363932343235343838636265653830626161343032666331323362316533396366353131323736
|
||||||
|
37663565343237613734353466343963363132306434306162346564303538623164613435623765
|
||||||
|
32323062363833386364343939626535326562636465626131306534356165313566343237326632
|
||||||
|
38393032656338313661333765326530353537366631653965303838393166393066653237323165
|
||||||
|
38353538393536643361303665356631306166653162373763643137316362373536373162636364
|
||||||
|
61646331326366363737663662656238393166366238636161343836376565346535653963663131
|
||||||
|
33333539663330653663633033313832326334306634653833336133626234663739386632376630
|
||||||
|
6230663035396165336139333439333461633534303766333934
|
||||||
Loading…
x
Reference in New Issue
Block a user