do not pass DB_PASSWORD, but generate

This commit is contained in:
Alexander Tomokhov 2023-12-27 18:01:57 +04:00
parent 967377f171
commit c31521e1ca
2 changed files with 9 additions and 7 deletions

View file

@ -33,7 +33,6 @@ steps:
API_TOKEN="$USER_PASS"
CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/0f886d76e93dd366db7c53a8f6b672702910b99b.tar.gz
DB_PASSWORD="$USER_PASS"
DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN
DNS_PROVIDER_TYPE=CLOUDFLARE
DOMAIN=$DOMAIN

View file

@ -12,7 +12,6 @@
: "${DNS_PROVIDER_TYPE:?DNS_PROVIDER_TYPE variable is not set}"
: "${STAGING_ACME:?STAGING_ACME variable is not set}"
: "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}"
: "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
: "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}"
@ -60,13 +59,16 @@ EOF
}
genSecrets() {
local dbpass
dbpass="$(shuf --random-source=/dev/urandom -erz -n32 {A..Z} {a..z} {0..9} | tr -d '\n')"
cat << EOF
{
"api": {
"token": "$API_TOKEN",
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
},
"databasePassword": "$DB_PASSWORD",
"databasePassword": "$dbpass",
"dns": {
"apiKey": "$DNS_PROVIDER_TOKEN"
},
@ -375,6 +377,7 @@ checkEnv() {
req awk || { echo "ERROR: Missing awk"; return 1; }
req cut || req df || { echo "ERROR: Missing coreutils (cut, df)"; return 1; }
req mkpasswd || { echo "ERROR: Missing mkpasswd"; return 1; }
req shuf || { echo "ERROR: Missing shuf"; return 1; }
}
# Download and execute the nix installer script.
@ -464,11 +467,11 @@ infect() {
/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
}
set -o pipefail
set -o errtrace
set -o nounset
set -o errexit
set -o xtrace
set -o pipefail
shopt -s inherit_errexit
trap 'echo ${LINENO}: "$BASH_COMMAND"; exit 1' ERR
genNetworkingConf