hackmd: improve (csp, hsts, version bump) and start to use vault

This commit is contained in:
Markus 2018-06-04 14:00:55 +02:00
parent b164a91eaa
commit b68232cea4
5 changed files with 14 additions and 4 deletions

View File

@ -11,6 +11,7 @@ hackmd_domain: pad.binary-kitchen.de
hackmd_dbname: hackmd hackmd_dbname: hackmd
hackmd_dbuser: hackmd hackmd_dbuser: hackmd
hackmd_dbpass: oepaich3haob7AoY hackmd_dbpass: oepaich3haob7AoY
hackmd_secret: "{{ vault_hackmd_secret }}"
ldap_ca: /etc/ldap/ssl/BKCA.crt ldap_ca: /etc/ldap/ssl/BKCA.crt
ldap_uri: ldaps://ldap.binary.kitchen/ ldap_uri: ldaps://ldap.binary.kitchen/

7
group_vars/all/vault.yml Normal file
View File

@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
64323839393830353266323861653938663862323663616135396166393532333030313465393563
6666313061303232383533343362383134663730383761660a666339353639613037663134393334
65633566363961663138616564353761353931666363613336316335643535363533306461343662
3339383263396438640a616433336333626632326465363931616461356539656535626432383738
33356462366339356164373539333636386230376665303561303864366232636463616339653731
3537623933633964383538633261633133323136366433376232

View File

@ -1,3 +1,3 @@
--- ---
hackmd_version: 1.1.0-ce hackmd_version: 1.1.1-ce

View File

@ -2,14 +2,16 @@
"production": { "production": {
"domain": "{{ hackmd_domain }}", "domain": "{{ hackmd_domain }}",
"protocolUseSSL": true, "protocolUseSSL": true,
"_hsts": { "allowFreeURL": true,
"sessionSecret": "{{ hackmd_secret }}",
"hsts": {
"enable": true, "enable": true,
"maxAgeSeconds": "31536000", "maxAgeSeconds": "2592000",
"includeSubdomains": true, "includeSubdomains": true,
"preload": true "preload": true
}, },
"csp": { "csp": {
"enable": false, "enable": true,
"directives": { "directives": {
}, },
"upgradeInsecureRequests": "auto", "upgradeInsecureRequests": "auto",