forked from infra/ansible
hackmd: improve (csp, hsts, version bump) and start to use vault
This commit is contained in:
parent
b164a91eaa
commit
b68232cea4
@ -11,6 +11,7 @@ hackmd_domain: pad.binary-kitchen.de
|
||||
hackmd_dbname: hackmd
|
||||
hackmd_dbuser: hackmd
|
||||
hackmd_dbpass: oepaich3haob7AoY
|
||||
hackmd_secret: "{{ vault_hackmd_secret }}"
|
||||
|
||||
ldap_ca: /etc/ldap/ssl/BKCA.crt
|
||||
ldap_uri: ldaps://ldap.binary.kitchen/
|
7
group_vars/all/vault.yml
Normal file
7
group_vars/all/vault.yml
Normal file
@ -0,0 +1,7 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64323839393830353266323861653938663862323663616135396166393532333030313465393563
|
||||
6666313061303232383533343362383134663730383761660a666339353639613037663134393334
|
||||
65633566363961663138616564353761353931666363613336316335643535363533306461343662
|
||||
3339383263396438640a616433336333626632326465363931616461356539656535626432383738
|
||||
33356462366339356164373539333636386230376665303561303864366232636463616339653731
|
||||
3537623933633964383538633261633133323136366433376232
|
@ -1,3 +1,3 @@
|
||||
---
|
||||
|
||||
hackmd_version: 1.1.0-ce
|
||||
hackmd_version: 1.1.1-ce
|
||||
|
@ -2,14 +2,16 @@
|
||||
"production": {
|
||||
"domain": "{{ hackmd_domain }}",
|
||||
"protocolUseSSL": true,
|
||||
"_hsts": {
|
||||
"allowFreeURL": true,
|
||||
"sessionSecret": "{{ hackmd_secret }}",
|
||||
"hsts": {
|
||||
"enable": true,
|
||||
"maxAgeSeconds": "31536000",
|
||||
"maxAgeSeconds": "2592000",
|
||||
"includeSubdomains": true,
|
||||
"preload": true
|
||||
},
|
||||
"csp": {
|
||||
"enable": false,
|
||||
"enable": true,
|
||||
"directives": {
|
||||
},
|
||||
"upgradeInsecureRequests": "auto",
|
||||
|
Loading…
Reference in New Issue
Block a user