forked from infra/ansible
hackmd: improve (csp, hsts, version bump) and start to use vault
This commit is contained in:
parent
b164a91eaa
commit
b68232cea4
@ -11,6 +11,7 @@ hackmd_domain: pad.binary-kitchen.de
|
|||||||
hackmd_dbname: hackmd
|
hackmd_dbname: hackmd
|
||||||
hackmd_dbuser: hackmd
|
hackmd_dbuser: hackmd
|
||||||
hackmd_dbpass: oepaich3haob7AoY
|
hackmd_dbpass: oepaich3haob7AoY
|
||||||
|
hackmd_secret: "{{ vault_hackmd_secret }}"
|
||||||
|
|
||||||
ldap_ca: /etc/ldap/ssl/BKCA.crt
|
ldap_ca: /etc/ldap/ssl/BKCA.crt
|
||||||
ldap_uri: ldaps://ldap.binary.kitchen/
|
ldap_uri: ldaps://ldap.binary.kitchen/
|
7
group_vars/all/vault.yml
Normal file
7
group_vars/all/vault.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64323839393830353266323861653938663862323663616135396166393532333030313465393563
|
||||||
|
6666313061303232383533343362383134663730383761660a666339353639613037663134393334
|
||||||
|
65633566363961663138616564353761353931666363613336316335643535363533306461343662
|
||||||
|
3339383263396438640a616433336333626632326465363931616461356539656535626432383738
|
||||||
|
33356462366339356164373539333636386230376665303561303864366232636463616339653731
|
||||||
|
3537623933633964383538633261633133323136366433376232
|
@ -1,3 +1,3 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
hackmd_version: 1.1.0-ce
|
hackmd_version: 1.1.1-ce
|
||||||
|
@ -2,14 +2,16 @@
|
|||||||
"production": {
|
"production": {
|
||||||
"domain": "{{ hackmd_domain }}",
|
"domain": "{{ hackmd_domain }}",
|
||||||
"protocolUseSSL": true,
|
"protocolUseSSL": true,
|
||||||
"_hsts": {
|
"allowFreeURL": true,
|
||||||
|
"sessionSecret": "{{ hackmd_secret }}",
|
||||||
|
"hsts": {
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"maxAgeSeconds": "31536000",
|
"maxAgeSeconds": "2592000",
|
||||||
"includeSubdomains": true,
|
"includeSubdomains": true,
|
||||||
"preload": true
|
"preload": true
|
||||||
},
|
},
|
||||||
"csp": {
|
"csp": {
|
||||||
"enable": false,
|
"enable": true,
|
||||||
"directives": {
|
"directives": {
|
||||||
},
|
},
|
||||||
"upgradeInsecureRequests": "auto",
|
"upgradeInsecureRequests": "auto",
|
||||||
|
Loading…
Reference in New Issue
Block a user