to breel, tood

2022-02-18 11:43:04 -07:00 · 2022-02-18 11:43:04 -07:00 · a7360ec2a8
parent 0548585a23
commit a7360ec2a8
4 changed files with 13 additions and 11 deletions
--- a/server/Dockerfile
+++ b/server/Dockerfile
@ -25,6 +25,8 @@ RUN mkdir -p /var/log /main/public/files /main/public/media
 ENV GOPATH=""
 VOLUME /main/public/files
 VOLUME /main/public/media
+ENV COOKIE_SECRET
+ENV KEY
 RUN echo 'cat /main/users.yaml.gpg | gpg --batch --no-tty --passphrase="$KEY" --decrypt > /main/users.yaml && /main/exec-server "$@"' > /main/entrypoint.sh
 ENTRYPOINT ["bash", "/main/entrypoint.sh"]
 CMD []
--- a/server/README.md
+++ b/server/README.md
@ -3,16 +3,16 @@
 1. Build a linux binary with `GOOS=linux CGO_ENABLED=0 go build -o ./exec-server -a -installsuffix cgo -ldflags "-s -w"`
 1. Add your usernames, passwords, groups to `releasedata/users.yaml`
 1. {one time} Generate and store an encryption `KEY` in Vault+Lastpass
-1. Build a Docker image with `docker build -t registry-app.eng.qops.net:5001/bel/work-notes:latest --build-arg KEY='{{INSERT YOUR KEY HERE}}' .`
-1. Push with `docker push registry-app.eng.qops.net:5001/bel/work-notes:latest`
-1. Run like `docker run -v /mnt/files:/main/public/files -v /mnt/media:/main/public/media -e KEY='{{INSERT YOUR KEY HERE}}' -p 3005:3005 --rm -it registry-app.eng.qops.net:5001/bel/work-notes:latest -auth ./users.yaml -p 3005`
+1. Build a Docker image with `docker build -t registry-app.eng.qops.net:5001/breel/work-notes:latest --build-arg KEY='{{INSERT YOUR KEY HERE}}' .`
+1. Push with `docker push registry-app.eng.qops.net:5001/breel/work-notes:latest`
+1. Run like `docker run -v /mnt/files:/main/public/files -v /mnt/media:/main/public/media -e KEY='{{INSERT YOUR KEY HERE}}' -p 3005:3005 --rm -it registry-app.eng.qops.net:5001/breel/work-notes:latest -auth ./users.yaml -p 3005`

 ### `users.yaml` Format

 ```yaml
 users:
-  bel:
-    password: bel
+  breel:
+    password: breel
    groups:
    - g1
    - g2
--- a/server/testdata/users.yaml
+++ b/server/testdata/users.yaml
@ -1,6 +1,6 @@
 users:
-  bel:
-    password: bel
+  breel:
+    password: breel
    groups:
    - g1
    - g2
--- a/todo.yaml
+++ b/todo.yaml
@ -1,9 +1,7 @@
 todo:
- logout
- encrypt files at docker build time, put decrypt key in vault
+- $TOKEN skips auth and sets Group
 - create fileauth login file
- secret for cookie encrypt+decrypt
- secrets
+- secrets;; $KEY, $TOKEN, $COOKIE_SECRET for crawler
 - team-specific deployment;; prob grab a VM
 - mark generated via meta so other files in the dir can be created, deleted, replaced safely
 - links like `/Smoktests` in user-files home wiki don't rewrite
@ -15,6 +13,8 @@ todo:
 - anchor links work
 - ui; last updated; 2022.02.01T12:34:56
 done:
+- secret for cookie encrypt+decrypt
+- encrypt files at docker build time, put decrypt key in vault
 - gitlab/-/blob/about.md does NOT map to exactly 1 file
 - crawler does NOT modify title cause readme.md everywhere
 - use `meta` so no need for extra level for explicit single files