to breel, tood

server/Dockerfile

@@ -25,6 +25,8 @@ RUN mkdir -p /var/log /main/public/files /main/public/media
 ENV GOPATH=""
 VOLUME /main/public/files
 VOLUME /main/public/media
+ENV COOKIE_SECRET
+ENV KEY
 RUN echo 'cat /main/users.yaml.gpg | gpg --batch --no-tty --passphrase="$KEY" --decrypt > /main/users.yaml && /main/exec-server "$@"' > /main/entrypoint.sh
 ENTRYPOINT ["bash", "/main/entrypoint.sh"]
 CMD []

server/README.md

@@ -3,16 +3,16 @@
 1. Build a linux binary with `GOOS=linux CGO_ENABLED=0 go build -o ./exec-server -a -installsuffix cgo -ldflags "-s -w"`
 1. Add your usernames, passwords, groups to `releasedata/users.yaml`
 1. {one time} Generate and store an encryption `KEY` in Vault+Lastpass
-1. Build a Docker image with `docker build -t registry-app.eng.qops.net:5001/bel/work-notes:latest --build-arg KEY='{{INSERT YOUR KEY HERE}}' .`
+1. Build a Docker image with `docker build -t registry-app.eng.qops.net:5001/breel/work-notes:latest --build-arg KEY='{{INSERT YOUR KEY HERE}}' .`
-1. Push with `docker push registry-app.eng.qops.net:5001/bel/work-notes:latest`
+1. Push with `docker push registry-app.eng.qops.net:5001/breel/work-notes:latest`
-1. Run like `docker run -v /mnt/files:/main/public/files -v /mnt/media:/main/public/media -e KEY='{{INSERT YOUR KEY HERE}}' -p 3005:3005 --rm -it registry-app.eng.qops.net:5001/bel/work-notes:latest -auth ./users.yaml -p 3005`
+1. Run like `docker run -v /mnt/files:/main/public/files -v /mnt/media:/main/public/media -e KEY='{{INSERT YOUR KEY HERE}}' -p 3005:3005 --rm -it registry-app.eng.qops.net:5001/breel/work-notes:latest -auth ./users.yaml -p 3005`
 
 ### `users.yaml` Format
 
 ```yaml
 users:
-  bel:
+  breel:
-    password: bel
+    password: breel
     groups:
     - g1
     - g2

server/testdata/users.yaml

@@ -1,6 +1,6 @@
 users:
-  bel:
+  breel:
-    password: bel
+    password: breel
     groups:
     - g1
     - g2

todo.yaml

@@ -1,9 +1,7 @@
 todo:
-- logout
+- $TOKEN skips auth and sets Group
-- encrypt files at docker build time, put decrypt key in vault
 - create fileauth login file
-- secret for cookie encrypt+decrypt
+- secrets;; $KEY, $TOKEN, $COOKIE_SECRET for crawler
-- secrets
 - team-specific deployment;; prob grab a VM
 - mark generated via meta so other files in the dir can be created, deleted, replaced safely
 - links like `/Smoktests` in user-files home wiki don't rewrite
@@ -15,6 +13,8 @@ todo:
 - anchor links work
 - ui; last updated; 2022.02.01T12:34:56
 done:
+- secret for cookie encrypt+decrypt
+- encrypt files at docker build time, put decrypt key in vault
 - gitlab/-/blob/about.md does NOT map to exactly 1 file
 - crawler does NOT modify title cause readme.md everywhere
 - use `meta` so no need for extra level for explicit single files