From da5fe67e273ddc58c1789798aade53a26b1b195e Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 25 Mar 2022 14:39:02 +0200 Subject: [PATCH] Security++ --- .env.sample | 1 + compose.yml | 8 +++++++- config.hjson.tmpl | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index f053413..9fe5b6c 100644 --- a/.env.sample +++ b/.env.sample @@ -9,6 +9,7 @@ LETS_ENCRYPT_ENV=production ADMIN_USERNAME=admin SECRET_ADMIN_PASSWORD_VERSION=v1 +SECRET_POSTGRES_PASSWORD_VERSION=v1 SITE_NAME=LemmyCloud SLUR_FILTER='(fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)' diff --git a/compose.yml b/compose.yml index 9143d05..bb05fc0 100644 --- a/compose.yml +++ b/compose.yml @@ -15,6 +15,7 @@ services: - lemmy_config:/config/ secrets: - admin_password + - postgres_password entrypoint: ['/docker-entrypoint.sh'] # entrypoint: ['tail', '-f', '/dev/null'] configs: @@ -49,10 +50,12 @@ services: image: postgres:12-alpine environment: - POSTGRES_USER=lemmy - - POSTGRES_PASSWORD=password - POSTGRES_DB=lemmy + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password networks: - backend + secrets: + - postgres_password volumes: - postgres_data:/var/lib/postgresql/data @@ -114,6 +117,9 @@ secrets: admin_password: external: true name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} + postgres_password: + external: true + name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION} networks: backend: diff --git a/config.hjson.tmpl b/config.hjson.tmpl index fec8efa..30f283c 100644 --- a/config.hjson.tmpl +++ b/config.hjson.tmpl @@ -28,7 +28,7 @@ # username to connect to postgres user: "lemmy" # password to connect to postgres - password: "password" + password: "{{ secret "postgres_password" }}" # host where postgres is running host: "db" # port where postgres can be accessed