Move SECRET_KEY to docker secret
This commit is contained in:
parent
158537ab52
commit
41b2f8d9c1
|
|
@ -18,8 +18,6 @@ TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key
|
|||
|
||||
REDIS_ADDRESS=db
|
||||
|
||||
# Set to a randomly generated 16 bytes string
|
||||
SECRET_KEY=XXXXXXXXXXXXXXXX
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
SUBNET=192.168.203.0/24
|
||||
|
|
@ -105,6 +103,9 @@ COMPRESSION_LEVEL=
|
|||
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
|
||||
# FULL_TEXT_SEARCH=off
|
||||
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
|
||||
|
||||
###################################
|
||||
# Web settings
|
||||
###################################
|
||||
|
|
|
|||
19
compose.yml
19
compose.yml
|
|
@ -34,7 +34,7 @@ x-environment:
|
|||
- REJECT_UNLISTED_RECIPIENT
|
||||
- RELAYHOST
|
||||
- RELAYNETS
|
||||
- SECRET_KEY
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- SITENAME
|
||||
- SUBNET
|
||||
- TLS_CERT_FILENAME
|
||||
|
|
@ -85,6 +85,8 @@ services:
|
|||
mode: host
|
||||
volumes:
|
||||
- "certs:/certs"
|
||||
secrets:
|
||||
- secret_key
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
|
@ -105,6 +107,8 @@ services:
|
|||
environment: *default-env
|
||||
healthcheck:
|
||||
disable: true
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "dkim:/dkim"
|
||||
- "mailu:/data"
|
||||
|
|
@ -114,6 +118,8 @@ services:
|
|||
imap:
|
||||
image: ghcr.io/mailu/dovecot:2.0.23
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "mail:/mail"
|
||||
healthcheck:
|
||||
|
|
@ -126,6 +132,8 @@ services:
|
|||
smtp:
|
||||
image: ghcr.io/mailu/postfix:2.0.23
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "mailqueue:/queue"
|
||||
healthcheck:
|
||||
|
|
@ -136,6 +144,8 @@ services:
|
|||
antispam:
|
||||
image: ghcr.io/mailu/rspamd:2.0.23
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "rspamd:/var/lib/rspamd"
|
||||
- "dkim:/dkim:ro"
|
||||
|
|
@ -149,6 +159,8 @@ services:
|
|||
- default
|
||||
volumes:
|
||||
- "webmail:/data"
|
||||
secrets:
|
||||
- secret_key
|
||||
deploy:
|
||||
replicas: 1
|
||||
healthcheck:
|
||||
|
|
@ -207,3 +219,8 @@ configs:
|
|||
certdumper_post:
|
||||
name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
|
||||
file: certdumper_post.sh
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
|
|
|
|||
Loading…
Reference in New Issue