generated from coop-cloud/example
Keep default secret-in-config file for backwards compat.
This commit is contained in:
@ -2,6 +2,7 @@ TYPE=peertube
|
|||||||
|
|
||||||
DOMAIN=peertube.example.com # <= EDIT THIS
|
DOMAIN=peertube.example.com # <= EDIT THIS
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
COMPOSE_FILE=compose.yml
|
||||||
|
|
||||||
PEERTUBE_WEBSERVER_PORT=443
|
PEERTUBE_WEBSERVER_PORT=443
|
||||||
PEERTUBE_WEBSERVER_HTTPS=true
|
PEERTUBE_WEBSERVER_HTTPS=true
|
||||||
@ -11,6 +12,9 @@ PEERTUBE_TRANSCODING_ENABLED=true
|
|||||||
PEERTUBE_CONTACT_FORM_ENABLED=false
|
PEERTUBE_CONTACT_FORM_ENABLED=false
|
||||||
|
|
||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# Comment out these lines if you want to store the peertube secret in a config file instead of a docker secret
|
||||||
|
COMPOSE_FILE="$COMPOSE_FILE:compose.peertube-secret.yml"
|
||||||
SECRET_PEERTUBE_SECRET_VERSION=v1
|
SECRET_PEERTUBE_SECRET_VERSION=v1
|
||||||
|
|
||||||
## Webseed backend
|
## Webseed backend
|
||||||
|
|||||||
14
compose.peertube-secret.yml
Normal file
14
compose.peertube-secret.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- PEERTUBE_SECRET_FILE=/run/secrets/peertube_secret
|
||||||
|
secrets:
|
||||||
|
- peertube_secret
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
peertube_secret:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_peertube_secret_${SECRET_PEERTUBE_SECRET_VERSION}
|
||||||
@ -58,14 +58,12 @@ services:
|
|||||||
- PEERTUBE_WEBSERVER_HOSTNAME=${DOMAIN}
|
- PEERTUBE_WEBSERVER_HOSTNAME=${DOMAIN}
|
||||||
- PEERTUBE_WEBSERVER_HTTPS
|
- PEERTUBE_WEBSERVER_HTTPS
|
||||||
- PEERTUBE_WEBSERVER_PORT
|
- PEERTUBE_WEBSERVER_PORT
|
||||||
- PEERTUBE_SECRET_FILE=/run/secrets/peertube_secret
|
|
||||||
volumes:
|
volumes:
|
||||||
- app-data:/data
|
- app-data:/data
|
||||||
- app-config:/config
|
- app-config:/config
|
||||||
- app-assets:/srv/client/dist
|
- app-assets:/srv/client/dist
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
- peertube_secret
|
|
||||||
configs:
|
configs:
|
||||||
- source: app_entrypoint
|
- source: app_entrypoint
|
||||||
target: /docker-entrypoint.sh
|
target: /docker-entrypoint.sh
|
||||||
@ -141,6 +139,3 @@ secrets:
|
|||||||
db_password:
|
db_password:
|
||||||
external: true
|
external: true
|
||||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||||
peertube_secret:
|
|
||||||
external: true
|
|
||||||
name: ${STACK_NAME}_peertube_secret_${SECRET_PEERTUBE_SECRET_VERSION}
|
|
||||||
|
|||||||
@ -1 +1,9 @@
|
|||||||
WARNING! ⚠️ This release includes several major Postgres version updates, please make even more sure to take a database backup than usual
|
WARNING! ⚠️
|
||||||
|
|
||||||
|
This release includes several major Postgres version updates, please make even more sure to take a database backup than usual
|
||||||
|
|
||||||
|
Also, `PEERTUBE_SECRET `can now be stored in Docker, instead of just in a config file. To enable this behaviour:
|
||||||
|
|
||||||
|
1. Extract the secret from the config file using `abra app run $STACK_NAME app grep peertube: /config/production.yaml | cut -d'"' -f2`
|
||||||
|
2. Run `abra app secret insert $STACK_NAME peertube_secret v1`
|
||||||
|
3. Run `abra app config $STACK_NAME`, and set `COMPOSE_FILE=compose.yml:compose.peertube-secret.yml`
|
||||||
|
|||||||
Reference in New Issue
Block a user