From 3cc586873a0b1bf524584a53b9fabef75916de86 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Tue, 8 Sep 2020 13:53:09 +0200
Subject: [PATCH] Store Mediawiki secret key in Docker etc.

Closes #7
---
 .envrc.sample          | 1 +
 LocalSettings.php.tmpl | 2 +-
 README.md              | 7 ++++---
 compose.yml            | 4 ++++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.envrc.sample b/.envrc.sample
index 357cd22..0f35ba8 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -10,6 +10,7 @@ export MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
 
 export DB_ROOT_PASSWORD_VERSION=v1
 export DB_PASSWORD_VERSION=v1
+export MEDIAWIKI_SECRET_KEY_VERSION=v1
 export LOCAL_SETTINGS_CONF_VERSION=v1
 export HTACCESS_CONF_VERSION=v1
 export ENTRYPOINT_CONF_VERSION=v1
diff --git a/LocalSettings.php.tmpl b/LocalSettings.php.tmpl
index 74a52c0..074b94f 100644
--- a/LocalSettings.php.tmpl
+++ b/LocalSettings.php.tmpl
@@ -97,7 +97,7 @@ $wgShellLocale = "C.UTF-8";
 # Site language code, should be one of the list in ./languages/data/Names.php
 $wgLanguageCode = "en";
 
-$wgSecretKey = "8a83180cd66683c2a379882211187d6f79a1d40749b962598148f67893ff10cf";
+$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
 
 # Changing this will log out all existing sessions.
 $wgAuthenticationTokenVersion = "1";
diff --git a/README.md b/README.md
index 8cf4271..1694cce 100644
--- a/README.md
+++ b/README.md
@@ -13,9 +13,10 @@ Based on [`mediawiki-ve-bundle`][mediawiki-ve].
    your Docker swarm box
 4. `direnv allow` (or `. .envrc`)
 5. `abra secret_generate db_password v1 && abra secret_generate db_root_password v2`
-6. `abra deploy`
-7. `abra service_run mediawiki /bin/bash` to open a shell
-8. `php /var/www/html/maintenance/createAndPromote.php YourUsername YourPassword`
+7. `abra secret_generate mediawiki_secret_key "pwgen -n 64 1"`
+8. `abra deploy`
+9. `abra service_run mediawiki /bin/bash` to open a shell
+10. `php /var/www/html/maintenance/createAndPromote.php YourUsername YourPassword`
 
 ## License
 
diff --git a/compose.yml b/compose.yml
index 99c5e97..3374392 100644
--- a/compose.yml
+++ b/compose.yml
@@ -46,6 +46,7 @@ services:
       - mariadb
     secrets:
       - db_password
+      - mediawiki_secret_key
     networks:
       - proxy
       - internal
@@ -77,6 +78,9 @@ secrets:
   db_password:
     name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
     external: true
+  mediawiki_secret_key:
+    name: ${STACK_NAME}_mediawiki_secret_key_${MEDIAWIKI_SECRET_KEY_VERSION}
+    external: true
 
 configs:
   LocalSettings_conf: