From ae4ef7d1f6c0089c72ef420591cb113bf0b0925b Mon Sep 17 00:00:00 2001 From: Orion Kindel Date: Sun, 21 May 2023 12:58:26 -0500 Subject: [PATCH] fix: server can be re-scaffolded without invalidating sessions, don't leak secrets --- .gitignore | 1 + src/012-system-users-gitea.sh | 1 + src/{gitea-app.ini => gitea-app.ini.sample} | 7 +++---- 3 files changed, 5 insertions(+), 4 deletions(-) rename src/{gitea-app.ini => gitea-app.ini.sample} (88%) diff --git a/.gitignore b/.gitignore index bdcc60e..1e8b6eb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +src/gitea-app.ini ext diff --git a/src/012-system-users-gitea.sh b/src/012-system-users-gitea.sh index c43e843..227915e 100644 --- a/src/012-system-users-gitea.sh +++ b/src/012-system-users-gitea.sh @@ -37,6 +37,7 @@ mv /tmp/git/config /home/git/ cp ./gitea-docker-compose.yml /home/git/docker-compose.yml cp ./gitea-app.ini /home/git/config/app.ini +sed -i "s/\\\${{TIMESTAMP}}/$(date +%s)/g" /home/git/config/app.ini touch /home/git/runner-config.yml touch /home/git/.env.runner diff --git a/src/gitea-app.ini b/src/gitea-app.ini.sample similarity index 88% rename from src/gitea-app.ini rename to src/gitea-app.ini.sample index c599f76..29707ca 100644 --- a/src/gitea-app.ini +++ b/src/gitea-app.ini.sample @@ -13,7 +13,7 @@ SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true ROOT_URL = https://git.orionkindel.com/ -LFS_JWT_SECRET = UsqQwv84asJvQbpkp0gILFIQnuX7-dBvWG_Y3-hRr7w +LFS_JWT_SECRET = ; OFFLINE_MODE = false [database] @@ -32,8 +32,7 @@ CHARSET = utf8 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] -PROVIDER_CONFIG = /data/gitea/sessions -PROVIDER = file +PROVIDER = db [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars @@ -53,7 +52,7 @@ INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * -INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODQ0Njk4MTJ9.0PBZpL59ML5l-IKkIY6Vos9Sjyp6_pqxz-decLdY8cs +INTERNAL_TOKEN = ; PASSWORD_HASH_ALGO = pbkdf2 [service]