rfq: do not write email password to the Nix store
This commit is contained in:
parent
dc08412ba2
commit
dc8db5fbee
nixbld-etc-nixos/rfq
@ -14,6 +14,13 @@ from werkzeug.middleware.proxy_fix import ProxyFix
|
||||
|
||||
load_dotenv()
|
||||
|
||||
mail_password_file = getenv("FLASK_MAIL_PASSWORD_FILE")
|
||||
if mail_password_file is not None:
|
||||
with open(mail_password_file, "r") as f:
|
||||
mail_password = f.read().strip()
|
||||
else:
|
||||
mail_password = None
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config.update(
|
||||
DEBUG=getenv("FLASK_DEBUG") == "True",
|
||||
@ -22,7 +29,7 @@ app.config.update(
|
||||
MAIL_USE_SSL=getenv("FLASK_MAIL_USE_SSL"),
|
||||
MAIL_DEBUG=False,
|
||||
MAIL_USERNAME=getenv("FLASK_MAIL_USERNAME"),
|
||||
MAIL_PASSWORD=getenv("FLASK_MAIL_PASSWORD"),
|
||||
MAIL_PASSWORD=mail_password,
|
||||
MAIL_RECIPIENT=getenv("FLASK_MAIL_RECIPIENT"),
|
||||
MAIL_SENDER=getenv("FLASK_MAIL_SENDER")
|
||||
)
|
||||
|
@ -11,7 +11,7 @@ in {
|
||||
"FLASK_MAIL_PORT=465"
|
||||
"FLASK_MAIL_USE_SSL=True"
|
||||
"FLASK_MAIL_USERNAME=sysop@m-labs.hk"
|
||||
"FLASK_MAIL_PASSWORD=${import /etc/nixos/secret/sysop_password.nix}"
|
||||
"FLASK_MAIL_PASSWORD_FILE=/etc/nixos/secret/rfqpassword"
|
||||
"FLASK_MAIL_RECIPIENT=sales@m-labs.hk"
|
||||
"FLASK_MAIL_SENDER=sysop@m-labs.hk"
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user