fsagbuya
/
it-infra
forked from M-Labs/it-infra
1
0
Fork 0
Code Pull Requests Activity

rfq: do not write email password to the Nix store

This commit is contained in:
Sebastien Bourdeauducq 2022-08-13 11:43:01 +08:00
parent dc08412ba2
commit dc8db5fbee
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixbld-etc-nixos/rfq/src/rfq/__init__.py
View File

@ -14,6 +14,13 @@ from werkzeug.middleware.proxy_fix import ProxyFix
load_dotenv() load_dotenv()
mail_password_file = getenv("FLASK_MAIL_PASSWORD_FILE")
if mail_password_file is not None:
with open(mail_password_file, "r") as f:
mail_password = f.read().strip()
else:
mail_password = None
app = Flask(__name__) app = Flask(__name__)
app.config.update( app.config.update(
DEBUG=getenv("FLASK_DEBUG") == "True", DEBUG=getenv("FLASK_DEBUG") == "True",
@ -22,7 +29,7 @@ app.config.update(
MAIL_USE_SSL=getenv("FLASK_MAIL_USE_SSL"), MAIL_USE_SSL=getenv("FLASK_MAIL_USE_SSL"),
MAIL_DEBUG=False, MAIL_DEBUG=False,
MAIL_USERNAME=getenv("FLASK_MAIL_USERNAME"), MAIL_USERNAME=getenv("FLASK_MAIL_USERNAME"),
MAIL_PASSWORD=getenv("FLASK_MAIL_PASSWORD"), MAIL_PASSWORD=mail_password,
MAIL_RECIPIENT=getenv("FLASK_MAIL_RECIPIENT"), MAIL_RECIPIENT=getenv("FLASK_MAIL_RECIPIENT"),
MAIL_SENDER=getenv("FLASK_MAIL_SENDER") MAIL_SENDER=getenv("FLASK_MAIL_SENDER")
) )

2
nixbld-etc-nixos/rfq/uwsgi-config.nix
View File

@ -11,7 +11,7 @@ in {
"FLASK_MAIL_PORT=465" "FLASK_MAIL_PORT=465"
"FLASK_MAIL_USE_SSL=True" "FLASK_MAIL_USE_SSL=True"
"FLASK_MAIL_USERNAME=sysop@m-labs.hk" "FLASK_MAIL_USERNAME=sysop@m-labs.hk"
"FLASK_MAIL_PASSWORD=${import /etc/nixos/secret/sysop_password.nix}" "FLASK_MAIL_PASSWORD_FILE=/etc/nixos/secret/rfqpassword"
"FLASK_MAIL_RECIPIENT=sales@m-labs.hk" "FLASK_MAIL_RECIPIENT=sales@m-labs.hk"
"FLASK_MAIL_SENDER=sysop@m-labs.hk" "FLASK_MAIL_SENDER=sysop@m-labs.hk"
]; ];