forked from M-Labs/it-infra
rfq: do not write email password to the Nix store
This commit is contained in:
parent
dc08412ba2
commit
dc8db5fbee
|
@ -14,6 +14,13 @@ from werkzeug.middleware.proxy_fix import ProxyFix
|
||||||
|
|
||||||
load_dotenv()
|
load_dotenv()
|
||||||
|
|
||||||
|
mail_password_file = getenv("FLASK_MAIL_PASSWORD_FILE")
|
||||||
|
if mail_password_file is not None:
|
||||||
|
with open(mail_password_file, "r") as f:
|
||||||
|
mail_password = f.read().strip()
|
||||||
|
else:
|
||||||
|
mail_password = None
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
app.config.update(
|
app.config.update(
|
||||||
DEBUG=getenv("FLASK_DEBUG") == "True",
|
DEBUG=getenv("FLASK_DEBUG") == "True",
|
||||||
|
@ -22,7 +29,7 @@ app.config.update(
|
||||||
MAIL_USE_SSL=getenv("FLASK_MAIL_USE_SSL"),
|
MAIL_USE_SSL=getenv("FLASK_MAIL_USE_SSL"),
|
||||||
MAIL_DEBUG=False,
|
MAIL_DEBUG=False,
|
||||||
MAIL_USERNAME=getenv("FLASK_MAIL_USERNAME"),
|
MAIL_USERNAME=getenv("FLASK_MAIL_USERNAME"),
|
||||||
MAIL_PASSWORD=getenv("FLASK_MAIL_PASSWORD"),
|
MAIL_PASSWORD=mail_password,
|
||||||
MAIL_RECIPIENT=getenv("FLASK_MAIL_RECIPIENT"),
|
MAIL_RECIPIENT=getenv("FLASK_MAIL_RECIPIENT"),
|
||||||
MAIL_SENDER=getenv("FLASK_MAIL_SENDER")
|
MAIL_SENDER=getenv("FLASK_MAIL_SENDER")
|
||||||
)
|
)
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
"FLASK_MAIL_PORT=465"
|
"FLASK_MAIL_PORT=465"
|
||||||
"FLASK_MAIL_USE_SSL=True"
|
"FLASK_MAIL_USE_SSL=True"
|
||||||
"FLASK_MAIL_USERNAME=sysop@m-labs.hk"
|
"FLASK_MAIL_USERNAME=sysop@m-labs.hk"
|
||||||
"FLASK_MAIL_PASSWORD=${import /etc/nixos/secret/sysop_password.nix}"
|
"FLASK_MAIL_PASSWORD_FILE=/etc/nixos/secret/rfqpassword"
|
||||||
"FLASK_MAIL_RECIPIENT=sales@m-labs.hk"
|
"FLASK_MAIL_RECIPIENT=sales@m-labs.hk"
|
||||||
"FLASK_MAIL_SENDER=sysop@m-labs.hk"
|
"FLASK_MAIL_SENDER=sysop@m-labs.hk"
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in New Issue