From 3f0ce808674406780408faabb14205cea9811d3c Mon Sep 17 00:00:00 2001 From: Jeremy Kescher Date: Mon, 27 Jun 2022 00:11:33 +0200 Subject: [PATCH] Add redacted CatCatNya~ production env file. Also add redaction script. --- .env.production.catcatnya | 43 +++++++++++++++++++++++++++++++++++++++ redact-env.bash | 27 ++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 .env.production.catcatnya create mode 100755 redact-env.bash diff --git a/.env.production.catcatnya b/.env.production.catcatnya new file mode 100644 index 0000000000..6d572f5310 --- /dev/null +++ b/.env.production.catcatnya @@ -0,0 +1,43 @@ +LOCAL_DOMAIN=catcatnya.com +ALTERNATE_DOMAINS=0.catcatnya.com,1.catcatnya.com,2.catcatnya.com,3.catcatnya.com,4.catcatnya.com,5.catcatnya.com,6.catcatnya.com,7.catcatnya.com,8.catcatnya.com,9.catcatnya.com +SINGLE_USER_MODE=false +SECRET_KEY_BASE=[REDACTED] +OTP_SECRET=[REDACTED] +VAPID_PRIVATE_KEY=[REDACTED] +VAPID_PUBLIC_KEY=[REDACTED] +DB_HOST=[REDACTED] +DB_PORT=[REDACTED] +DB_NAME=[REDACTED] +DB_USER=[REDACTED] +DB_PASS=[REDACTED] +REDIS_HOST=[REDACTED] +REDIS_PORT=[REDACTED] +REDIS_PASSWORD=[REDACTED] +S3_ENABLED=false +PAPERCLIP_ROOT_PATH=[REDACTED] +PAPERCLIP_ROOT_URL=https://cdn.catcatnya.com +SMTP_SERVER=smtp.kescher.at +SMTP_PORT=[REDACTED] +SMTP_LOGIN=[REDACTED] +SMTP_PASSWORD=[REDACTED] +SMTP_AUTH_METHOD=[REDACTED] +SMTP_OPENSSL_VERIFY_MODE=[REDACTED] +SMTP_FROM_ADDRESS='Mastodon ' +ES_ENABLED=true +ES_HOST=[REDACTED] +ES_PORT=[REDACTED] +ES_PREFIX=[REDACTED] +AUTHORIZED_FETCH=true +RAILS_SERVE_STATIC_FILES=false +RAILS_LOG_LEVEL=warn + +MAX_TOOT_CHARS=6942 +MAX_DESCRIPTION_CHARS=6942 +MAX_BIO_CHARS=6942 +MAX_PROFILE_FIELDS=10 +MAX_PINNED_TOOTS=10 +MAX_DISPLAY_NAME_CHARS=50 +MAX_POLL_OPTIONS=20 +MAX_SEARCH_RESULTS=1000 +MAX_REMOTE_EMOJI_SIZE=1048576 +IP_RETENTION_PERIOD=86400 diff --git a/redact-env.bash b/redact-env.bash new file mode 100755 index 0000000000..0249f3fb06 --- /dev/null +++ b/redact-env.bash @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +if [[ -f "$1" ]]; then + sed -e '/^#.*$/d' \ + -e 's/^SECRET_KEY_BASE=.*/SECRET_KEY_BASE=[REDACTED]/gi' \ + -e 's/^OTP_SECRET=.*/OTP_SECRET=[REDACTED]/gi' \ + -e 's/^VAPID_PRIVATE_KEY=.*/VAPID_PRIVATE_KEY=[REDACTED]/gi' \ + -e 's/^VAPID_PUBLIC_KEY=.*/VAPID_PUBLIC_KEY=[REDACTED]/gi' \ + -e 's/^DB_HOST=.*/DB_HOST=[REDACTED]/gi' \ + -e 's/^DB_PORT=.*/DB_PORT=[REDACTED]/gi' \ + -e 's/^DB_NAME=.*/DB_NAME=[REDACTED]/gi' \ + -e 's/^DB_USER=.*/DB_USER=[REDACTED]/gi' \ + -e 's/^DB_PASS=.*/DB_PASS=[REDACTED]/gi' \ + -e 's/^REDIS_HOST=.*/REDIS_HOST=[REDACTED]/gi' \ + -e 's/^REDIS_PORT=.*/REDIS_PORT=[REDACTED]/gi' \ + -e 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=[REDACTED]/gi' \ + -e 's/^PAPERCLIP_ROOT_PATH=.*/PAPERCLIP_ROOT_PATH=[REDACTED]/gi' \ + -e 's/^SMTP_PORT=.*/SMTP_PORT=[REDACTED]/gi' \ + -e 's/^SMTP_LOGIN=.*/SMTP_LOGIN=[REDACTED]/gi' \ + -e 's/^SMTP_PASSWORD=.*/SMTP_PASSWORD=[REDACTED]/gi' \ + -e 's/^SMTP_AUTH_METHOD=.*/SMTP_AUTH_METHOD=[REDACTED]/gi' \ + -e 's/^SMTP_OPENSSL_VERIFY_MODE=.*/SMTP_OPENSSL_VERIFY_MODE=[REDACTED]/gi' \ + -e 's/^ES_HOST=.*/ES_HOST=[REDACTED]/gi' \ + -e 's/^ES_PORT=.*/ES_PORT=[REDACTED]/gi' \ + -e 's/^ES_PREFIX=.*/ES_PREFIX=[REDACTED]/gi' \ + "$1" +fi