Generate the ini config file from environment variables? #44

New Issue

greg · 2020-02-14T16:00:08Z

greg commented

2020-02-14 16:00:08 +00:00

This is a new feature: https://github.com/go-gitea/gitea/blob/master/contrib/environment-to-ini/README

Right now we are copying over a generated app.ini file to a conf volume (https://gitea.kosmos.org/kosmos/gitea.kosmos.org/src/branch/master/kubernetes/gitea-server.yaml#L18)

Right now I'm not sure if that is a good idea for us. Our app.ini config is 92 lines, it seems like a lot of environment variables. We'd have to deal with environment variables that have to stay a secret, while having an app.ini file not in version control takes care of secrets in one go

This is a new feature: https://github.com/go-gitea/gitea/blob/master/contrib/environment-to-ini/README Right now we are copying over a generated `app.ini` file to a conf volume (https://gitea.kosmos.org/kosmos/gitea.kosmos.org/src/branch/master/kubernetes/gitea-server.yaml#L18) Right now I'm not sure if that is a good idea for us. Our `app.ini` config is 92 lines, it seems like a lot of environment variables. We'd have to deal with environment variables that have to stay a secret, while having an `app.ini` file not in version control takes care of secrets in one go

greg added the

question

label 2020-02-14 16:00:08 +00:00

raucao commented

2020-02-14 16:04:46 +00:00

We’d have to deal with environment variables that have to stay a secret

How many passwords to we really have in the config? It can't be that many.

while having an app.ini file not in version control takes care of secrets in one go

Where does it come from then? This way also takes care of the config being intransparent.

> We’d have to deal with environment variables that have to stay a secret How many passwords to we really have in the config? It can't be that many. > while having an app.ini file not in version control takes care of secrets in one go Where does it come from then? This way also takes care of the config being intransparent.

greg commented

2020-02-14 16:27:06 +00:00

How many passwords to we really have in the config? It can’t be that many.

That's just 4, database & mailer password, internal token and secret key

Where does it come from then? This way also takes care of the config being intransparent.

We use a script to get it from the conf volume, where it can then be edited and sent to the volume with another script

> How many passwords to we really have in the config? It can’t be that many. That's just 4, database & mailer password, internal token and secret key > Where does it come from then? This way also takes care of the config being intransparent. We use a script to get it from the conf volume, where it can then be edited and sent to the volume with another script

raucao added this to the Production readiness milestone 2020-02-15 16:07:52 +00:00

raucao commented

2020-11-15 11:59:05 +00:00

@greg Is this still relevant, since we don't use kubernetes anymore?

greg commented

2020-11-16 07:58:38 +00:00

This entire repo isn't relevant and can be deleted

raucao commented

2020-11-16 13:45:38 +00:00

Meta repo for gitea.kosmos.org operation, issues, suggestions, and feedback.

How is it not relevant anymore? The issues still seem very relevant to me, which is why I'm triaging them:

https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues

However, if you want to move this repo's issues to the Chef repo, then please do so! It would probably make sense to introduce service labels for that repo's issues then (e.g. service:gitea or similar).

> Meta repo for gitea.kosmos.org operation, issues, suggestions, and feedback. How is it not relevant anymore? The issues still seem very relevant to me, which is why I'm triaging them: https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues However, if you want to move this repo's issues to the Chef repo, then please do so! It would probably make sense to introduce service labels for that repo's issues then (e.g. `service:gitea` or similar).

raucao closed this issue

2021-01-12 13:29:03 +00:00

This repo is archived. You cannot comment on issues.