nassella/app
1
0
Fork 0
Code Issues 15 Pull Requests Packages Projects 1 Releases Wiki Activity

Moving stripe api key to config/run secret.

Browse Source
This commit is contained in:
Thomas Hintz
2026-04-22 12:02:27 -07:00
parent 78398b852c
commit a3c08b49b1
5 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -69,6 +69,8 @@ all-apps/nassella/lldap_postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_PASSWORD" > $@' bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_PASSWORD" > $@'
all-apps/nassella/lldap_admin_password: $(apps_config) all-apps/nassella/lldap_admin_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_ADMIN_PASSWORD" > $@' bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_ADMIN_PASSWORD" > $@'
all-apps/nassella/stripe_api_key: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_STRIPE_API_KEY" > $@'
all-apps/nassella/authelia-config/configuration.yml: $(apps_config) all-apps/nassella/authelia-config/configuration.yml.tmpl make-nassella-authelia-config.sh all-apps/nassella/authelia-config/configuration.yml: $(apps_config) all-apps/nassella/authelia-config/configuration.yml.tmpl make-nassella-authelia-config.sh
./make-nassella-authelia-config.sh $(apps_config) ./make-nassella-authelia-config.sh $(apps_config)
all-apps/nassella/lldap-config/lldap_config.toml: $(apps_config) all-apps/nassella/lldap-config/lldap_config.toml.tmpl make-nassella-lldap-config.sh all-apps/nassella/lldap-config/lldap_config.toml: $(apps_config) all-apps/nassella/lldap-config/lldap_config.toml.tmpl make-nassella-lldap-config.sh

3
all-apps/nassella/docker-compose.yaml
View File

@@ -21,6 +21,8 @@ secrets:
file: ./nassella/authelia_postgres_user file: ./nassella/authelia_postgres_user
nassella_lldap_admin_password: nassella_lldap_admin_password:
file: ./nassella/lldap_admin_password file: ./nassella/lldap_admin_password
nassella_stripe_api_key:
file: ./nassella/stripe_api_key
services: services:
nassella_lldap_db: nassella_lldap_db:
@@ -133,6 +135,7 @@ services:
- nassella_postgres_password - nassella_postgres_password
- nassella_postgres_user - nassella_postgres_user
- nassella_lldap_admin_password - nassella_lldap_admin_password
- nassella_stripe_api_key
networks: networks:
- lb - lb
- nassella_internal - nassella_internal

1
all-apps/nassella/stripe_api_key Normal file
View File

@@ -0,0 +1 @@
api_key

8
src/Dockerfile
View File

@@ -39,22 +39,16 @@ COPY db.scm db.scm
COPY nassella.scm nassella.scm COPY nassella.scm nassella.scm
COPY run.scm run.scm COPY run.scm run.scm
RUN csc -O3 mocks.scm -J
RUN csc -O3 db.scm -J
RUN csc -O3 nassella.scm -J
RUN csc -O3 -o nassella-run run.scm RUN csc -O3 -o nassella-run run.scm
RUN chmod +x nassella-run RUN chmod +x nassella-run
FROM debian:trixie-slim FROM debian:trixie-slim
RUN apt-get update && apt-get -y --no-install-recommends install \ RUN apt-get update && apt-get -y --no-install-recommends install \
libpq-dev ca-certificates gettext-base \ libpq-dev ca-certificates gettext-base openssh-client \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
COPY --from=buildeggs /usr/local/ /usr/local/ COPY --from=buildeggs /usr/local/ /usr/local/
WORKDIR /var WORKDIR /var
COPY --from=buildeggs /var/nassella/mocks /var
COPY --from=buildeggs /var/nassella/db /var
COPY --from=buildeggs /var/nassella/nassella /var
COPY --from=buildeggs /var/nassella/nassella-run /var COPY --from=buildeggs /var/nassella/nassella-run /var
COPY nassella-latest.tar nassella-latest.tar COPY nassella-latest.tar nassella-latest.tar

14
src/nassella.scm
View File

@@ -563,7 +563,8 @@ h1, h2, h3, h4, h5, h6 {
'email 'email
(alist-ref (alist-ref
'customer_details 'customer_details
(send-stripe-request endpoint: (string-append "/checkout/sessions/" sid))))) (send-stripe-request endpoint: (string-append "/checkout/sessions/" sid)
username: (string-trim-right (with-input-from-file "/run/secrets/nassella_stripe_api_key" read-string))))))
(define (create-lldap-user username email) (define (create-lldap-user username email)
@@ -1090,7 +1091,9 @@ chmod -R 777 /opt/keys")))
(Field (@ (name "nassella-lldap-subdomain") (label ("LLDAP Subdomain")) (Field (@ (name "nassella-lldap-subdomain") (label ("LLDAP Subdomain"))
(value ,(alist-ref 'lldap-subdomain (alist-ref 'nassella app-config eq? '()) eq? "lldap")))) (value ,(alist-ref 'lldap-subdomain (alist-ref 'nassella app-config eq? '()) eq? "lldap"))))
(Field (@ (name "nassella-lldap-admin-password") (label ("Admin Password")) (type "password") (Field (@ (name "nassella-lldap-admin-password") (label ("Admin Password")) (type "password")
(value ,(alist-ref 'lldap-admin-password (alist-ref 'nassella app-config eq? '()) eq? "")))))) (value ,(alist-ref 'lldap-admin-password (alist-ref 'nassella app-config eq? '()) eq? ""))))
(Field (@ (name "nassella-stripe-api-key") (label ("Stripe API Key")) (type "password")
(value ,(alist-ref 'stripe-api-key (alist-ref 'nassella app-config eq? '()) eq? ""))))))
'()) '())
(Fieldset (Fieldset
(@ (title "Log Viewer")) (@ (title "Log Viewer"))
@@ -1160,9 +1163,10 @@ chmod -R 777 /opt/keys")))
(generate-key-seed))) (generate-key-seed)))
(lldap-subdomain . ,(alist-ref 'nassella-lldap-subdomain (current-params))) (lldap-subdomain . ,(alist-ref 'nassella-lldap-subdomain (current-params)))
(lldap-admin-password . ,(alist-ref 'nassella-lldap-admin-password (current-params))) (lldap-admin-password . ,(alist-ref 'nassella-lldap-admin-password (current-params)))
(stripe-api-key . ,(alist-ref 'nassella-stripe-api-key (current-params)))
(authelia-jwt-secret . ,(or (alist-ref 'authelia-jwt-secret (authelia-jwt-secret . ,(or (alist-ref 'authelia-jwt-secret
(alist-ref 'nassella config eq? '())) (alist-ref 'nassella config eq? '()))
(generate-jwt-secret))) (generate-jwt-secret)))
(authelia-key-seed . ,(or (alist-ref 'authelia-key-seed (authelia-key-seed . ,(or (alist-ref 'authelia-key-seed
(alist-ref 'nassella config eq? '())) (alist-ref 'nassella config eq? '()))
(generate-authelia-key-seed))))) (generate-authelia-key-seed)))))
@@ -1357,6 +1361,7 @@ chmod -R 777 /opt/keys")))
("NASSELLA_LLDAP_JWT_SECRET" . ,(alist-ref 'lldap-jwt-secret (alist-ref 'nassella config))) ("NASSELLA_LLDAP_JWT_SECRET" . ,(alist-ref 'lldap-jwt-secret (alist-ref 'nassella config)))
("NASSELLA_LLDAP_KEY_SEED" . ,(alist-ref 'lldap-key-seed (alist-ref 'nassella config))) ("NASSELLA_LLDAP_KEY_SEED" . ,(alist-ref 'lldap-key-seed (alist-ref 'nassella config)))
("NASSELLA_LLDAP_ADMIN_PASSWORD" . ,(alist-ref 'lldap-admin-password (alist-ref 'nassella config))) ("NASSELLA_LLDAP_ADMIN_PASSWORD" . ,(alist-ref 'lldap-admin-password (alist-ref 'nassella config)))
("NASSELLA_STRIPE_API_KEY" . ,(alist-ref 'stripe-api-key (alist-ref 'nassella config)))
("NASSELLA_AUTHELIA_JWT_SECRET" . ,(alist-ref 'authelia-jwt-secret (alist-ref 'nassella config))) ("NASSELLA_AUTHELIA_JWT_SECRET" . ,(alist-ref 'authelia-jwt-secret (alist-ref 'nassella config)))
("NASSELLA_AUTHELIA_KEY_SEED" . ,(alist-ref 'authelia-key-seed (alist-ref 'nassella config))) ("NASSELLA_AUTHELIA_KEY_SEED" . ,(alist-ref 'authelia-key-seed (alist-ref 'nassella config)))
("SMTP_HOST" . ,(alist-ref 'smtp-host (alist-ref 'all-apps config))) ("SMTP_HOST" . ,(alist-ref 'smtp-host (alist-ref 'all-apps config)))
@@ -1612,6 +1617,7 @@ chmod -R 777 /opt/keys")))
("NASSELLA_LLDAP_JWT_SECRET" . ,(alist-ref 'lldap-jwt-secret (alist-ref 'nassella config))) ("NASSELLA_LLDAP_JWT_SECRET" . ,(alist-ref 'lldap-jwt-secret (alist-ref 'nassella config)))
("NASSELLA_LLDAP_KEY_SEED" . ,(alist-ref 'lldap-key-seed (alist-ref 'nassella config))) ("NASSELLA_LLDAP_KEY_SEED" . ,(alist-ref 'lldap-key-seed (alist-ref 'nassella config)))
("NASSELLA_LLDAP_ADMIN_PASSWORD" . ,(alist-ref 'lldap-admin-password (alist-ref 'nassella config))) ("NASSELLA_LLDAP_ADMIN_PASSWORD" . ,(alist-ref 'lldap-admin-password (alist-ref 'nassella config)))
("NASSELLA_STRIPE_API_KEY" . ,(alist-ref 'stripe-api-key (alist-ref 'nassella config)))
("NASSELLA_AUTHELIA_JWT_SECRET" . ,(alist-ref 'authelia-jwt-secret (alist-ref 'nassella config))) ("NASSELLA_AUTHELIA_JWT_SECRET" . ,(alist-ref 'authelia-jwt-secret (alist-ref 'nassella config)))
("NASSELLA_AUTHELIA_KEY_SEED" . ,(alist-ref 'authelia-key-seed (alist-ref 'nassella config))) ("NASSELLA_AUTHELIA_KEY_SEED" . ,(alist-ref 'authelia-key-seed (alist-ref 'nassella config)))
("SMTP_HOST" . ,(alist-ref 'smtp-host (alist-ref 'all-apps config))) ("SMTP_HOST" . ,(alist-ref 'smtp-host (alist-ref 'all-apps config)))