Additional Mastodon secrets
Diff
main.tf | 5 +++++
secrets.tf | 17 +++++++++++++++++
mastodon/locals.tf | 22 ++++++++++++++++++++++
mastodon/vars.tf | 15 +++++++++++++++
4 files changed, 57 insertions(+), 2 deletions(-)
@@ -94,6 +94,11 @@
module "mastodon" {
source = "./mastodon"
db-password = data.pass_password.mastodon-db-password.password
secret-key-base = data.pass_password.mastodon-secret-key-base.password
otp-secret = data.pass_password.mastodon-otp-secret.password
vapid-private-key = data.pass_password.mastodon-vapid-private-key.password
vapid-public-key = data.pass_password.mastodon-vapid-public-key.password
smtp-password = data.pass_password.mastodon-smtp-password.password
}
@@ -176,8 +176,21 @@
path = "Nebula/navidrome-spotify-secret"
}
data "pass_password" "mastodon-db-password" {
path = "Nebula/MASTODON_DB_PASSWORD"
}
data "pass_password" "mastodon-secret-key-base" {
path = "Nebula/MASTODON_SECRET_KEY_BASE"
}
data "pass_password" "mastodon-otp-secret" {
path = "Nebula/MASTODON_OTP_SECRET"
}
data "pass_password" "mastodon-vapid-private-key" {
path = "Nebula/MASTODON_VAPID_PRIVATE_KEY"
}
data "pass_password" "mastodon-vapid-public-key" {
path = "Nebula/MASTODON_VAPID_PUBLIC_KEY"
}
data "pass_password" "mastodon-smtp-password" {
path = "Nebula/MASTODON_SMTP_PASSWORD"
}
@@ -1,0 +1,22 @@
locals {
env = [
"LOCAL_DOMAIN=tatooine.club",
"REDIS_HOST=mastodon-redis",
"REDIS_PORT=6379",
"DB_HOST=postgres",
"DB_USER=mastodon",
"DB_NAME=mastodon",
"DB_PASS=${var.db-password}",
"DB_PORT=5432",
"ES_ENABLED=false",
"SECRET_KEY_BASE=${var.secret-key-base}",
"OTP_SECRET=${var.otp-secret}",
"VAPID_PRIVATE_KEY=${var.vapid-private-key}",
"VAPID_PUBLIC_KEY=${var.vapid-public-key}",
"SMTP_SERVER=smtp.eu.mailgun.org",
"SMTP_PORT=587",
"SMTP_LOGIN=mastodon@mail.tatooine.club",
"SMTP_PASSWORD=${var.smtp-password}",
"SMTP_FROM_ADDRESS=mastodon@mail.tatooine.club",
]
}
@@ -1,3 +1,18 @@
variable "db-password" {
type = string
}
variable "secret-key-base" {
type = string
}
variable "otp-secret" {
type = string
}
variable "vapid-private-key" {
type = string
}
variable "vapid-public-key" {
type = string
}
variable "smtp-password" {
type = string
}