From 756aa14e7f700f8a04390857b764df8bffa4582d Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Sun, 10 Nov 2019 15:57:12 +0100
Subject: [PATCH] Store auth secrets in persistent volume (fixes #1)

---
 ansible.yml       |  7 +++++--
 templates/main.py | 25 +++++++++++++------------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/ansible.yml b/ansible.yml
index a930ecd..c389a56 100644
--- a/ansible.yml
+++ b/ansible.yml
@@ -36,7 +36,10 @@
     file: path=/tmp/communistquotes state=absent
 
   - name: create config folder
-    file: path=/etc/communistquotes state=directory mode=700
+    file: path={{ item.path }} state=directory mode=700
+    with_items:
+      - { path: '/etc/communistquotes/' }
+      - { path: '/etc/communistquotes/secrets/' }
 
   - name:  add env file
     copy: src=env dest=/etc/communistquotes/env mode=600
@@ -46,4 +49,4 @@
       name: "communist-quotes"
       hour: "*/3"
       minute: "0"
-      job: "perl -le 'sleep rand 10800' && docker run --rm --name communistquotes --env-file /etc/communistquotes/env communistquotes >> /var/log/communistquotes.log 2>&1"
+      job: "perl -le 'sleep rand 10800' && docker run --rm --name communistquotes -v /etc/communistquotes/secrets/:/etc/communistquotes/secrets/ --env-file /etc/communistquotes/env communistquotes >> /var/log/communistquotes.log 2>&1"
diff --git a/templates/main.py b/templates/main.py
index a4a1b8d..5eab71c 100644
--- a/templates/main.py
+++ b/templates/main.py
@@ -7,6 +7,8 @@ import random
 import os
 import argparse
 
+secrets_path = '/etc/communistquotes/secrets/'
+
 parser = argparse.ArgumentParser(description='Parse quotes from .csv files, and post a random quote to Mastodon API')
 parser.add_argument('--debug', action='store_true', help='Dont actually login or post to the remote API')
 args = parser.parse_args()
@@ -19,27 +21,26 @@ if not args.debug:
     username = os.environ['MASTODON_USERNAME']
 
     # Create application if it does not exist
-    # TODO: store this file in volume
-    if not os.path.isfile(instance+'.secret'):
+    if not os.path.isfile(secrets_path + instance + '.secret'):
         if Mastodon.create_app(
             'tootbot',
-            api_base_url='https://'+instance,
-            to_file = instance+'.secret'
+            api_base_url = 'https://' + instance,
+            to_file = secrets_path + instance + '.secret'
         ):
-            print('tootbot app created on instance '+instance)
+            print('tootbot app created on instance ' + instance)
         else:
-            print('failed to create app on instance '+instance)
+            print('failed to create app on instance ' + instance)
             exit(1)
 
     mastodon_api = Mastodon(
-        client_id=instance+'.secret',
-        api_base_url='https://'+instance
+        client_id    = secrets_path + instance + '.secret',
+        api_base_url = 'https://' + instance
     )
     mastodon_api.log_in(
-        username=username,
-        password=os.environ['MASTODON_PASSWORD'],
-        scopes=['read', 'write'],
-        to_file=username+".secret"
+        username = username,
+        password = os.environ['MASTODON_PASSWORD'],
+        scopes   = ['read', 'write'],
+        to_file  = secrets_path + username + ".secret"
     )
 
 quotes = []