Store auth secrets in persistent volume (fixes #1)

This commit is contained in:
Felix Ableitner 2019-11-10 15:57:12 +01:00
parent ad58ad9eaf
commit 756aa14e7f
2 changed files with 18 additions and 14 deletions

View file

@ -36,7 +36,10 @@
file: path=/tmp/communistquotes state=absent
- name: create config folder
file: path=/etc/communistquotes state=directory mode=700
file: path={{ item.path }} state=directory mode=700
with_items:
- { path: '/etc/communistquotes/' }
- { path: '/etc/communistquotes/secrets/' }
- name: add env file
copy: src=env dest=/etc/communistquotes/env mode=600
@ -46,4 +49,4 @@
name: "communist-quotes"
hour: "*/3"
minute: "0"
job: "perl -le 'sleep rand 10800' && docker run --rm --name communistquotes --env-file /etc/communistquotes/env communistquotes >> /var/log/communistquotes.log 2>&1"
job: "perl -le 'sleep rand 10800' && docker run --rm --name communistquotes -v /etc/communistquotes/secrets/:/etc/communistquotes/secrets/ --env-file /etc/communistquotes/env communistquotes >> /var/log/communistquotes.log 2>&1"

View file

@ -7,6 +7,8 @@ import random
import os
import argparse
secrets_path = '/etc/communistquotes/secrets/'
parser = argparse.ArgumentParser(description='Parse quotes from .csv files, and post a random quote to Mastodon API')
parser.add_argument('--debug', action='store_true', help='Dont actually login or post to the remote API')
args = parser.parse_args()
@ -19,12 +21,11 @@ if not args.debug:
username = os.environ['MASTODON_USERNAME']
# Create application if it does not exist
# TODO: store this file in volume
if not os.path.isfile(instance+'.secret'):
if not os.path.isfile(secrets_path + instance + '.secret'):
if Mastodon.create_app(
'tootbot',
api_base_url = 'https://' + instance,
to_file = instance+'.secret'
to_file = secrets_path + instance + '.secret'
):
print('tootbot app created on instance ' + instance)
else:
@ -32,14 +33,14 @@ if not args.debug:
exit(1)
mastodon_api = Mastodon(
client_id=instance+'.secret',
client_id = secrets_path + instance + '.secret',
api_base_url = 'https://' + instance
)
mastodon_api.log_in(
username = username,
password = os.environ['MASTODON_PASSWORD'],
scopes = ['read', 'write'],
to_file=username+".secret"
to_file = secrets_path + username + ".secret"
)
quotes = []