commit be5d00249152f5bce4bed3fb93bcabde44790c60 Author: Carl Kittelberger Date: Wed Aug 9 22:02:45 2023 +0200 Initial commit. diff --git a/.env b/.env new file mode 100644 index 0000000..f0c24d1 --- /dev/null +++ b/.env @@ -0,0 +1,5 @@ +ONETIMESECRET_HOST="localhost:7143" +ONETIMESECRET_SSL="false" +ONETIMESECRET_SECRET="testtest" +ONETIMESECRET_REDIS_URL="redis://redis:6379/0?timeout=10&thread_safe=false&logging=false" +ONETIMESECRET_COLONEL="admin@example.com" diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..9514e04 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3.8' + +services: + app: + build: + context: https://github.com/onetimesecret/onetimesecret.git + depends_on: + - redis + env_file: + - .env + volumes: + - ./etc/config:/app/etc/config:ro + entrypoint: ["./bin/entrypoint.sh"] + tty: true + command: ["bundle", "exec", "thin", "-R", "config.ru", "-a", "0.0.0.0", "-p", "7143", "start"] + logging: + driver: "json-file" + options: + max-size: "60m" + max-file: "3" + ports: + - 7143:7143 + + redis: + image: redis:7.0-alpine + ports: + - 6379:6379 + volumes: + - redis-data:/data + - ./etc/redis.conf:/usr/local/etc/redis/redis.conf + +volumes: + redis-data: diff --git a/etc/config b/etc/config new file mode 100644 index 0000000..b2a22f5 --- /dev/null +++ b/etc/config @@ -0,0 +1,88 @@ +:site: + :host: <%= ENV['ONETIMESECRET_HOST'] || 'localhost:7143' %> + :domain: localhost + :ssl: <%= ENV['ONETIMESECRET_SSL'] == 'true' %> + # NOTE Once the secret is set, do not change it (keep a backup offsite) + :secret: <%= ENV['ONETIMESECRET_SECRET'] || 'CHANGEME' %> +:redis: + :uri: <%= ENV['ONETIMESECRET_REDIS_URL'] || 'redis://CHANGEME@127.0.0.1:6379/0?timeout=10&thread_safe=false&logging=false' %> + :config: /etc/onetime/redis.conf +:colonels: + # Accounts created with the following email addresses + # are automatically considered admins of the system. + - <%= ENV['ONETIMESECRET_COLONEL'] || 'CHANGEME@EXAMPLE.com' %> +:emailer: + :mode: :sendgrid + :account: CHANGEME + :password: CHANGEME + :from: CHANGEME@example.com + :fromname: CHANGEME + :bcc: +# Use the following email config to enable SMTP +# support and remove the :emailer config above. +#:emailer: +# :mode: :smtp +# :from: CHANGEME@example.com +# :host: localhost +# :port: 587 +# :tls: false +# :user: +# :pass: +# :auth: +:incoming: + # Intended for use by IT support teams who need someone to send them + # sensitive info. The email address is where the secret + # link is sent. Passphrase is used to protect the secret. + # The regex used to ensure the ticket number is valid. + # See: https://onetimesecret.com/incoming + :enabled: false + :email: example@onetimesecret.com + :passphrase: CHANGEME + :regex: \A[a-zA-Z0-9]{6}\z +:locales: + - en + - ar + - bg + - ca_ES + - cn + - cs + - da_DK + - de + - el_GR + - en + - es + - fr + - fr_FR + - he + - hu + - it_IT + - nl + - pl + - pt_BR + - ru + - sl_SI + - sv_SE + - tr + - vi +:unsupported_locales: + - jp +:stathat: + :enabled: false + :apikey: CHANGEME + :default_chart: CHANGEME +:text: + :nonpaid_recipient_text: 'You need to create an account!' + :paid_recipient_text: 'Send the secret link via email' +:limits: + :create_secret: 250 + :create_account: 10 + :update_account: 10 + :email_recipient: 50 + :send_feedback: 10 + :authenticate_session: 5 + :homepage: 500 + :dashboard: 1000 + :failed_passphrase: 5 + :show_metadata: 1000 + :show_secret: 1000 + :burn_secret: 1000 diff --git a/etc/redis.conf b/etc/redis.conf new file mode 100644 index 0000000..e69de29 diff --git a/redis.conf b/redis.conf new file mode 100644 index 0000000..863fed5 --- /dev/null +++ b/redis.conf @@ -0,0 +1,33 @@ +# One-Time Secret Redis Config +# 2014-12-03 + +dbfilename onetime.rdb +appendfilename onetime.aof + +#requirepass CHANGEME + +bind 127.0.0.1 +port 6379 +databases 16 + +timeout 30 +daemonize yes +loglevel notice + +# FOR LIGHT TRAFFIC: +save 300 10 +#save 120 100 +#save 60 1000 + +# NOTE: we need something here to force redis to save +# when it receives a SHUTDOWN command. 157680000 is 5 yrs. +# REMOVE IT ONLY IF YOU PLAN TO ALWAYS MOVE +# AN RDB FILE INTO PLACE EVERY RESTART! +#save 157680000 1 + +rdbcompression yes + +appendonly yes + +# appendfsync is one of always, everysec, no +appendfsync everysec