Initial commit.

.env

@@ -0,0 +1,5 @@
+ONETIMESECRET_HOST="localhost:7143"
+ONETIMESECRET_SSL="false"
+ONETIMESECRET_SECRET="testtest"
+ONETIMESECRET_REDIS_URL="redis://redis:6379/0?timeout=10&thread_safe=false&logging=false"
+ONETIMESECRET_COLONEL="admin@example.com"

docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3.8'
+
+services:
+  app:
+    build:
+      context: https://github.com/onetimesecret/onetimesecret.git
+    depends_on:
+      - redis
+    env_file:
+      - .env
+    volumes:
+      - ./etc/config:/app/etc/config:ro
+    entrypoint: ["./bin/entrypoint.sh"]
+    tty: true
+    command: ["bundle", "exec", "thin", "-R", "config.ru", "-a", "0.0.0.0", "-p", "7143", "start"]
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "60m"
+        max-file: "3"
+    ports:
+      - 7143:7143
+
+  redis:
+    image: redis:7.0-alpine
+    ports:
+      - 6379:6379
+    volumes:
+      - redis-data:/data
+      - ./etc/redis.conf:/usr/local/etc/redis/redis.conf
+
+volumes:
+  redis-data:

etc/config

@@ -0,0 +1,88 @@
+:site:
+  :host: <%= ENV['ONETIMESECRET_HOST'] || 'localhost:7143' %>
+  :domain: localhost
+  :ssl: <%= ENV['ONETIMESECRET_SSL'] == 'true' %>
+  # NOTE Once the secret is set, do not change it (keep a backup offsite)
+  :secret: <%= ENV['ONETIMESECRET_SECRET'] || 'CHANGEME' %>
+:redis:
+  :uri: <%= ENV['ONETIMESECRET_REDIS_URL'] || 'redis://CHANGEME@127.0.0.1:6379/0?timeout=10&thread_safe=false&logging=false' %>
+  :config: /etc/onetime/redis.conf
+:colonels:
+  # Accounts created with the following email addresses
+  # are automatically considered admins of the system.
+  - <%= ENV['ONETIMESECRET_COLONEL'] || 'CHANGEME@EXAMPLE.com' %>
+:emailer:
+  :mode: :sendgrid
+  :account: CHANGEME
+  :password: CHANGEME
+  :from: CHANGEME@example.com
+  :fromname: CHANGEME
+  :bcc:
+# Use the following email config to enable SMTP
+# support and remove the :emailer config above.
+#:emailer:
+#   :mode: :smtp
+#   :from: CHANGEME@example.com
+#   :host: localhost
+#   :port: 587
+#   :tls: false
+#   :user:
+#   :pass:
+#   :auth:
+:incoming:
+  # Intended for use by IT support teams who need someone to send them
+  # sensitive info. The email address is where the secret
+  # link is sent. Passphrase is used to protect the secret.
+  # The regex used to ensure the ticket number is valid.
+  # See: https://onetimesecret.com/incoming
+  :enabled: false
+  :email: example@onetimesecret.com
+  :passphrase: CHANGEME
+  :regex: \A[a-zA-Z0-9]{6}\z
+:locales:
+  - en
+  - ar
+  - bg
+  - ca_ES
+  - cn
+  - cs
+  - da_DK
+  - de
+  - el_GR
+  - en
+  - es
+  - fr
+  - fr_FR
+  - he
+  - hu
+  - it_IT
+  - nl
+  - pl
+  - pt_BR
+  - ru
+  - sl_SI
+  - sv_SE
+  - tr
+  - vi
+:unsupported_locales:
+  - jp
+:stathat:
+  :enabled: false
+  :apikey: CHANGEME
+  :default_chart: CHANGEME
+:text:
+  :nonpaid_recipient_text: 'You need to create an account!'
+  :paid_recipient_text: 'Send the secret link via email'
+:limits:
+  :create_secret: 250
+  :create_account: 10
+  :update_account: 10
+  :email_recipient: 50
+  :send_feedback: 10
+  :authenticate_session: 5
+  :homepage: 500
+  :dashboard: 1000
+  :failed_passphrase: 5
+  :show_metadata: 1000
+  :show_secret: 1000
+  :burn_secret: 1000

redis.conf

@@ -0,0 +1,33 @@
+# One-Time Secret Redis Config
+# 2014-12-03
+
+dbfilename onetime.rdb
+appendfilename onetime.aof
+
+#requirepass CHANGEME
+
+bind 127.0.0.1
+port 6379
+databases 16
+
+timeout 30
+daemonize yes
+loglevel notice
+
+# FOR LIGHT TRAFFIC:
+save 300 10
+#save 120 100
+#save 60 1000
+
+# NOTE: we need something here to force redis to save
+# when it receives a SHUTDOWN command. 157680000 is 5 yrs.
+# REMOVE IT ONLY IF YOU PLAN TO ALWAYS MOVE
+# AN RDB FILE INTO PLACE EVERY RESTART!
+#save 157680000 1
+
+rdbcompression yes
+
+appendonly yes
+
+# appendfsync is one of always, everysec, no
+appendfsync everysec