From: Tom Hughes Date: Mon, 13 Nov 2023 18:57:13 +0000 (+0000) Subject: Set SECRET_KEY_BASE when delivering messages from email X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/9224925dad40dabb3cc09cdaf0c5c30ee3bfc818 Set SECRET_KEY_BASE when delivering messages from email --- diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb index 63dabd9c0..f27b029c9 100644 --- a/cookbooks/web/recipes/frontend.rb +++ b/cookbooks/web/recipes/frontend.rb @@ -98,3 +98,11 @@ else subscribes :restart, "systemd_service[rails-jobs@]" end end + +template "/usr/local/bin/deliver-message" do + source "deliver-message.erb" + owner "rails" + group "rails" + mode "0700" + variables :secret_key_base => web_passwords["secret_key_base"] +end diff --git a/cookbooks/web/templates/default/deliver-message.erb b/cookbooks/web/templates/default/deliver-message.erb new file mode 100644 index 000000000..76538183b --- /dev/null +++ b/cookbooks/web/templates/default/deliver-message.erb @@ -0,0 +1,6 @@ +#!/bin/sh + +export RAILS_ENV="production" +export SECRET_KEY_BASE="<%= @secret_key_base %>" + +exec /usr/local/bin/passenger-ruby /srv/www.openstreetmap.org/rails/script/deliver-message "$@" diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb index 264f2a4d2..985811f59 100644 --- a/roles/web-frontend.rb +++ b/roles/web-frontend.rb @@ -33,14 +33,11 @@ default_attributes( :messages => { :comment => "messages.openstreetmap.org", :domains => ["messages.openstreetmap.org"], - :command => "/usr/local/bin/passenger-ruby /srv/www.openstreetmap.org/rails/script/deliver-message $local_part", + :command => "/usr/local/bin/deliver-message $local_part", :user => "rails", :group => "rails", :home_directory => "/srv/www.openstreetmap.org/rails", - :path => "/bin:/usr/bin:/usr/local/bin", - :environment => { - "RAILS_ENV" => "production" - } + :path => "/bin:/usr/bin:/usr/local/bin" } } }