Dustin C. Hatch
a269f8a1ae
Since the new database server outside the Kubernetes cluster, created for Authelia, was seeded from a backup of the in-cluster server, it already contained the data from Firefly-III as well. Thus, we can switch Firefly-III to using it, too. The documentation for Firefly-III does not mention anything about how to configure it to use certificate-based authentication for PostgreSQL, as is required by the new server. Fortunately, it ultimately uses _libpq_, so the standard `PG...` environment variables work fine. We just need a certificate issued by the _postgresql-ca_ ClusterIssuer and the _DCH Root CA_ certificate mounted in the Firefly-III container.
35 lines
710 B
Bash
35 lines
710 B
Bash
APP_ENV=local
|
|
|
|
SITE_OWNER=dustin@hatch.name
|
|
|
|
TZ=America/Chicago
|
|
|
|
TRUSTED_PROXIES=172.30.0.160/28
|
|
|
|
DB_CONNECTION=pgsql
|
|
DB_HOST=postgresql.pyrocufflink.blue
|
|
DB_PORT=5432
|
|
DB_USERNAME=firefly
|
|
DB_DATABASE=firefly
|
|
PGSSLROOTCERT=/run/dch-ca/dch-root-ca.crt
|
|
PGSSLCERT=/run/secrets/firefly/postgresql/tls.crt
|
|
PGSSLKEY=/run/secrets/firefly/postgresql/tls.key
|
|
|
|
CACHE_DRIVER=redis
|
|
SESSION_DRIVER=redis
|
|
|
|
REDIS_SCHEME=tcp
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
|
|
AUTHENTICATION_GUARD=remote_user_guard
|
|
AUTHENTICATION_GUARD_HEADER=Remote-User
|
|
AUTHENTICATION_GUARD_EMAIL=Remote-Email
|
|
|
|
MAIL_MAILER=smtp
|
|
MAIL_HOST=mail.pyrocufflink.blue
|
|
MAIL_PORT=25
|
|
MAIL_ENCRYPTION=null
|
|
MAIL_FROM=firefly-iii@pyrocufflink.net
|
|
SEND_ERROR_MESSAGE=false
|