Do not auto-generate freshrss_database_password

Related to #116
mother-of-all-self-hosting · Nov 13, 2023 · 65fac6b · 65fac6b
1 parent e5eb8cc
commit 65fac6b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/docs/services/freshrss.md b/docs/services/freshrss.md
@@ -6,8 +6,8 @@
 
 This service requires the following other services:
 
--   a [Traefik](traefik.md) reverse-proxy server
--   an optional [Postgres](postgres.md) database, but FreshRSS will default to [SQLite](https://www.sqlite.org/) if you don't have Postgres enabled.
+-  a [Traefik](traefik.md) reverse-proxy server
+-  an optional [Postgres](postgres.md) database, but FreshRSS will default to [SQLite](https://www.sqlite.org/) if you don't have Postgres enabled.
 
 ## Configuration
 
@@ -25,6 +25,10 @@ freshrss_enabled: true
 freshrss_hostname: mash.example.com
 freshrss_path_prefix: /freshrss
 
+# Put a strong password below, generated with `pwgen -s 64 1` or in another way.
+# You will need to use this password in the setup wizard after installation.
+freshrss_database_password: ''
+
 ########################################################################
 #                                                                      #
 # /freshrss                                                            #
@@ -34,6 +38,6 @@ freshrss_path_prefix: /freshrss
 
 ## Usage
 
-After installation, visit the configured path and complete the setup through the wizard.
+After installation, visit the configured path and complete the setup through the wizard. To do this you will need the database password from your `vars.yml` file (in the `freshrss_database_password` variable).
 
 Feel free to follow FreshRSS [official documentation](http://freshrss.github.io/FreshRSS/en/).
diff --git a/group_vars/mash_servers b/group_vars/mash_servers
@@ -1173,7 +1173,9 @@ freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_pr
 freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
 freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
-freshrss_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'freshrss.db', rounds=655555) | to_uuid }}"
+
+# Intentionally not auto-generating freshrss_database_password.
+# It's meant to be explicitly defined, so that it can be used in the setup wizard after installation.
 
 ########################################################################
 #                                                                      #