/
app-staging.yml
87 lines (75 loc) · 2.22 KB
/
app-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
---
# Testinfra vars file for app-staigng.
wanted_apache_headers:
X-XSS-Protection: "1; mode=block"
X-Content-Type-Options: nosniff
X-Download-Options: noopen
Content-Security-Policy: "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self';"
securedrop_venv: /opt/venvs/securedrop-app-code
securedrop_venv_bin: /opt/venvs/securedrop-app-code/bin
securedrop_venv_site_packages: /opt/venvs/securedrop-app-code/lib/python{}/site-packages
securedrop_code: /var/www/securedrop
securedrop_data: /var/lib/securedrop
securedrop_user: www-data
app_hostname: app-staging
monitor_hostname: mon-staging
apache_listening_address: 127.0.0.1
apache_source_log: /var/log/apache2/source-error.log
apache_allow_from: 127.0.0.1
dns_server:
- 8.8.8.8
- 8.8.4.4
mon_ip: 10.0.1.3
app_ip: 10.0.1.2
pip_deps:
- name: 'Flask'
version: '1.0.2'
apparmor_complain: []
apparmor_enforce:
focal:
- "sbin/dhclient"
- "/usr/lib/NetworkManager/nm-dhcp-client.action"
- "/usr/lib/connman/scripts/dhclient-script"
- "/usr/sbin/tcpdump"
- "system_tor"
- "/usr/sbin/apache2"
- "/usr/sbin/apache2//DEFAULT_URI"
- "/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT"
- "/usr/sbin/tor"
xenial:
- "sbin/dhclient"
- "/usr/lib/NetworkManager/nm-dhcp-client.action"
- "/usr/lib/connman/scripts/dhclient-script"
- "/usr/sbin/ntpd"
- "/usr/sbin/tcpdump"
- "system_tor"
- "/usr/sbin/apache2"
- "/usr/sbin/apache2//DEFAULT_URI"
- "/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT"
- "/usr/sbin/tor"
app_directories:
- /var/www/securedrop
- /var/lib/securedrop
- /var/lib/securedrop/store
- /var/lib/securedrop/keys
- /var/lib/securedrop/tmp
tor_services:
- name: journalistv3
ports:
- "80"
authenticated: yes
version: 3
- name: sourcev3
ports:
- "80"
authenticated: no
version: 3
# Staging permits presence of "source-error.log".
allowed_apache_logfiles:
- /var/log/apache2/access.log
- /var/log/apache2/error.log
- /var/log/apache2/journalist-access.log
- /var/log/apache2/journalist-error.log
- /var/log/apache2/other_vhosts_access.log
- /var/log/apache2/source-error.log
fpf_apt_repo_url: "https://apt-test.freedom.press"