From 65fac6b4303a2bfb8f4adb2c1276887196869b34 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 13 Nov 2023 13:13:39 +0200
Subject: [PATCH] Do not auto-generate freshrss_database_password

Related to https://github.com/mother-of-all-self-hosting/mash-playbook/issues/116
---
 docs/services/freshrss.md | 10 +++++++---
 group_vars/mash_servers   |  4 +++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/services/freshrss.md b/docs/services/freshrss.md
index b312205..8c4f92f 100644
--- a/docs/services/freshrss.md
+++ b/docs/services/freshrss.md
@@ -6,8 +6,8 @@
 
 This service requires the following other services:
 
--   a [Traefik](traefik.md) reverse-proxy server
--   an optional [Postgres](postgres.md) database, but FreshRSS will default to [SQLite](https://www.sqlite.org/) if you don't have Postgres enabled.
+-  a [Traefik](traefik.md) reverse-proxy server
+-  an optional [Postgres](postgres.md) database, but FreshRSS will default to [SQLite](https://www.sqlite.org/) if you don't have Postgres enabled.
 
 ## Configuration
 
@@ -25,6 +25,10 @@ freshrss_enabled: true
 freshrss_hostname: mash.example.com
 freshrss_path_prefix: /freshrss
 
+# Put a strong password below, generated with `pwgen -s 64 1` or in another way.
+# You will need to use this password in the setup wizard after installation.
+freshrss_database_password: ''
+
 ########################################################################
 #                                                                      #
 # /freshrss                                                            #
@@ -34,6 +38,6 @@ freshrss_path_prefix: /freshrss
 
 ## Usage
 
-After installation, visit the configured path and complete the setup through the wizard.
+After installation, visit the configured path and complete the setup through the wizard. To do this you will need the database password from your `vars.yml` file (in the `freshrss_database_password` variable).
 
 Feel free to follow FreshRSS [official documentation](http://freshrss.github.io/FreshRSS/en/).
diff --git a/group_vars/mash_servers b/group_vars/mash_servers
index 5a714e0..2a03680 100644
--- a/group_vars/mash_servers
+++ b/group_vars/mash_servers
@@ -1173,7 +1173,9 @@ freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_pr
 freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
 freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
-freshrss_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'freshrss.db', rounds=655555) | to_uuid }}"
+
+# Intentionally not auto-generating freshrss_database_password.
+# It's meant to be explicitly defined, so that it can be used in the setup wizard after installation.
 
 ########################################################################
 #                                                                      #