Fix secrets & network definition

3 years ago · 971ec1e987
parent e13ac3937a
commit 971ec1e987
4 changed files with 17 additions and 5 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,5 @@
+export PASSWORD_STORE_DIR=$(pwd)/../../Infrastructure/infrastructure/credentials/password-store
+
+export DB_ROOT_PASSWD_VERSION=v1
+export DOMAIN=nextcloud.swarm.autonomic.zone
+export STACK_NAME=nextcloud
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/.envrc
--- a/compose.yml
+++ b/compose.yml
@ -6,12 +6,13 @@ services:
    depends_on:
      - maindb
    secrets:
-      - mysql_root_password
+      - db_root_password
    environment:
      - MYSQL_HOST=maindb:3306
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=root
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - DOMAIN=${DOMAIN}
    volumes:
      - /mnt/nextcloud:/var/www/html:cached
      - /mnt/nextapps:/var/www/html/custom_apps:cached
@ -39,8 +40,9 @@ services:
        - "traefik.http.routers.invoiceninja.tls.certresolver=${LETS_ENCRYPT_ENV}"

 secrets:
-  mysql_root_password:    
+  db_root_password:    
    external: true 
+    name: ${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}

 volumes:
  nextcloud:
@ -51,5 +53,4 @@ volumes:
 networks:
  proxy:
    external: true
-  private:
-    external: true
+  internal:
--- a/helpers.sh
+++ b/helpers.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+create-secrets () {
+  pwgen -n 32 1  | docker secret create "${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}" -
+}