knoflook/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Get the secret/entrypoint/config thing wired up

Browse Source
This commit is contained in:
decentral1se 2021-05-28 11:49:12 +02:00
parent 04855dc494
commit 92a94e93c6
Signed by untrusted user who does not match committer: decentral1se
GPG Key ID: 92DAD76BD9567B8A
3 changed files with 53 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
abra.sh
View File

@ -1,4 +1,5 @@
# shellcheck disable=SC2148 # shellcheck disable=SC2148
export ENTRYPOINT_CONF_VERSION=v1
#MASTO_APP_DIR="mastodon/public" #MASTO_APP_DIR="mastodon/public"
sub_rake() { sub_rake() {

25
compose.yml
View File

@ -76,6 +76,11 @@ services:
# - "traefik.http.routers.${STACK_NAME}_hack.entrypoints=websecure" # - "traefik.http.routers.${STACK_NAME}_hack.entrypoints=websecure"
# - "traefik.http.routers.${STACK_NAME}_hack.middlewares=mastodon-webfinger@docker" # - "traefik.http.routers.${STACK_NAME}_hack.middlewares=mastodon-webfinger@docker"
configs: &configs
- source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: &entrypoint /usr/local/bin/entrypoint.sh
volumes: &appVolume volumes: &appVolume
- app:/mastodon - app:/mastodon
secrets: &secrets secrets: &secrets
@ -88,7 +93,7 @@ services:
- DB_HOST - DB_HOST
- DB_USER - DB_USER
- DB_NAME - DB_NAME
- DB_PASS - DB_PASS_FILE=/run/secrets/db_password
- DB_PORT - DB_PORT
- REDIS_HOST - REDIS_HOST
- REDIS_PORT - REDIS_PORT
@ -104,10 +109,10 @@ services:
- ES_PREFIX - ES_PREFIX
- STATSD_ADDR - STATSD_ADDR
- STATSD_NAMESPACE - STATSD_NAMESPACE
- VAPID_PRIVATE_KEY - VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
- VAPID_PUBLIC_KEY - VAPID_PUBLIC_KEY
- OTP_SECRET - OTP_SECRET_FILE=/run/secrets/otp_secret
- SECRET_KEY_BASE - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
- LOCAL_DOMAIN - LOCAL_DOMAIN
- WEB_DOMAIN - WEB_DOMAIN
- ALTERNATE_DOMAINS - ALTERNATE_DOMAINS
@ -124,7 +129,7 @@ services:
- SMTP_SERVER - SMTP_SERVER
- SMTP_PORT - SMTP_PORT
- SMTP_LOGIN - SMTP_LOGIN
- SMTP_PASSWORD - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- SMTP_FROM_ADDRESS - SMTP_FROM_ADDRESS
- SMTP_DOMAIN - SMTP_DOMAIN
- SMTP_DELIVERY_METHOD - SMTP_DELIVERY_METHOD
@ -174,6 +179,8 @@ services:
streaming: streaming:
image: *image image: *image
command: node ./streaming command: node ./streaming
configs: *configs
entrypoint: *entrypoint
secrets: *secrets secrets: *secrets
networks: *bothNetworks networks: *bothNetworks
healthcheck: healthcheck:
@ -205,6 +212,8 @@ services:
image: *image image: *image
secrets: *secrets secrets: *secrets
command: bundle exec sidekiq command: bundle exec sidekiq
configs: *configs
entrypoint: *entrypoint
deploy: deploy:
update_config: update_config:
failure_action: rollback failure_action: rollback
@ -241,3 +250,9 @@ networks:
external: true external: true
internal_network: internal_network:
internal: true internal: true
configs:
entrypoint_sh:
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang

32
entrypoint.sh.tmpl Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "DB_PASS"
file_env "OTP_SECRET"
file_env "SECRET_KEY_BASE"
file_env "SMTP_PASSWORD"
file_env "VAPID_PRIVATE_KEY"
/usr/bin/tini -- "$@"