Merge pull request 'Add S3 configuration' (#14) from add/s3 into main

Reviewed-on: #14
2023-07-19 19:14:59 +00:00 · 2023-07-19 19:14:59 +00:00 · 86bef2441d
parent 284984d49c 2e446c4467
commit 86bef2441d
5 changed files with 54 additions and 5 deletions
--- a/.env.sample
+++ b/.env.sample
@ -61,7 +61,7 @@ REDIS_PORT=6379

 # ElasticSearch
 # --------------------------------------
-ES_ENABLED=true
+#COMPOSE_FILE="$COMPOSE_FILE:compose.elasticsearch.yml"
 ES_HOST=es
 ES_PORT=9200

@ -77,6 +77,7 @@ SECRET_OTP_SECRET_VERSION=v1
 SECRET_VAPID_PRIVATE_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SMTP_PASSWORD_VERSION=v1
+SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1

 # Web Push
 # ========
@ -118,7 +119,7 @@ DEFAULT_LOCALE=en

 # S3 and AWS
 # ----------
-# S3_ENABLED=
+#COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
--- a/compose.elasticsearch.yml
+++ b/compose.elasticsearch.yml
@ -0,0 +1,15 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &es-env
+      - ES_ENABLED=true
+      - ES_HOST
+      - ES_PORT
+
+  streaming:
+    environment: *es-env
+
+  sidekiq:
+    environment: *es-env
--- a/compose.s3.yml
+++ b/compose.s3.yml
@ -0,0 +1,33 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &s3-env
+      - S3_ENABLED=true
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
+      - S3_BUCKET
+      - S3_REGION
+      - S3_PROTOCOL
+      - S3_HOSTNAME
+      - S3_ENDPOINT
+      - S3_SIGNATURE_VERSION
+      - S3_OVERRIDE_PATH_STYLE
+      - S3_OPEN_TIMEOUT
+      - S3_READ_TIMEOUT
+    secrets: &s3-secrets
+      - aws_secret_access_key
+
+  streaming:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+  sidekiq:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+secrets:
+  aws_secret_access_key:
+    name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
+    external: true
--- a/compose.yml
+++ b/compose.yml
@ -48,9 +48,6 @@ services:
      - DEFAULT_LOCALE
      - EMAIL_DOMAIN_ALLOWLIST
      - EMAIL_DOMAIN_DENYLIST
-      - ES_ENABLED
-      - ES_HOST
-      - ES_PORT
      - LDAP_BASE
      - LDAP_BIND_DN
      - LDAP_ENABLED
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -28,6 +28,9 @@ export DB_PASS=$(cat /run/secrets/db_password)
 # for sidekiq service bundle exec env var threading
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
+file_env "SMTP_PASSWORD"
+file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"

 {{ if eq (env "OIDC_ENABLED") "true" }}
 file_env "OIDC_CLIENT_SECRET"