working on secrets
This commit is contained in:
notplants
@ -10,9 +10,9 @@ LETS_ENCRYPT_ENV=production
|
|||||||
##############################################################################
|
##############################################################################
|
||||||
# SECRETS
|
# SECRETS
|
||||||
##############################################################################
|
##############################################################################
|
||||||
SECRET_DJANGO_SECRET_KEY=v1
|
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||||
SECRET_OIDC_RP_CLIENT_SECRET=v1
|
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
|
||||||
SECRET_DJANGO_SUPERUSER_PASSWORD=v1
|
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# BASIC SETTINGS
|
# BASIC SETTINGS
|
||||||
|
|||||||
1
abra.sh
1
abra.sh
@ -2,6 +2,7 @@
|
|||||||
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
||||||
export NGINX_CONF_VERSION=v2
|
export NGINX_CONF_VERSION=v2
|
||||||
export PG_BACKUP_VERSION=v3
|
export PG_BACKUP_VERSION=v3
|
||||||
|
export ENTRYPOINT_VERSION=v1
|
||||||
|
|
||||||
# environment() {
|
# environment() {
|
||||||
# # TODO: Add file_env here
|
# # TODO: Add file_env here
|
||||||
|
|||||||
30
compose.yml
30
compose.yml
@ -5,9 +5,9 @@
|
|||||||
x-common-env: &common-env
|
x-common-env: &common-env
|
||||||
DJANGO_CONFIGURATION: Production
|
DJANGO_CONFIGURATION: Production
|
||||||
DJANGO_ALLOWED_HOSTS: "*"
|
DJANGO_ALLOWED_HOSTS: "*"
|
||||||
DJANGO_SECRET_KEY:
|
XX_DJANGO_SECRET_KEY:
|
||||||
DJANGO_SETTINGS_MODULE: impress.settings
|
DJANGO_SETTINGS_MODULE: impress.settings
|
||||||
DJANGO_SUPERUSER_PASSWORD:
|
XX_DJANGO_SUPERUSER_PASSWORD:
|
||||||
# Logging
|
# Logging
|
||||||
# Set to DEBUG level for dev only
|
# Set to DEBUG level for dev only
|
||||||
LOGGING_LEVEL_HANDLERS_CONSOLE:
|
LOGGING_LEVEL_HANDLERS_CONSOLE:
|
||||||
@ -38,7 +38,7 @@ x-common-env: &common-env
|
|||||||
OIDC_OP_TOKEN_ENDPOINT:
|
OIDC_OP_TOKEN_ENDPOINT:
|
||||||
OIDC_OP_USER_ENDPOINT:
|
OIDC_OP_USER_ENDPOINT:
|
||||||
OIDC_RP_CLIENT_ID:
|
OIDC_RP_CLIENT_ID:
|
||||||
OIDC_RP_CLIENT_SECRET:
|
XX_OIDC_RP_CLIENT_SECRET:
|
||||||
OIDC_RP_SIGN_ALGO:
|
OIDC_RP_SIGN_ALGO:
|
||||||
OIDC_RP_SCOPES:
|
OIDC_RP_SCOPES:
|
||||||
LOGIN_REDIRECT_URL:
|
LOGIN_REDIRECT_URL:
|
||||||
@ -113,6 +113,11 @@ services:
|
|||||||
timeout: 30s
|
timeout: 30s
|
||||||
retries: 20
|
retries: 20
|
||||||
start_period: 10s
|
start_period: 10s
|
||||||
|
entrypoint: /abra-lasuite-entrypoint.sh
|
||||||
|
configs:
|
||||||
|
- source: abra_lasuite_entrypoint
|
||||||
|
target: /abra-lasuite-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
|
||||||
celery:
|
celery:
|
||||||
image: lasuite/impress-backend:v3.4.2
|
image: lasuite/impress-backend:v3.4.2
|
||||||
@ -121,6 +126,11 @@ services:
|
|||||||
command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
|
command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
|
||||||
environment:
|
environment:
|
||||||
<<: [*common-env, *postgres-env, *yprovider-env]
|
<<: [*common-env, *postgres-env, *yprovider-env]
|
||||||
|
entrypoint: /abra-lasuite-entrypoint.sh
|
||||||
|
configs:
|
||||||
|
- source: abra_lasuite_entrypoint
|
||||||
|
target: /abra-lasuite-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
|
||||||
y-provider:
|
y-provider:
|
||||||
image: lasuite/impress-y-provider:v3.4.2
|
image: lasuite/impress-y-provider:v3.4.2
|
||||||
@ -229,3 +239,17 @@ configs:
|
|||||||
pg_backup:
|
pg_backup:
|
||||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||||
file: pg_backup.sh
|
file: pg_backup.sh
|
||||||
|
abra_lasuite_entrypoint:
|
||||||
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||||
|
file: entrypoint.sh
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
django_secret_key:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION}
|
||||||
|
oidc_rp_client_secret:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
|
||||||
|
django_superuser_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
|
||||||
38
entrypoint.sh
Normal file
38
entrypoint.sh
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
file_env "DJANGO_SECRET_KEY"
|
||||||
|
file_env "OIDC_RP_CLIENT_SECRET"
|
||||||
|
file_env "DJANGO_SUPERUSER_PASSWORD"
|
||||||
|
# file_env "MINIO_ROOT_PASSWORD"
|
||||||
|
# file_env "COLLABORATION_SERVER_SECRET"
|
||||||
|
# file_env "POSTGRES_PASSWORD"
|
||||||
|
# file_env "DB_PASSWORD"
|
||||||
|
# file_env "AWS_S3_SECRET_ACCESS_KEY"
|
||||||
|
|
||||||
|
# Execute the actual command (from command: in compose.yml)
|
||||||
|
exec "$@"
|
||||||
|
|
||||||
Reference in New Issue
Block a user