coop-cloud/lasuite-docs
1
0
Fork 1
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: coop-cloud:0.1.0+v3.3.0
Branches Tags
coop-cloud:main coop-cloud:dev
coop-cloud:0.2.0+v3.4.2 coop-cloud:0.1.0+v3.3.0
..
compare: coop-cloud:dev
Branches Tags
coop-cloud:dev coop-cloud:main
coop-cloud:0.2.0+v3.4.2 coop-cloud:0.1.0+v3.3.0

5 Commits
0.1.0+v3.3 ... dev

Author SHA1 Message Date
knoflook
44fae6db11 spell fixes and disable email password secret 2025-09-11 13:37:59 +02:00
knoflook
5ce5e557a3 fix: typo 2025-09-09 17:41:32 +02:00
knoflook
3fbc6fb2a1 WIP: move secrets away 2025-09-09 17:27:09 +02:00
kawaiipunk
2f60ed1ec5 chore: publish 0.2.0+v3.4.2 release 2025-07-29 11:35:23 +01:00
3wc
5ba322a5f0 Migrate outstanding TODOs to repo issues 2025-06-12 15:42:41 +01:00
9 changed files with 310 additions and 80 deletions
Expand all files Collapse all files

37
.env.sample
View File

@ -7,13 +7,21 @@ DOMAIN=lasuite-docs.example.com
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
##############################################################################
# SECRETS
##############################################################################
SECRET_MINIO_ROOT_PASSWORD_VERSION=v1
SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
SECRET_POSTGRES_PASSWORD_VERSION=v1
SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION=v1
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
SECRET_DJANGO_SECRET_KEY_VERSION=v1
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION=v1
############################################################################## ##############################################################################
# BASIC SETTINGS # BASIC SETTINGS
############################################################################## ##############################################################################
# FIXME: Move to Docker secret
DJANGO_SECRET_KEY=ThisIsAnExampleKeyForDevPurposeOnly
# FIXME: Move to docker secret
DJANGO_SUPERUSER_PASSWORD=admin
############################################################################## ##############################################################################
# EMAIL # EMAIL
@ -27,20 +35,23 @@ DJANGO_EMAIL_PORT=1025
# SINGLE SIGN ON # SINGLE SIGN ON
############################################################################## ##############################################################################
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README # NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs ## Set those according to your needs
OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth OIDC_RP_CLIENT_ID=docs
OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token REALM_NAME=
OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo SSO_DOMAIN=
OIDC_RP_CLIENT_ID=impress
# FIXME: Move to docker secret ## These can probably be left as-is
OIDC_RP_CLIENT_SECRET=example OIDC_OP_JWKS_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/userinfo
OIDC_RP_SIGN_ALGO=RS256 OIDC_RP_SIGN_ALGO=RS256
OIDC_RP_SCOPES="openid email" OIDC_RP_SCOPES="openid email"
LOGIN_REDIRECT_URL=https://${DOMAIN} LOGIN_REDIRECT_URL=https://${DOMAIN}
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN} LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
LOGOUT_REDIRECT_URL=https://${DOMAIN} LOGOUT_REDIRECT_URL=https://${DOMAIN}
OIDC_REDIRECT_ALLOWED_HOSTS='["https://auth.${DOMAIN}", "https://${DOMAIN}"]' OIDC_REDIRECT_ALLOWED_HOSTS='["https://id.docs.coop", "https://${DOMAIN}"]'
OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}" #OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
############################################################################## ##############################################################################
# LOGGING # LOGGING

33
TODO.md
View File

@ -1,33 +0,0 @@
# TODO
## Must
- [x] Fix image uploads
- [x] Update recipe metadata
- [x] External OIDC server (+ move options to `.env.sample`)
- [x] Customisable Django `DJANGO_SECRET_KEY` and `DJANGO_SUPERUSER_PASSWORD`
- [ ] Versioned recipe release
- [x] `backup-bot-two` labels
- [x] Fix Django admin static files
## Should
- [ ] Move secrets to Docker secrets
- [ ] Postgres password
- [ ] y-provider key
- [ ] OIDC secret
- [ ] SMTP password
- [ ] Minio password / `AWS_S3_SECRET_ACCESS_KEY`
- [x] Initial setup documentation
- [x] Move Minio bootstrap & DB migrate to `abra.sh` commands
- [ ] Expose options in `.env.sample`:
- [ ] Branding
- [x] Logging
- [x] SMTP
- [ ] Increase image upload filesize
## Could
- [ ] External Minio service
- [ ] Recipe CI tests
- [ ] Configurable image upload filesize

6
abra.sh
View File

@ -3,6 +3,12 @@
export NGINX_CONF_VERSION=v2 export NGINX_CONF_VERSION=v2
export PG_BACKUP_VERSION=v3 export PG_BACKUP_VERSION=v3
export MINIO_ENTRYPOINT_VERSION=v1
export MINIO_BOOTSTRAP_ENTRYPOINT_VERSION=v1
export YPROVIDER_ENTRYPOINT_VERSION=v1
export BACKEND_ENTRYPOINT_VERSION=v1
export CELERY_ENTRYPOINT_VERSION=v1
# environment() { # environment() {
# # TODO: Add file_env here # # TODO: Add file_env here
# } # }

129
compose.yml
View File

@ -5,9 +5,9 @@
x-common-env: &common-env x-common-env: &common-env
DJANGO_CONFIGURATION: Production DJANGO_CONFIGURATION: Production
DJANGO_ALLOWED_HOSTS: "*" DJANGO_ALLOWED_HOSTS: "*"
DJANGO_SECRET_KEY: DJANGO_SECRET_KEY_FILE: /run/secrets/django_secret_key
DJANGO_SETTINGS_MODULE: impress.settings DJANGO_SETTINGS_MODULE: impress.settings
DJANGO_SUPERUSER_PASSWORD: DJANGO_SUPERUSER_PASSWORD_FILE: /run/secrets/django_superuser_password
# Logging # Logging
# Set to DEBUG level for dev only # Set to DEBUG level for dev only
LOGGING_LEVEL_HANDLERS_CONSOLE: LOGGING_LEVEL_HANDLERS_CONSOLE:
@ -21,15 +21,15 @@ x-common-env: &common-env
DJANGO_EMAIL_LOGO_IMG: DJANGO_EMAIL_LOGO_IMG:
DJANGO_EMAIL_PORT: DJANGO_EMAIL_PORT:
DJANGO_EMAIL_HOST_USER: DJANGO_EMAIL_HOST_USER:
DJANGO_EMAIL_HOST_PASSWORD: DJANGO_EMAIL_HOST_PASSWORD_FILE:
# /run/secrets/django_email_host_password
# Backend url # Backend url
IMPRESS_BASE_URL: "https://${DOMAIN}" IMPRESS_BASE_URL: "https://${DOMAIN}"
# Media # Media
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
AWS_S3_ENDPOINT_URL: http://minio:9000 AWS_S3_ENDPOINT_URL: http://minio:9000
AWS_S3_ACCESS_KEY_ID: user AWS_S3_ACCESS_KEY_ID: user
# FIXME: Move to docker secret AWS_S3_SECRET_ACCESS_KEY_FILE: /run/secrets/aws_s3_secret_access_key
AWS_S3_SECRET_ACCESS_KEY: password
MEDIA_BASE_URL: https://${DOMAIN} MEDIA_BASE_URL: https://${DOMAIN}
AWS_STORAGE_BUCKET_NAME: docs-media-storage AWS_STORAGE_BUCKET_NAME: docs-media-storage
# OIDC - settings from .env, see .env.sample # OIDC - settings from .env, see .env.sample
@ -38,7 +38,7 @@ x-common-env: &common-env
OIDC_OP_TOKEN_ENDPOINT: OIDC_OP_TOKEN_ENDPOINT:
OIDC_OP_USER_ENDPOINT: OIDC_OP_USER_ENDPOINT:
OIDC_RP_CLIENT_ID: OIDC_RP_CLIENT_ID:
OIDC_RP_CLIENT_SECRET: OIDC_RP_CLIENT_SECRET_FILE: /run/secrets/oidc_rp_client_secret
OIDC_RP_SIGN_ALGO: OIDC_RP_SIGN_ALGO:
OIDC_RP_SCOPES: OIDC_RP_SCOPES:
LOGIN_REDIRECT_URL: LOGIN_REDIRECT_URL:
@ -58,14 +58,12 @@ x-postgres-env: &postgres-env
# Postgresql db container configuration # Postgresql db container configuration
POSTGRES_DB: docs POSTGRES_DB: docs
POSTGRES_USER: docs POSTGRES_USER: docs
# FIXME: Move to docker secret POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_PASSWORD: password
# App database configuration # App database configuration
DB_HOST: db DB_HOST: db
DB_NAME: docs DB_NAME: docs
DB_USER: docs DB_USER: docs
# FIXME: Move to docker secret DB_PASSWORD_FILE: /run/secrets/postgres_password
DB_PASSWORD: password
DB_PORT: 5432 DB_PORT: 5432
x-yprovider-env: &yprovider-env x-yprovider-env: &yprovider-env
@ -73,25 +71,20 @@ x-yprovider-env: &yprovider-env
Y_PROVIDER_API_KEY: foobar Y_PROVIDER_API_KEY: foobar
COLLABORATION_API_URL: http://y-provider:4444/api/ COLLABORATION_API_URL: http://y-provider:4444/api/
COLLABORATION_SERVER_ORIGIN: https://${DOMAIN} COLLABORATION_SERVER_ORIGIN: https://${DOMAIN}
COLLABORATION_SERVER_SECRET: my-secret COLLABORATION_SERVER_SECRET_FILE: /run/secrets/collaboration_server_secret
COLLABORATION_BACKEND_BASE_URL: https://${DOMAIN} COLLABORATION_BACKEND_BASE_URL: https://${DOMAIN}
COLLABORATION_WS_URL: wss://${DOMAIN}/collaboration/ws/ COLLABORATION_WS_URL: wss://${DOMAIN}/collaboration/ws/
x-minio-env: &minio-env
MINIO_ROOT_USER: user
# FIXME: Move to docker secret
MINIO_ROOT_PASSWORD: password
services: services:
app: app:
image: lasuite/impress-frontend:v3.3.0 image: lasuite/impress-frontend:v3.6.0
networks: networks:
- backend - backend
deploy: deploy:
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "coop-cloud.${STACK_NAME}.version=0.1.0+v3.3.0" - "coop-cloud.${STACK_NAME}.version=0.3.0+v3.6.0"
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"] test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 15s interval: 15s
@ -100,11 +93,19 @@ services:
start_period: 10s start_period: 10s
backend: backend:
image: lasuite/impress-backend:v3.3.0 image: lasuite/impress-backend:v3.6.0
networks: networks:
- backend - backend
environment: environment:
<<: [*common-env, *postgres-env, *yprovider-env] <<: [*common-env, *postgres-env, *yprovider-env]
secrets:
- collaboration_server_secret
- postgres_password
- aws_s3_secret_access_key
- oidc_rp_client_secret
- django_secret_key
- django_superuser_password
#- django_email_host_password
healthcheck: healthcheck:
test: ["CMD", "python", "manage.py", "check"] test: ["CMD", "python", "manage.py", "check"]
interval: 15s interval: 15s
@ -113,17 +114,27 @@ services:
start_period: 10s start_period: 10s
celery: celery:
image: lasuite/impress-backend:v3.3.0 image: lasuite/impress-backend:v3.6.0
networks: networks:
- backend - backend
command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"] command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
environment: environment:
<<: [*common-env, *postgres-env, *yprovider-env] <<: [*common-env, *postgres-env, *yprovider-env]
secrets:
- collaboration_server_secret
- django_superuser_password
- postgres_password
- aws_s3_secret_access_key
- oidc_rp_client_secret
- django_secret_key
#- django_email_host_password
y-provider: y-provider:
image: lasuite/impress-y-provider:v3.3.0 image: lasuite/impress-y-provider:v3.6.0
networks: networks:
- backend - backend
secrets:
- collaboration_server_secret
environment: *yprovider-env environment: *yprovider-env
# NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403 # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
@ -141,6 +152,8 @@ services:
PGDATA: var/lib/postgresql/data/pgdata PGDATA: var/lib/postgresql/data/pgdata
volumes: volumes:
- postgres:/var/lib/postgresql/data/pgdata - postgres:/var/lib/postgresql/data/pgdata
secrets:
- postgres_password
deploy: deploy:
labels: labels:
backupbot.backup: "${ENABLE_BACKUPS:-true}" backupbot.backup: "${ENABLE_BACKUPS:-true}"
@ -153,22 +166,20 @@ services:
mode: 0555 mode: 0555
redis: redis:
image: redis:5 image: redis:8
networks: networks:
- backend - backend
minio-bootstrap: minio-bootstrap:
# NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale` # NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
image: minio/mc:RELEASE.2025-05-21T01-59-54Z image: minio/mc:RELEASE.2025-08-13T08-35-41Z
environment: *minio-env environment:
- MINIO_ROOT_USER=minio
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
networks: networks:
- backend - backend
entrypoint: > secrets:
sh -c " - minio_root_password
/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && \
/usr/bin/mc mb --ignore-existing docs/docs-media-storage && \
/usr/bin/mc version enable docs/docs-media-storage && \
exit 0;"
deploy: deploy:
mode: replicated mode: replicated
replicas: 0 replicas: 0
@ -176,8 +187,12 @@ services:
condition: none condition: none
minio: minio:
image: minio/minio:RELEASE.2025-05-24T17-08-30Z image: minio/minio:RELEASE.2025-09-07T16-13-09Z
environment: *minio-env environment:
- MINIO_ROOT_USER=minio
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
secrets:
- minio_root_password
healthcheck: healthcheck:
test: ["CMD", "mc", "ready", "local"] test: ["CMD", "mc", "ready", "local"]
interval: 1s interval: 1s
@ -194,7 +209,7 @@ services:
backupbot.backup: "${ENABLE_BACKUPS:-true}" backupbot.backup: "${ENABLE_BACKUPS:-true}"
web: web:
image: nginx:1.27 image: nginx:1.29
configs: configs:
- source: nginx_conf - source: nginx_conf
target: /etc/nginx/conf.d/default.conf target: /etc/nginx/conf.d/default.conf
@ -227,3 +242,51 @@ configs:
pg_backup: pg_backup:
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
file: pg_backup.sh file: pg_backup.sh
minio_entrypoint:
name: ${STACK_NAME}_minio_entrypoint_${MINIO_ENTRYPOINT_VERSION}
file: entrypoint-minio.sh.tmpl
template_driver: golang
minio_bootstrap_entrypoint:
name: ${STACK_NAME}_minio_bootstrap_entrypoint_${MINIO_BOOTSTRAP_ENTRYPOINT_VERSION}
file: entrypoint-minio-bootstrap.sh.tmpl
template_driver: golang
yprovider_entrypoint:
name: ${STACK_NAME}_yprovider_entrypoint_${YPROVIDER_ENTRYPOINT_VERSION}
file: entrypoint-yprovider.sh.tmpl
template_driver: golang
backend_entrypoint:
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_VERSION}
file: entrypoint-backend.sh.tmpl
template_driver: golang
celery_entrypoint:
name: ${STACK_NAME}_celery_entrypoint_${CELERY_ENTRYPOINT_VERSION}
file: entrypoint-celery.sh.tmpl
template_driver: golang
secrets:
minio_root_password:
name: ${STACK_NAME}_minio_root_password_${SECRET_MINIO_ROOT_PASSWORD_VERSION}
external: true
collaboration_server_secret:
name: ${STACK_NAME}_collaboration_server_secret_${SECRET_COLLABORATION_SERVER_SECRET_VERSION}
external: true
postgres_password:
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
external: true
aws_s3_secret_access_key:
name: ${STACK_NAME}_aws_s3_secret_access_key_${SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION}
external: true
oidc_rp_client_secret:
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
external: true
django_secret_key:
name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION}
external: true
django_superuser_password:
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
external: true
# django_email_host_password:
# name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
# external: true

40
entrypoint-backend.sh.tmpl Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env bash
file_env() {
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
load_vars() {
file_env "COLLABORATION_SERVER_SECRET"
file_env "POSTGRES_PASSWORD"
file_env "AWS_S3_SECRET_ACCESS_KEY"
file_env "OIDC_RP_CLIENT_SECRET"
file_env "DJANGO_SECRET_KEY"
file_env "DJANGO_EMAIL_HOST_PASSWORD"
file_env "DJANGO_SUPERUSER_PASSWORD"
}
set -eu
load_vars
set +eu
/usr/local/bin/entrypoint

39
entrypoint-celery.sh.tmpl Normal file
View File

@ -0,0 +1,39 @@
#!/usr/bin/env bash
file_env() {
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
load_vars() {
file_env "COLLABORATION_SERVER_SECRET"
file_env "POSTGRES_PASSWORD"
file_env "AWS_S3_SECRET_ACCESS_KEY"
file_env "OIDC_RP_CLIENT_SECRET"
file_env "DJANGO_SECRET_KEY"
file_env "DJANGO_EMAIL_HOST_PASSWORD"
file_env "DJANGO_SUPERUSER_PASSWORD"
}
set -eu
load_vars
set +eu
celery -A impress.celery_app worker -l INFO

37
entrypoint-minio-bootstrap.sh.tmpl Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
file_env() {
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
load_vars() {
file_env "MINIO_ROOT_PASSWORD"
}
set -eu
load_vars
set +eu
/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD}
/usr/bin/mc mb --ignore-existing docs/docs-media-storage
/usr/bin/mc version enable docs/docs-media-storage
exit 0

34
entrypoint-minio.sh.tmpl Normal file
View File

@ -0,0 +1,34 @@
#!/usr/bin/env bash
file_env() {
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
load_vars() {
file_env "MINIO_ROOT_PASSWORD"
}
set -eu
load_vars
set +eu
minio server data

33
entrypoint-yprovider.sh.tmpl Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
file_env() {
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
load_vars() {
file_env "COLLABORATION_SERVER_SECRET"
}
set -eu
load_vars
set +eu
/usr/local/bin/entrypoint