Compare commits
3 Commits
0.2.0+v3.4
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
| 44fae6db11 | |||
| 5ce5e557a3 | |||
| 3fbc6fb2a1 |
37
.env.sample
37
.env.sample
@ -7,13 +7,21 @@ DOMAIN=lasuite-docs.example.com
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
##############################################################################
|
||||
# SECRETS
|
||||
##############################################################################
|
||||
SECRET_MINIO_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
|
||||
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
||||
SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION=v1
|
||||
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
|
||||
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
|
||||
SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION=v1
|
||||
|
||||
##############################################################################
|
||||
# BASIC SETTINGS
|
||||
##############################################################################
|
||||
# FIXME: Move to Docker secret
|
||||
DJANGO_SECRET_KEY=ThisIsAnExampleKeyForDevPurposeOnly
|
||||
# FIXME: Move to docker secret
|
||||
DJANGO_SUPERUSER_PASSWORD=admin
|
||||
|
||||
##############################################################################
|
||||
# EMAIL
|
||||
@ -27,20 +35,23 @@ DJANGO_EMAIL_PORT=1025
|
||||
# SINGLE SIGN ON
|
||||
##############################################################################
|
||||
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
|
||||
OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth
|
||||
OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token
|
||||
OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo
|
||||
OIDC_RP_CLIENT_ID=impress
|
||||
# FIXME: Move to docker secret
|
||||
OIDC_RP_CLIENT_SECRET=example
|
||||
## Set those according to your needs
|
||||
OIDC_RP_CLIENT_ID=docs
|
||||
REALM_NAME=
|
||||
SSO_DOMAIN=
|
||||
|
||||
## These can probably be left as-is
|
||||
OIDC_OP_JWKS_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/certs
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/auth
|
||||
OIDC_OP_TOKEN_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/token
|
||||
OIDC_OP_USER_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/userinfo
|
||||
OIDC_RP_SIGN_ALGO=RS256
|
||||
OIDC_RP_SCOPES="openid email"
|
||||
LOGIN_REDIRECT_URL=https://${DOMAIN}
|
||||
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
|
||||
LOGOUT_REDIRECT_URL=https://${DOMAIN}
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS='["https://auth.${DOMAIN}", "https://${DOMAIN}"]'
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS='["https://id.docs.coop", "https://${DOMAIN}"]'
|
||||
#OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
||||
|
||||
##############################################################################
|
||||
# LOGGING
|
||||
|
||||
6
abra.sh
6
abra.sh
@ -3,6 +3,12 @@
|
||||
export NGINX_CONF_VERSION=v2
|
||||
export PG_BACKUP_VERSION=v3
|
||||
|
||||
export MINIO_ENTRYPOINT_VERSION=v1
|
||||
export MINIO_BOOTSTRAP_ENTRYPOINT_VERSION=v1
|
||||
export YPROVIDER_ENTRYPOINT_VERSION=v1
|
||||
export BACKEND_ENTRYPOINT_VERSION=v1
|
||||
export CELERY_ENTRYPOINT_VERSION=v1
|
||||
|
||||
# environment() {
|
||||
# # TODO: Add file_env here
|
||||
# }
|
||||
|
||||
127
compose.yml
127
compose.yml
@ -5,9 +5,9 @@
|
||||
x-common-env: &common-env
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY:
|
||||
DJANGO_SECRET_KEY_FILE: /run/secrets/django_secret_key
|
||||
DJANGO_SETTINGS_MODULE: impress.settings
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
DJANGO_SUPERUSER_PASSWORD_FILE: /run/secrets/django_superuser_password
|
||||
# Logging
|
||||
# Set to DEBUG level for dev only
|
||||
LOGGING_LEVEL_HANDLERS_CONSOLE:
|
||||
@ -21,15 +21,15 @@ x-common-env: &common-env
|
||||
DJANGO_EMAIL_LOGO_IMG:
|
||||
DJANGO_EMAIL_PORT:
|
||||
DJANGO_EMAIL_HOST_USER:
|
||||
DJANGO_EMAIL_HOST_PASSWORD:
|
||||
DJANGO_EMAIL_HOST_PASSWORD_FILE:
|
||||
# /run/secrets/django_email_host_password
|
||||
# Backend url
|
||||
IMPRESS_BASE_URL: "https://${DOMAIN}"
|
||||
# Media
|
||||
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
|
||||
AWS_S3_ENDPOINT_URL: http://minio:9000
|
||||
AWS_S3_ACCESS_KEY_ID: user
|
||||
# FIXME: Move to docker secret
|
||||
AWS_S3_SECRET_ACCESS_KEY: password
|
||||
AWS_S3_SECRET_ACCESS_KEY_FILE: /run/secrets/aws_s3_secret_access_key
|
||||
MEDIA_BASE_URL: https://${DOMAIN}
|
||||
AWS_STORAGE_BUCKET_NAME: docs-media-storage
|
||||
# OIDC - settings from .env, see .env.sample
|
||||
@ -38,7 +38,7 @@ x-common-env: &common-env
|
||||
OIDC_OP_TOKEN_ENDPOINT:
|
||||
OIDC_OP_USER_ENDPOINT:
|
||||
OIDC_RP_CLIENT_ID:
|
||||
OIDC_RP_CLIENT_SECRET:
|
||||
OIDC_RP_CLIENT_SECRET_FILE: /run/secrets/oidc_rp_client_secret
|
||||
OIDC_RP_SIGN_ALGO:
|
||||
OIDC_RP_SCOPES:
|
||||
LOGIN_REDIRECT_URL:
|
||||
@ -58,14 +58,12 @@ x-postgres-env: &postgres-env
|
||||
# Postgresql db container configuration
|
||||
POSTGRES_DB: docs
|
||||
POSTGRES_USER: docs
|
||||
# FIXME: Move to docker secret
|
||||
POSTGRES_PASSWORD: password
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
|
||||
# App database configuration
|
||||
DB_HOST: db
|
||||
DB_NAME: docs
|
||||
DB_USER: docs
|
||||
# FIXME: Move to docker secret
|
||||
DB_PASSWORD: password
|
||||
DB_PASSWORD_FILE: /run/secrets/postgres_password
|
||||
DB_PORT: 5432
|
||||
|
||||
x-yprovider-env: &yprovider-env
|
||||
@ -73,25 +71,20 @@ x-yprovider-env: &yprovider-env
|
||||
Y_PROVIDER_API_KEY: foobar
|
||||
COLLABORATION_API_URL: http://y-provider:4444/api/
|
||||
COLLABORATION_SERVER_ORIGIN: https://${DOMAIN}
|
||||
COLLABORATION_SERVER_SECRET: my-secret
|
||||
COLLABORATION_SERVER_SECRET_FILE: /run/secrets/collaboration_server_secret
|
||||
COLLABORATION_BACKEND_BASE_URL: https://${DOMAIN}
|
||||
COLLABORATION_WS_URL: wss://${DOMAIN}/collaboration/ws/
|
||||
|
||||
x-minio-env: &minio-env
|
||||
MINIO_ROOT_USER: user
|
||||
# FIXME: Move to docker secret
|
||||
MINIO_ROOT_PASSWORD: password
|
||||
|
||||
services:
|
||||
app:
|
||||
image: lasuite/impress-frontend:v3.4.2
|
||||
image: lasuite/impress-frontend:v3.6.0
|
||||
networks:
|
||||
- backend
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=false"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+v3.4.2"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.3.0+v3.6.0"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||
interval: 15s
|
||||
@ -100,11 +93,19 @@ services:
|
||||
start_period: 10s
|
||||
|
||||
backend:
|
||||
image: lasuite/impress-backend:v3.4.2
|
||||
image: lasuite/impress-backend:v3.6.0
|
||||
networks:
|
||||
- backend
|
||||
environment:
|
||||
<<: [*common-env, *postgres-env, *yprovider-env]
|
||||
secrets:
|
||||
- collaboration_server_secret
|
||||
- postgres_password
|
||||
- aws_s3_secret_access_key
|
||||
- oidc_rp_client_secret
|
||||
- django_secret_key
|
||||
- django_superuser_password
|
||||
#- django_email_host_password
|
||||
healthcheck:
|
||||
test: ["CMD", "python", "manage.py", "check"]
|
||||
interval: 15s
|
||||
@ -113,17 +114,27 @@ services:
|
||||
start_period: 10s
|
||||
|
||||
celery:
|
||||
image: lasuite/impress-backend:v3.4.2
|
||||
image: lasuite/impress-backend:v3.6.0
|
||||
networks:
|
||||
- backend
|
||||
command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
|
||||
environment:
|
||||
<<: [*common-env, *postgres-env, *yprovider-env]
|
||||
|
||||
secrets:
|
||||
- collaboration_server_secret
|
||||
- django_superuser_password
|
||||
- postgres_password
|
||||
- aws_s3_secret_access_key
|
||||
- oidc_rp_client_secret
|
||||
- django_secret_key
|
||||
#- django_email_host_password
|
||||
|
||||
y-provider:
|
||||
image: lasuite/impress-y-provider:v3.4.2
|
||||
image: lasuite/impress-y-provider:v3.6.0
|
||||
networks:
|
||||
- backend
|
||||
secrets:
|
||||
- collaboration_server_secret
|
||||
environment: *yprovider-env
|
||||
# NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
|
||||
|
||||
@ -141,6 +152,8 @@ services:
|
||||
PGDATA: var/lib/postgresql/data/pgdata
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data/pgdata
|
||||
secrets:
|
||||
- postgres_password
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
@ -159,16 +172,14 @@ services:
|
||||
|
||||
minio-bootstrap:
|
||||
# NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
|
||||
image: minio/mc:RELEASE.2025-05-21T01-59-54Z
|
||||
environment: *minio-env
|
||||
image: minio/mc:RELEASE.2025-08-13T08-35-41Z
|
||||
environment:
|
||||
- MINIO_ROOT_USER=minio
|
||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||
networks:
|
||||
- backend
|
||||
entrypoint: >
|
||||
sh -c "
|
||||
/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && \
|
||||
/usr/bin/mc mb --ignore-existing docs/docs-media-storage && \
|
||||
/usr/bin/mc version enable docs/docs-media-storage && \
|
||||
exit 0;"
|
||||
secrets:
|
||||
- minio_root_password
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 0
|
||||
@ -176,8 +187,12 @@ services:
|
||||
condition: none
|
||||
|
||||
minio:
|
||||
image: minio/minio:RELEASE.2025-05-24T17-08-30Z
|
||||
environment: *minio-env
|
||||
image: minio/minio:RELEASE.2025-09-07T16-13-09Z
|
||||
environment:
|
||||
- MINIO_ROOT_USER=minio
|
||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||
secrets:
|
||||
- minio_root_password
|
||||
healthcheck:
|
||||
test: ["CMD", "mc", "ready", "local"]
|
||||
interval: 1s
|
||||
@ -227,3 +242,51 @@ configs:
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
minio_entrypoint:
|
||||
name: ${STACK_NAME}_minio_entrypoint_${MINIO_ENTRYPOINT_VERSION}
|
||||
file: entrypoint-minio.sh.tmpl
|
||||
template_driver: golang
|
||||
minio_bootstrap_entrypoint:
|
||||
name: ${STACK_NAME}_minio_bootstrap_entrypoint_${MINIO_BOOTSTRAP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint-minio-bootstrap.sh.tmpl
|
||||
template_driver: golang
|
||||
yprovider_entrypoint:
|
||||
name: ${STACK_NAME}_yprovider_entrypoint_${YPROVIDER_ENTRYPOINT_VERSION}
|
||||
file: entrypoint-yprovider.sh.tmpl
|
||||
template_driver: golang
|
||||
backend_entrypoint:
|
||||
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_VERSION}
|
||||
file: entrypoint-backend.sh.tmpl
|
||||
template_driver: golang
|
||||
celery_entrypoint:
|
||||
name: ${STACK_NAME}_celery_entrypoint_${CELERY_ENTRYPOINT_VERSION}
|
||||
file: entrypoint-celery.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
|
||||
|
||||
secrets:
|
||||
minio_root_password:
|
||||
name: ${STACK_NAME}_minio_root_password_${SECRET_MINIO_ROOT_PASSWORD_VERSION}
|
||||
external: true
|
||||
collaboration_server_secret:
|
||||
name: ${STACK_NAME}_collaboration_server_secret_${SECRET_COLLABORATION_SERVER_SECRET_VERSION}
|
||||
external: true
|
||||
postgres_password:
|
||||
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
||||
external: true
|
||||
aws_s3_secret_access_key:
|
||||
name: ${STACK_NAME}_aws_s3_secret_access_key_${SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION}
|
||||
external: true
|
||||
oidc_rp_client_secret:
|
||||
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
|
||||
external: true
|
||||
django_secret_key:
|
||||
name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION}
|
||||
external: true
|
||||
django_superuser_password:
|
||||
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
|
||||
external: true
|
||||
# django_email_host_password:
|
||||
# name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
|
||||
# external: true
|
||||
|
||||
40
entrypoint-backend.sh.tmpl
Normal file
40
entrypoint-backend.sh.tmpl
Normal file
@ -0,0 +1,40 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "COLLABORATION_SERVER_SECRET"
|
||||
file_env "POSTGRES_PASSWORD"
|
||||
file_env "AWS_S3_SECRET_ACCESS_KEY"
|
||||
file_env "OIDC_RP_CLIENT_SECRET"
|
||||
file_env "DJANGO_SECRET_KEY"
|
||||
file_env "DJANGO_EMAIL_HOST_PASSWORD"
|
||||
file_env "DJANGO_SUPERUSER_PASSWORD"
|
||||
}
|
||||
|
||||
set -eu
|
||||
load_vars
|
||||
|
||||
set +eu
|
||||
|
||||
/usr/local/bin/entrypoint
|
||||
|
||||
39
entrypoint-celery.sh.tmpl
Normal file
39
entrypoint-celery.sh.tmpl
Normal file
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "COLLABORATION_SERVER_SECRET"
|
||||
file_env "POSTGRES_PASSWORD"
|
||||
file_env "AWS_S3_SECRET_ACCESS_KEY"
|
||||
file_env "OIDC_RP_CLIENT_SECRET"
|
||||
file_env "DJANGO_SECRET_KEY"
|
||||
file_env "DJANGO_EMAIL_HOST_PASSWORD"
|
||||
file_env "DJANGO_SUPERUSER_PASSWORD"
|
||||
}
|
||||
|
||||
set -eu
|
||||
load_vars
|
||||
|
||||
set +eu
|
||||
|
||||
celery -A impress.celery_app worker -l INFO
|
||||
37
entrypoint-minio-bootstrap.sh.tmpl
Normal file
37
entrypoint-minio-bootstrap.sh.tmpl
Normal file
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "MINIO_ROOT_PASSWORD"
|
||||
}
|
||||
|
||||
set -eu
|
||||
|
||||
load_vars
|
||||
|
||||
set +eu
|
||||
|
||||
/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD}
|
||||
/usr/bin/mc mb --ignore-existing docs/docs-media-storage
|
||||
/usr/bin/mc version enable docs/docs-media-storage
|
||||
exit 0
|
||||
34
entrypoint-minio.sh.tmpl
Normal file
34
entrypoint-minio.sh.tmpl
Normal file
@ -0,0 +1,34 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "MINIO_ROOT_PASSWORD"
|
||||
}
|
||||
|
||||
set -eu
|
||||
|
||||
load_vars
|
||||
|
||||
set +eu
|
||||
|
||||
minio server data
|
||||
33
entrypoint-yprovider.sh.tmpl
Normal file
33
entrypoint-yprovider.sh.tmpl
Normal file
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "COLLABORATION_SERVER_SECRET"
|
||||
}
|
||||
|
||||
set -eu
|
||||
load_vars
|
||||
|
||||
set +eu
|
||||
|
||||
/usr/local/bin/entrypoint
|
||||
Reference in New Issue
Block a user