Browse Source

Get the secret/entrypoint/config thing wired up

pull/3/head
decentral1se 6 months ago
parent
commit
92a94e93c6
No known key found for this signature in database GPG Key ID: 92DAD76BD9567B8A
  1. 1
      abra.sh
  2. 25
      compose.yml
  3. 32
      entrypoint.sh.tmpl

1
abra.sh

@ -1,4 +1,5 @@
# shellcheck disable=SC2148
export ENTRYPOINT_CONF_VERSION=v1
#MASTO_APP_DIR="mastodon/public"
sub_rake() {

25
compose.yml

@ -76,6 +76,11 @@ services:
# - "traefik.http.routers.${STACK_NAME}_hack.entrypoints=websecure"
# - "traefik.http.routers.${STACK_NAME}_hack.middlewares=mastodon-webfinger@docker"
configs: &configs
- source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: &entrypoint /usr/local/bin/entrypoint.sh
volumes: &appVolume
- app:/mastodon
secrets: &secrets
@ -88,7 +93,7 @@ services:
- DB_HOST
- DB_USER
- DB_NAME
- DB_PASS
- DB_PASS_FILE=/run/secrets/db_password
- DB_PORT
- REDIS_HOST
- REDIS_PORT
@ -104,10 +109,10 @@ services:
- ES_PREFIX
- STATSD_ADDR
- STATSD_NAMESPACE
- VAPID_PRIVATE_KEY
- VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
- VAPID_PUBLIC_KEY
- OTP_SECRET
- SECRET_KEY_BASE
- OTP_SECRET_FILE=/run/secrets/otp_secret
- SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
- LOCAL_DOMAIN
- WEB_DOMAIN
- ALTERNATE_DOMAINS
@ -124,7 +129,7 @@ services:
- SMTP_SERVER
- SMTP_PORT
- SMTP_LOGIN
- SMTP_PASSWORD
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- SMTP_FROM_ADDRESS
- SMTP_DOMAIN
- SMTP_DELIVERY_METHOD
@ -174,6 +179,8 @@ services:
streaming:
image: *image
command: node ./streaming
configs: *configs
entrypoint: *entrypoint
secrets: *secrets
networks: *bothNetworks
healthcheck:
@ -205,6 +212,8 @@ services:
image: *image
secrets: *secrets
command: bundle exec sidekiq
configs: *configs
entrypoint: *entrypoint
deploy:
update_config:
failure_action: rollback
@ -241,3 +250,9 @@ networks:
external: true
internal_network:
internal: true
configs:
entrypoint_sh:
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang

32
entrypoint.sh.tmpl

@ -0,0 +1,32 @@
#!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "DB_PASS"
file_env "OTP_SECRET"
file_env "SECRET_KEY_BASE"
file_env "SMTP_PASSWORD"
file_env "VAPID_PRIVATE_KEY"
/usr/bin/tini -- "$@"
Loading…
Cancel
Save