Messing around with config

.env.sample

@@ -1,17 +1,18 @@
-# Service
+# Miniflux Configuration
-TYPE=miniflux
+DOMAIN=miniflux.example.org
-DOMAIN=miniflux.example.com
-LETS_ENCRYPT_ENV=production
-COMPOSE_FILE="compose.yml"
 
-# Miniflux Config
+# Database Configuration
-ADMIN_USERNAME=admin
-
-# Database
-DB_USER=miniflux
 DB_NAME=miniflux
+DB_USER=miniflux
 
-# Secrets Versions
+# Admin User Configuration
+MINIFLUX_ADMIN_USERNAME=admin
+
+# Secrets
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_PASSWORD_VERSION=v1
+SECRET_KEY_VERSION=v1
+
+# Configurations
 CONFIG_VERSION=v1
+STACK_NAME=miniflux

compose.postgres.yml

@@ -0,0 +1,21 @@
+---
+version: "3.8"
+
+services:
+  db:
+    image: postgres:15
+    environment:
+      - POSTGRES_DB={{ env "DB_NAME" }}
+      - POSTGRES_USER={{ env "DB_USER" }}
+      - POSTGRES_PASSWORD={{ secret "db_password" }}
+    volumes:
+      - miniflux-db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "{{ env 'DB_USER' }}"]
+      interval: 10s
+      start_period: 30s
+networks:
+  internal:
+
+volumes:
+  miniflux-db:

compose.yml

@@ -5,54 +5,30 @@ services:
   app:
     image: "miniflux/miniflux:2.2.0"
     configs:
-      - source: miniflux_config
+      - source: config_yml
         target: /etc/miniflux/config.yml
     secrets:
       - db_password
       - admin_password
+      - secret_key
     environment:
-      - BASE_URL=https://${DOMAIN}
+      - DATABASE_URL=postgres://{{ env "DB_USER" }}:{{ secret "db_password" }}@db/{{ env "DB_NAME" }}?sslmode=disable
-      - DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@db/${DB_NAME}?sslmode=disable
       - RUN_MIGRATIONS=1
-      - ADMIN_USERNAME=${ADMIN_USERNAME}
+      - ADMIN_USERNAME={{ env "MINIFLUX_ADMIN_USERNAME" }}
-      - ADMIN_PASSWORD_FILE=/run/secrets/admin_password
+      - ADMIN_PASSWORD={{ secret "admin_password" }}
+      - BASE_URL=https://{{ env "DOMAIN" }}
     networks:
       - proxy
       - internal
     deploy:
       update_config:
         failure_action: rollback
-        order: start-first
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=websecure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
-        - coop-cloud.${STACK_NAME}.version=1.0.0+miniflux-2.2.0
+        - coop-cloud.${STACK_NAME}.version=2.2.0
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/healthcheck"]
-      interval: 30s
-      timeout: 10s
-      retries: 5
-      start_period: 1m
-
-  db:
-    image: postgres:15
-    environment:
-      - POSTGRES_USER=${DB_USER}
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
-      - POSTGRES_DB=${DB_NAME}
-    secrets:
-      - db_password
-    networks:
-      - internal
-    volumes:
-      - miniflux-db:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD", "pg_isready", "-U", "${DB_USER}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
 
 networks:
   internal:
@@ -60,18 +36,19 @@ networks:
     external: true
 
 configs:
-  miniflux_config:
+  config_yml:
-    name: ${STACK_NAME}_config_v1
+    name: ${STACK_NAME}_config_yml_${CONFIG_VERSION}
     file: config.yml.tmpl
     template_driver: golang
 
 secrets:
   db_password:
-    name: ${STACK_NAME}_db_password_v1
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
     external: true
   admin_password:
-    name: ${STACK_NAME}_admin_password_v1
+    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
+    external: true
+  secret_key:
+    name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION}
     external: true
 
-volumes:
-  miniflux-db:

config.yml.tmpl

@@ -1,30 +1,24 @@
-# Base URL configuration
+# Application
-base_url = {{ env "BASE_URL" }}
+APP_NAME = {{ env "MINIFLUX_APP_NAME" }}
-
-# Admin user configuration
-admin_username = {{ env "ADMIN_USERNAME" }}
-admin_password = {{ secret "admin_password" }}
 
 # Database configuration
-database_url = postgres://{{ secret "db_user" }}:{{ secret "db_password" }}@db/{{ secret "db_name" }}?sslmode=disable
+[database]
-run_migrations = {{ or (env "RUN_MIGRATIONS") "1" }}
+DB_TYPE = {{ env "MINIFLUX_DB_TYPE" }}
+HOST = {{ env "MINIFLUX_DB_HOST" }}
+NAME = {{ env "MINIFLUX_DB_NAME" }}
+USER = {{ env "MINIFLUX_DB_USER" }}
+PASSWD = {{ secret "db_password" }}
 
-# HTTP server configuration
+# Server Configuration
-listen_addr = "0.0.0.0:8080"
+[server]
-root_path = "/"
+DOMAIN = {{ env "MINIFLUX_DOMAIN" }}
+PORT = {{ env "MINIFLUX_PORT" }}
 
-# Logging configuration
+# Security
-log_level = {{ or (env "LOG_LEVEL") "info" }}
+[security]
-log_format = {{ or (env "LOG_FORMAT") "text" }}
+SECRET_KEY = {{ secret "secret_key" }}
-
-# Security configuration
-csp_header = {{ or (env "CSP_HEADER") "default-src 'self';" }}
-hsts_max_age = {{ or (env "HSTS_MAX_AGE") "31536000" }}
-x_frame_options = {{ or (env "X_FRAME_OPTIONS") "DENY" }}
-
-# Worker configuration
-worker_pool_size = {{ or (env "WORKER_POOL_SIZE") "5" }}
-
-# Metrics and monitoring
-metrics_enabled = {{ or (env "METRICS_ENABLED") "true" }}
 
+# Admin User Configuration
+[admin]
+USERNAME = {{ env "MINIFLUX_ADMIN_USERNAME" }}
+PASSWORD = {{ secret "admin_password" }}