From dba79dc23b9903aca967a1c5cf57eb8518fea7a0 Mon Sep 17 00:00:00 2001
From: decentral1se <cellarspoon@riseup.net>
Date: Sat, 23 Mar 2024 12:01:31 +0100
Subject: [PATCH] feat: entrypoint basic auth generation

---
 abra.sh                                       |  6 ++--
 app-entrypoint.sh.tmpl                        |  6 ++++
 ...point.sh.tmpl => badger-entrypoint.sh.tmpl |  0
 compose.auth.yml                              | 11 +------
 compose.private.yml                           |  2 +-
 compose.yml                                   | 29 ++++++++++++-------
 nginx.conf.tmpl => default.conf.tmpl          |  0
 htpasswd.conf.tmpl                            |  1 -
 8 files changed, 29 insertions(+), 26 deletions(-)
 create mode 100644 app-entrypoint.sh.tmpl
 rename entrypoint.sh.tmpl => badger-entrypoint.sh.tmpl (100%)
 rename nginx.conf.tmpl => default.conf.tmpl (100%)
 delete mode 100644 htpasswd.conf.tmpl

diff --git a/abra.sh b/abra.sh
index af9f72c..de77d33 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,6 +1,6 @@
-export ENTRYPOINT_VERSION=v1
-export HTPASSWD_CONF_VERSION=v1
-export NGINX_CONF_VERSION=v1
+export APP_ENTRYPOINT_VERSION=v1
+export BADGER_ENTRYPOINT_VERSION=v1
+export DEFAULT_CONF_VERSION=v1
 export SSH_CONF_VERSION=v1
 export SSH_DEPLOY_KEY_VERSION=v1
 export WEBHOOKD_SCRIPT_VERSION=v1
diff --git a/app-entrypoint.sh.tmpl b/app-entrypoint.sh.tmpl
new file mode 100644
index 0000000..2740a90
--- /dev/null
+++ b/app-entrypoint.sh.tmpl
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+{{ if eq (env "AUTH_ENABLED") "1" }}
+apk add --no-cache apache2-utils
+htpasswd -b -c /etc/nginx/.htpasswd {{ env "AUTH_USERNAME" }} {{ secret "auth_password" }}
+{{ end }}
diff --git a/entrypoint.sh.tmpl b/badger-entrypoint.sh.tmpl
similarity index 100%
rename from entrypoint.sh.tmpl
rename to badger-entrypoint.sh.tmpl
diff --git a/compose.auth.yml b/compose.auth.yml
index 2f44cdc..99703e7 100644
--- a/compose.auth.yml
+++ b/compose.auth.yml
@@ -1,5 +1,5 @@
 ---
-version: "3"
+version: "3.8"
 
 services:
   app:
@@ -7,9 +7,6 @@ services:
       - AUTH_ENABLED
       - AUTH_USERNAME
       - DOMAIN
-    configs:
-      - source: htpasswd_conf
-        target: /etc/nginx/.htpasswd
     secrets:
       - auth_password
 
@@ -17,9 +14,3 @@ secrets:
   auth_password:
     external: true
     name: ${STACK_NAME}_auth_password_${SECRET_AUTH_PASSWORD_VERSION}
-
-configs:
-  htpasswd_conf:
-    name: ${STACK_NAME}_htpasswd_conf_${HTPASSWD_CONF_VERSION}
-    file: htpasswd.conf.tmpl
-    template_driver: golang
diff --git a/compose.private.yml b/compose.private.yml
index 5b2606c..1b42107 100644
--- a/compose.private.yml
+++ b/compose.private.yml
@@ -1,5 +1,5 @@
 ---
-version: "3"
+version: "3.8"
 
 services:
   badger:
diff --git a/compose.yml b/compose.yml
index f545fb7..7db1172 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,19 +1,22 @@
 ---
-version: "3"
+version: "3.8"
 
 services:
   app:
     image: nginx:1.25.3-alpine
     environment:
       - DOMAIN
-    configs:
-      - source: nginx_conf
-        target: /etc/nginx/conf.d/default.conf
     volumes:
       - nginx-data:/usr/share/nginx/website
     networks:
       - proxy
       - internal
+    configs:
+      - source: app_entrypoint
+        target: /docker-entrypoint.d/666-app-entrypoint.sh
+        mode: 0555
+      - source: default_conf
+        target: /etc/nginx/templates/default.conf.template
     deploy:
       restart_policy:
         condition: on-failure
@@ -39,7 +42,7 @@ services:
       - source: webhookd_script
         target: /root/scripts/deploy.sh
         mode: 0555
-      - source: entrypoint
+      - source: badger_entrypoint
         target: /entrypoint.sh
         mode: 0555
     volumes:
@@ -58,11 +61,15 @@ configs:
     name: ${STACK_NAME}_webhookd_script_${WEBHOOKD_SCRIPT_VERSION}
     file: deploy.sh.tmpl
     template_driver: golang
-  nginx_conf:
-    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
-    file: nginx.conf.tmpl
+  default_conf:
+    name: ${STACK_NAME}_default_conf_${DEFAULT_CONF_VERSION}
+    file: default.conf.tmpl
     template_driver: golang
-  entrypoint:
-    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
-    file: entrypoint.sh.tmpl
+  app_entrypoint:
+    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
+    file: app-entrypoint.sh.tmpl
+    template_driver: golang
+  badger_entrypoint:
+    name: ${STACK_NAME}_badger_entrypoint_${BADGER_ENTRYPOINT_VERSION}
+    file: badger-entrypoint.sh.tmpl
     template_driver: golang
diff --git a/nginx.conf.tmpl b/default.conf.tmpl
similarity index 100%
rename from nginx.conf.tmpl
rename to default.conf.tmpl
diff --git a/htpasswd.conf.tmpl b/htpasswd.conf.tmpl
deleted file mode 100644
index 76dcbea..0000000
--- a/htpasswd.conf.tmpl
+++ /dev/null
@@ -1 +0,0 @@
-{{ env "AUTH_USERNAME" }}:{{ secret "auth_password" }}