custom entrypoint for secrets
This commit is contained in:
parent
345f35dfee
commit
85a460cf3f
|
@ -6,3 +6,9 @@ DOMAIN=seafile.example.com
|
|||
#EXTRA_DOMAINS=', `www.seafile.example.com`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
TIME_ZONE=Etc/UTC
|
||||
SEAFILE_ADMIN_EMAIL=me@example.com
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_SEAFILE_ADMIN_PASSWORD_VERSION=v1
|
34
compose.yml
34
compose.yml
|
@ -11,12 +11,20 @@ services:
|
|||
- data:/shared
|
||||
environment:
|
||||
- DB_HOST=db
|
||||
- DB_ROOT_PASSWD=db_dev
|
||||
- TIME_ZONE=Etc/UTC
|
||||
- SEAFILE_ADMIN_EMAIL=me@example.com
|
||||
- SEAFILE_ADMIN_PASSWORD=asecret
|
||||
- DB_ROOT_PASSWD_FILE=/run/secrets/db_root_password
|
||||
- TIME_ZONE
|
||||
- SEAFILE_ADMIN_EMAIL
|
||||
- SEAFILE_ADMIN_PASSWORD_FILE=/run/secrets/seafile_admin_password
|
||||
- SEAFILE_SERVER_LETSENCRYPT=false
|
||||
# - SEAFILE_SERVER_HOSTNAME=docs.seafile.com # Specifies your host name if https is enabled.
|
||||
configs:
|
||||
- source: entrypoint
|
||||
target: /scripts/custom-entrypoint.sh
|
||||
mode: 0555
|
||||
secrets:
|
||||
- db_root_password
|
||||
- seafile_admin_password
|
||||
entrypoint: /scripts/custom-entrypoint.sh
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
@ -37,10 +45,12 @@ services:
|
|||
db:
|
||||
image: mariadb:10.5
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db_dev
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
- MYSQL_LOG_CONSOLE=true
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
secrets:
|
||||
- db_root_password
|
||||
|
||||
memcached:
|
||||
image: memcached:1.6
|
||||
|
@ -54,3 +64,17 @@ networks:
|
|||
default:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
seafile_admin_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_seafile_admin_password_${SECRET_SEAFILE_ADMIN_PASSWORD_VERSION}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "DB_ROOT_PASSWD"
|
||||
file_env "SEAFILE_ADMIN_PASSWORD"
|
||||
bash -c "/sbin/my_init -- /scripts/enterpoint.sh"
|
Loading…
Reference in New Issue