custom entrypoint for secrets
This commit is contained in:
parent
345f35dfee
commit
85a460cf3f
|
@ -6,3 +6,9 @@ DOMAIN=seafile.example.com
|
||||||
#EXTRA_DOMAINS=', `www.seafile.example.com`'
|
#EXTRA_DOMAINS=', `www.seafile.example.com`'
|
||||||
|
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
TIME_ZONE=Etc/UTC
|
||||||
|
SEAFILE_ADMIN_EMAIL=me@example.com
|
||||||
|
|
||||||
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
|
SECRET_SEAFILE_ADMIN_PASSWORD_VERSION=v1
|
34
compose.yml
34
compose.yml
|
@ -11,12 +11,20 @@ services:
|
||||||
- data:/shared
|
- data:/shared
|
||||||
environment:
|
environment:
|
||||||
- DB_HOST=db
|
- DB_HOST=db
|
||||||
- DB_ROOT_PASSWD=db_dev
|
- DB_ROOT_PASSWD_FILE=/run/secrets/db_root_password
|
||||||
- TIME_ZONE=Etc/UTC
|
- TIME_ZONE
|
||||||
- SEAFILE_ADMIN_EMAIL=me@example.com
|
- SEAFILE_ADMIN_EMAIL
|
||||||
- SEAFILE_ADMIN_PASSWORD=asecret
|
- SEAFILE_ADMIN_PASSWORD_FILE=/run/secrets/seafile_admin_password
|
||||||
- SEAFILE_SERVER_LETSENCRYPT=false
|
- SEAFILE_SERVER_LETSENCRYPT=false
|
||||||
# - SEAFILE_SERVER_HOSTNAME=docs.seafile.com # Specifies your host name if https is enabled.
|
# - SEAFILE_SERVER_HOSTNAME=docs.seafile.com # Specifies your host name if https is enabled.
|
||||||
|
configs:
|
||||||
|
- source: entrypoint
|
||||||
|
target: /scripts/custom-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
secrets:
|
||||||
|
- db_root_password
|
||||||
|
- seafile_admin_password
|
||||||
|
entrypoint: /scripts/custom-entrypoint.sh
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
condition: on-failure
|
condition: on-failure
|
||||||
|
@ -37,10 +45,12 @@ services:
|
||||||
db:
|
db:
|
||||||
image: mariadb:10.5
|
image: mariadb:10.5
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_ROOT_PASSWORD=db_dev
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||||
- MYSQL_LOG_CONSOLE=true
|
- MYSQL_LOG_CONSOLE=true
|
||||||
volumes:
|
volumes:
|
||||||
- db:/var/lib/mysql
|
- db:/var/lib/mysql
|
||||||
|
secrets:
|
||||||
|
- db_root_password
|
||||||
|
|
||||||
memcached:
|
memcached:
|
||||||
image: memcached:1.6
|
image: memcached:1.6
|
||||||
|
@ -54,3 +64,17 @@ networks:
|
||||||
default:
|
default:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
entrypoint:
|
||||||
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||||
|
file: entrypoint.sh
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
db_root_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||||
|
seafile_admin_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_seafile_admin_password_${SECRET_SEAFILE_ADMIN_PASSWORD_VERSION}
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
file_env "DB_ROOT_PASSWD"
|
||||||
|
file_env "SEAFILE_ADMIN_PASSWORD"
|
||||||
|
bash -c "/sbin/my_init -- /scripts/enterpoint.sh"
|
Loading…
Reference in New Issue