diff --git a/.envrc.sample b/.envrc.sample index d48b429..2fae517 100644 --- a/.envrc.sample +++ b/.envrc.sample @@ -2,3 +2,24 @@ export SERVICE=selfoss export DOMAIN=reader.example.com export STACK_NAME=selfoss export LETS_ENCRYPT_ENV=production + +# Selfoss options, see https://www.selfoss.aditu.de/#configuration + +# Options are sqlite, pgsql, mysql; currently sqlite and pgsql are supported +# If you choose pgsql +export SELFOSS_DB_TYPE=sqlite + +# Set these two variables to enable authentication +export SELFOSS_USERNAME= +export SELFOSS_PASSWORD= +# The recommended /password hash script currently seems broken; use this instead: +# http://www.passwordtool.hu/php5-password-hash-generator + +# Options are ERROR, WARNING, INFO, DEBU +export SELFOSS_LOGGER_LEVEL=DEBUG + +export ENTRYPOINT_CONF_VERSION=v7 +export DB_PASSWORD_VERSION=v1 +# Not required yet, see +# https://git.autonomic.zone/compose-stacks/selfoss/issues/3 +#export SELFOSS_PASSWORD_VERSION=v1 diff --git a/compose.yml b/compose.yml index dba1d73..23953a9 100644 --- a/compose.yml +++ b/compose.yml @@ -36,6 +36,8 @@ services: environment: - SELFOSS_USERNAME - SELFOSS_PASSWORD + # TODO 3wc: call PHP password_hash() on this before loading it, see + # https://git.autonomic.zone/compose-stacks/selfoss/issues/3 #- SELFOSS_PASSWORD_FILE=/run/secrets/selfoss_password - SELFOSS_DB_TYPE - SELFOSS_LOGGER_LEVEL @@ -45,9 +47,9 @@ services: - SELFOSS_DB_PASSWORD_FILE=/run/secrets/db_password secrets: - db_password + # TODO 3wc: see above note about issue #3 #- selfoss_password entrypoint: /docker-entrypoint.sh - #entrypoint: ['tail', '-f', '/dev/null'] configs: - source: entrypoint_conf target: /docker-entrypoint.sh @@ -57,6 +59,7 @@ services: - internal depends_on: - postgres + # TODO 3wc: not working currently, complains about YAML syntax error #healthcheck: # test: ["CMD", "wget", "-f" "http://localhost:8888"] # interval: 30s @@ -77,6 +80,7 @@ secrets: db_password: external: true name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION} + # TODO 3wc: see above note about issue #3 #selfoss_password: # external: true # name: ${STACK_NAME}_selfoss_password_${SELFOSS_PASSWORD_VERSION} diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index da48e3c..4ac78a8 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -1,6 +1,10 @@ #!/usr/bin/env bash configure_php() { + # 3wc: these changes allow environment variables to propagate to PHP; Selfoss + # already loads its config from environment variables but unless we make these + # changes, it can't access them. See + # https://github.com/docker-library/php/pull/93/files if ! grep -q '^clear_env = no' /etc/php7/php-fpm.d/www.conf; then sed -i 's/;clear_env = no/clear_env = no/' /etc/php7/php-fpm.d/www.conf fi @@ -14,36 +18,40 @@ configure_php() { } file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" + # 3wc: Load $VAR_FILE into $VAR - useful for secrets. See + # https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" } load_vars() { - file_env "SELFOSS_PASSWORD" - file_env "SELFOSS_DB_PASSWORD" + file_env "SELFOSS_PASSWORD" + file_env "SELFOSS_DB_PASSWORD" } main() { - set -eu + set -eu - configure_php - load_vars + configure_php + load_vars } main +# 3wc: upstream ENTRYPOINT +# https://github.com/theAkito/docker-selfoss/blob/master/Dockerfile run.sh