From f7087646b171133deaca8510ea23835dbf9c070f Mon Sep 17 00:00:00 2001
From: ripclap <admin@ripclap.org>
Date: Tue, 12 Aug 2025 00:20:11 +0000
Subject: [PATCH 1/5] Added Azure DNS 01-Challenge support

---
 compose.azure.yml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 compose.azure.yml

diff --git a/compose.azure.yml b/compose.azure.yml
new file mode 100644
index 0000000..a069bca
--- /dev/null
+++ b/compose.azure.yml
@@ -0,0 +1,33 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - AZURE_TENANT_ID_FILE=${AZURE_TENANT_ID_FILE}
+      - AZURE_CLIENT_ID_FILE=${AZURE_CLIENT_ID_FILE}
+      - AZURE_CLIENT_SECRET_FILE=${AZURE_CLIENT_SECRET_FILE}
+      - AZURE_SUBSCRIPTION_ID_FILE=${AZURE_SUBSCRIPTION_ID_FILE}
+      - AZURE_RESOURCE_GROUP_FILE=${AZURE_RESOURCE_GROUP_FILE}
+    secrets:
+      - AZURE_TENANT_ID
+      - AZURE_CLIENT_ID
+      - AZURE_CLIENT_SECRET
+      - AZURE_SUBSCRIPTION_ID
+      - AZURE_RESOURCE_GROUP
+
+secrets:
+  AZURE_TENANT_ID:
+    name: ${STACK_NAME}_AZURE_TENANT_ID_${SECRET_AZURE_TENANT_ID_VERSION}
+    external: true
+  AZURE_CLIENT_ID:
+    name: ${STACK_NAME}_AZURE_CLIENT_ID_${SECRET_AZURE_CLIENT_ID_VERSION}
+    external: true
+  AZURE_CLIENT_SECRET:
+    name: ${STACK_NAME}_AZURE_CLIENT_SECRET_${SECRET_AZURE_CLIENT_SECRET_VERSION}
+    external: true
+  AZURE_SUBSCRIPTION_ID:
+    name: ${STACK_NAME}_AZURE_SUBSCRIPTION_ID_${SECRET_AZURE_SUBSCRIPTION_ID_VERSION}
+    external: true
+  AZURE_RESOURCE_GROUP:
+    name: ${STACK_NAME}_AZURE_RESOURCE_GROUP_${SECRET_AZURE_RESOURCE_GROUP_VERSION}
+    external: true
\ No newline at end of file

From c7e510fbad725fd478fa30b29c4d135a01fe21cc Mon Sep 17 00:00:00 2001
From: ripclap <admin@ripclap.org>
Date: Tue, 12 Aug 2025 00:20:57 +0000
Subject: [PATCH 2/5] Added Azure DNS 01-Challenge support

---
 .env.sample | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.env.sample b/.env.sample
index ffe1c2c..ce598f2 100644
--- a/.env.sample
+++ b/.env.sample
@@ -58,6 +58,20 @@ COMPOSE_FILE="compose.yml"
 #DIGITALOCEAN_ENABLED=1
 #SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
 
+## Azure, https://azure.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
+#AZURE_TENANT_ID_FILE=/run/secrets/AZURE_TENANT_ID
+#AZURE_CLIENT_ID_FILE=/run/secrets/AZURE_CLIENT_ID
+#AZURE_CLIENT_SECRET_FILE=/run/secrets/AZURE_CLIENT_SECRET
+#AZURE_SUBSCRIPTION_ID_FILE=/run/secrets/AZURE_SUBSCRIPTION_ID
+#AZURE_RESOURCE_GROUP_FILE=/run/secrets/AZURE_RESOURCE_GROUP
+
+#SECRET_AZURE_TENANT_ID_VERSION=v1
+#SECRET_AZURE_CLIENT_ID_VERSION=v1
+#SECRET_AZURE_CLIENT_SECRET_VERSION=v1
+#SECRET_AZURE_SUBSCRIPTION_ID_VERSION=v1
+#SECRET_AZURE_RESOURCE_GROUP_VERSION=v1
+
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################

From 2db1a03d94fa9cbd760ab462a300376d133bce14 Mon Sep 17 00:00:00 2001
From: ripclap <admin@ripclap.org>
Date: Mon, 11 Aug 2025 17:37:22 -0700
Subject: [PATCH 3/5] Updated TRAEFIK_YML_VERSION

---
 abra.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/abra.sh b/abra.sh
index dcd1537..4a149d7 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v23
+export TRAEFIK_YML_VERSION=v24
 export FILE_PROVIDER_YML_VERSION=v10
 export ENTRYPOINT_VERSION=v4

From b8aa102a01719ac0449b0de5c08fc172ef9da327 Mon Sep 17 00:00:00 2001
From: ripclap <admin@ripclap.org>
Date: Tue, 12 Aug 2025 01:21:56 -0700
Subject: [PATCH 4/5] azure: update code to align with established conventions

---
 .env.sample        | 19 ++++++++-----------
 compose.azure.yml  | 26 +++++---------------------
 entrypoint.sh.tmpl |  4 ++++
 3 files changed, 17 insertions(+), 32 deletions(-)

diff --git a/.env.sample b/.env.sample
index ce598f2..d4e4b04 100644
--- a/.env.sample
+++ b/.env.sample
@@ -59,18 +59,15 @@ COMPOSE_FILE="compose.yml"
 #SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
 
 ## Azure, https://azure.com
+## To insert your Azure client secret:
+## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
-#AZURE_TENANT_ID_FILE=/run/secrets/AZURE_TENANT_ID
-#AZURE_CLIENT_ID_FILE=/run/secrets/AZURE_CLIENT_ID
-#AZURE_CLIENT_SECRET_FILE=/run/secrets/AZURE_CLIENT_SECRET
-#AZURE_SUBSCRIPTION_ID_FILE=/run/secrets/AZURE_SUBSCRIPTION_ID
-#AZURE_RESOURCE_GROUP_FILE=/run/secrets/AZURE_RESOURCE_GROUP
-
-#SECRET_AZURE_TENANT_ID_VERSION=v1
-#SECRET_AZURE_CLIENT_ID_VERSION=v1
-#SECRET_AZURE_CLIENT_SECRET_VERSION=v1
-#SECRET_AZURE_SUBSCRIPTION_ID_VERSION=v1
-#SECRET_AZURE_RESOURCE_GROUP_VERSION=v1
+#AZURE_ENABLED=1
+#AZURE_TENANT_ID=
+#AZURE_CLIENT_ID=
+#AZURE_SUBSCRIPTION_ID=
+#AZURE_RESOURCE_GROUP=
+#SECRET_AZURE_SECRET_VERSION=v1
 
 #####################################################################
 # Manual wildcard certificate insertion                             #
diff --git a/compose.azure.yml b/compose.azure.yml
index a069bca..4faf82c 100644
--- a/compose.azure.yml
+++ b/compose.azure.yml
@@ -3,31 +3,15 @@ version: "3.8"
 services:
   app:
     environment:
-      - AZURE_TENANT_ID_FILE=${AZURE_TENANT_ID_FILE}
-      - AZURE_CLIENT_ID_FILE=${AZURE_CLIENT_ID_FILE}
-      - AZURE_CLIENT_SECRET_FILE=${AZURE_CLIENT_SECRET_FILE}
-      - AZURE_SUBSCRIPTION_ID_FILE=${AZURE_SUBSCRIPTION_ID_FILE}
-      - AZURE_RESOURCE_GROUP_FILE=${AZURE_RESOURCE_GROUP_FILE}
-    secrets:
       - AZURE_TENANT_ID
       - AZURE_CLIENT_ID
-      - AZURE_CLIENT_SECRET
       - AZURE_SUBSCRIPTION_ID
       - AZURE_RESOURCE_GROUP
+      - AZURE_CLIENT_SECRET_FILE=/run/secrets/azure_secret
+    secrets:
+      - azure_secret
 
 secrets:
-  AZURE_TENANT_ID:
-    name: ${STACK_NAME}_AZURE_TENANT_ID_${SECRET_AZURE_TENANT_ID_VERSION}
+  azure_secret:
+    name: ${STACK_NAME}_azure_secret_${SECRET_AZURE_CLIENT_SECRET_VERSION}
     external: true
-  AZURE_CLIENT_ID:
-    name: ${STACK_NAME}_AZURE_CLIENT_ID_${SECRET_AZURE_CLIENT_ID_VERSION}
-    external: true
-  AZURE_CLIENT_SECRET:
-    name: ${STACK_NAME}_AZURE_CLIENT_SECRET_${SECRET_AZURE_CLIENT_SECRET_VERSION}
-    external: true
-  AZURE_SUBSCRIPTION_ID:
-    name: ${STACK_NAME}_AZURE_SUBSCRIPTION_ID_${SECRET_AZURE_SUBSCRIPTION_ID_VERSION}
-    external: true
-  AZURE_RESOURCE_GROUP:
-    name: ${STACK_NAME}_AZURE_RESOURCE_GROUP_${SECRET_AZURE_RESOURCE_GROUP_VERSION}
-    external: true
\ No newline at end of file
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index f4e6232..8da044b 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
 {{ end }}
 
+{{ if eq (env "AZURE_ENABLED") "1" }}
+export AZURE_CLIENT_SECRET=$(cat "$AZURE_CLIENT_SECRET_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"

From 445feab87cdf659c85d132502ecef86fc6cf6889 Mon Sep 17 00:00:00 2001
From: ripclap <admin@ripclap.org>
Date: Tue, 12 Aug 2025 09:44:59 -0700
Subject: [PATCH 5/5] Revert "Updated TRAEFIK_YML_VERSION"

This reverts commit 2db1a03d94fa9cbd760ab462a300376d133bce14.
---
 abra.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/abra.sh b/abra.sh
index 4a149d7..dcd1537 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v24
+export TRAEFIK_YML_VERSION=v23
 export FILE_PROVIDER_YML_VERSION=v10
 export ENTRYPOINT_VERSION=v4