move env.secrets into data/ subdir

2 years ago · 8bab7bf77a
parent fcbc47b151
commit 8bab7bf77a
12 changed files with 34 additions and 21 deletions
--- a/grafana/docker-compose.yaml
+++ b/grafana/docker-compose.yaml
@ -23,4 +23,4 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/grafana/env.secrets
--- a/grafana/setup
+++ b/grafana/setup
@ -7,8 +7,9 @@ source ../env.production || die "no top level env?"
 source env.production || die "no local env?"

 BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
+SECRETS="../data/grafana/env.secrets"

-if [ -r "env.secrets" ]; then
+if [ -r "$SECRETS" ]; then
 	docker-compose up -d || die "grafana: unable to start container"
 	exit 0
 fi
@ -19,7 +20,8 @@ GRAFANA_CLIENT_SECRET="$(openssl rand -hex 32)"
 GRAFANA_ADMIN_PASSWORD="$(openssl rand -hex 4)"

 echo "Generating secrets: admin password $GRAFANA_ADMIN_PASSWORD"
-cat <<EOF > env.secrets
+mkdir -p "$(dirname "$SECRETS")"
+cat <<EOF > "$SECRETS"
 # Do not check in!
 GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD
 GF_SERVER_ROOT_URL=https://$GRAFANA_HOSTNAME/
--- a/hedgedoc/docker-compose.yaml
+++ b/hedgedoc/docker-compose.yaml
@ -15,7 +15,7 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/hedgedoc/env.secrets
    environment:
      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
      - CMD_PROTOCOL_USESSL=true
--- a/hedgedoc/setup
+++ b/hedgedoc/setup
@ -6,7 +6,9 @@ cd "$DIRNAME"
 source ../env.production || die "no top levle env?"
 source env.production || die "no local env?"

-if [ -r "./env.secrets" ]; then
+SECRETS="../data/hedgedoc/env.secrets"
+
+if [ -r "$SECRETS" ]; then
 	docker-compose up -d || die "hedgedoc: unable to start"
 	exit 0
 fi
@ -17,7 +19,8 @@ docker-compose down 2>/dev/null
 CLIENT_SECRET="$(openssl rand -hex 20)"
 SESSION_SECRET="$(openssl rand -hex 20)"

-cat <<EOF > env.secrets
+mkdir -p "$(dirname "$SECRETS")"
+cat <<EOF > "$SECRETS"
 # DO NOT CHECK IN
 CMD_OAUTH2_CLIENT_SECRET=$CLIENT_SECRET
 CMD_SESSION_SECRET=$SESSION_SECRET
--- a/keycloak/client-create
+++ b/keycloak/client-create
@ -6,7 +6,7 @@ cd "$DIRNAME"

 source ../env.production || die "no top levle env?"
 source env.production || die "no local env?"
-source env.secrets || die "no local secrets?"
+source "../data/keycloak/env.secrets" || die "no local secrets?"

 sudo docker-compose exec -T keycloak \
  /opt/keycloak/bin/kcadm.sh \
--- a/keycloak/client-delete
+++ b/keycloak/client-delete
@ -6,7 +6,7 @@ cd "$DIRNAME"

 source ../env.production || die "no top levle env?"
 source env.production || die "no local env?"
-source env.secrets || die "no local secrets?"
+source "../data/keycloak/env.secrets" || die "no local secrets?"

 # try to get the clients by name
 CLIENT_NAME="$1"
--- a/keycloak/docker-compose.yaml
+++ b/keycloak/docker-compose.yaml
@ -22,7 +22,7 @@ services:
      env_file:
        - ../env.production
        - env.production
-        - env.secrets
+        - ../data/keycloak/env.secrets
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
--- a/keycloak/setup
+++ b/keycloak/setup
@ -7,7 +7,9 @@ cd "$DIRNAME"
 source ../env.production
 source ./env.production

-if [ -r "./env.secrets" ]; then
+SECRETS="../data/keycloak/env.secrets"
+
+if [ -r "$SECRETS" ]; then
 	docker-compose up -d || die "keycloak: unable to start container"
 	exit 0
 fi
@ -17,7 +19,8 @@ docker-compose down 2>/dev/null
 KEYCLOAK_ADMIN_PASSWORD="$(openssl rand -hex 8)"
 echo "Keycloak admin password $KEYCLOAK_ADMIN_PASSWORD"

-cat <<EOF > env.secrets
+mkdir -p "$(dirname "$SECRETS")"
+cat <<EOF > "$SECRETS"
 # DO NOT CHECK IN
 KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD
 EOF
--- a/mastodon/docker-compose.yaml
+++ b/mastodon/docker-compose.yaml
@ -52,7 +52,7 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/mastodon/env.secrets
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 6001"
    networks:
      - external_network
@ -75,7 +75,7 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/mastodon/env.secrets
    command: node ./streaming
    networks:
      - external_network
@ -95,7 +95,7 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/mastodon/env.secrets
    command: bundle exec sidekiq
    depends_on:
      - database
--- a/mastodon/setup
+++ b/mastodon/setup
@ -10,7 +10,9 @@ source ./env.production
 mkdir -p ../data/mastodon/system
 chmod 777 ../data/mastodon/system

-if [ -r "./env.secrets" ]; then
+SECRETS="../data/mastodon/env.secrets"
+
+if [ -r "$SECRETS" ]; then
 	docker-compose up -d || die "unable to restart mastodon"
 	exit 0
 fi
@ -22,7 +24,8 @@ OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"

 # create the secrets file,
 # along with some parameters that should be in the environment
-cat <<EOF > env.secrets
+mkdir -p "$(dirname "$SECRETS")"
+cat <<EOF > "$SECRETS"
 # DO NOT CHECK IN
 LOCAL_DOMAIN=$MASTODON_HOSTNAME
 OIDC_DISPLAY_NAME=$REALM
@ -36,7 +39,7 @@ EOF
 info "mastodon: creating push keys"
 docker-compose run --rm mastodon \
 	rails mastodon:webpush:generate_vapid_key \
-	>> env.secrets \
+	>> "$SECRETS" \
 || die "unable to generate vapid key"

 info "mastodon: setting up database"
@ -44,7 +47,7 @@ docker-compose run --rm mastodon \
 	rails db:setup \
 || die "unable to login"

-source ./env.secrets
+source "$SECRETS"

 info "mastodon: creating keycloak interface"
 ../keycloak/client-delete mastodon
--- a/nextcloud/docker-compose.yaml
+++ b/nextcloud/docker-compose.yaml
@ -19,7 +19,7 @@ services:
    env_file:
      - ../env.production
      - env.production
-      - env.secrets
+      - ../data/nextcloud/env.secrets
    environment:
      POSTGRES_HOST: database
      POSTGRES_DB: nextcloud
--- a/nextcloud/setup
+++ b/nextcloud/setup
@ -6,7 +6,8 @@ cd "$DIRNAME"
 source ../env.production || die "no top level env?"
 source env.production || die "no local env?"

-if [ -r "./env.secrets" ]; then
+SECRETS="../data/nextcloud/env.secrets"
+if [ -r "$SECRETS" ]; then
 	docker-compose up -d || die "nextcloud: unable to start"
 	exit 0
 fi
@ -17,7 +18,8 @@ NEXTCLOUD_CLIENT_SECRET="$(openssl rand -hex 32)"
 NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 6)"

 echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD"
-cat <<EOF > env.secrets
+mkdir -p "$(dirname "$SECRETS")"
+cat <<EOF > "$SECRETS"
 # Do not check in!
 NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
 NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME