vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

move env.secrets into data/ subdir

Browse Source
single-dockerfile
Trammell Hudson 2 years ago
parent fcbc47b151
commit 8bab7bf77a
12 changed files with 34 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      grafana/docker-compose.yaml
  2. 6
      grafana/setup
  3. 2
      hedgedoc/docker-compose.yaml
  4. 7
      hedgedoc/setup
  5. 2
      keycloak/client-create
  6. 2
      keycloak/client-delete
  7. 2
      keycloak/docker-compose.yaml
  8. 7
      keycloak/setup
  9. 6
      mastodon/docker-compose.yaml
  10. 11
      mastodon/setup
  11. 2
      nextcloud/docker-compose.yaml
  12. 6
      nextcloud/setup

2
grafana/docker-compose.yaml
Unescape View File

@ -23,4 +23,4 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/grafana/env.secrets

6
grafana/setup
Unescape View File

@ -7,8 +7,9 @@ source ../env.production || die "no top level env?"
source env.production || die "no local env?" source env.production || die "no local env?"
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect" BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
SECRETS="../data/grafana/env.secrets"
if [ -r "env.secrets" ]; then if [ -r "$SECRETS" ]; then
docker-compose up -d || die "grafana: unable to start container" docker-compose up -d || die "grafana: unable to start container"
exit 0 exit 0
fi fi
@ -19,7 +20,8 @@ GRAFANA_CLIENT_SECRET="$(openssl rand -hex 32)"
GRAFANA_ADMIN_PASSWORD="$(openssl rand -hex 4)" GRAFANA_ADMIN_PASSWORD="$(openssl rand -hex 4)"
echo "Generating secrets: admin password $GRAFANA_ADMIN_PASSWORD" echo "Generating secrets: admin password $GRAFANA_ADMIN_PASSWORD"
cat <<EOF > env.secrets mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# Do not check in! # Do not check in!
GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD
GF_SERVER_ROOT_URL=https://$GRAFANA_HOSTNAME/ GF_SERVER_ROOT_URL=https://$GRAFANA_HOSTNAME/

2
hedgedoc/docker-compose.yaml
Unescape View File

@ -15,7 +15,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/hedgedoc/env.secrets
environment: environment:
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
- CMD_PROTOCOL_USESSL=true - CMD_PROTOCOL_USESSL=true

7
hedgedoc/setup
Unescape View File

@ -6,7 +6,9 @@ cd "$DIRNAME"
source ../env.production || die "no top levle env?" source ../env.production || die "no top levle env?"
source env.production || die "no local env?" source env.production || die "no local env?"
if [ -r "./env.secrets" ]; then SECRETS="../data/hedgedoc/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "hedgedoc: unable to start" docker-compose up -d || die "hedgedoc: unable to start"
exit 0 exit 0
fi fi
@ -17,7 +19,8 @@ docker-compose down 2>/dev/null
CLIENT_SECRET="$(openssl rand -hex 20)" CLIENT_SECRET="$(openssl rand -hex 20)"
SESSION_SECRET="$(openssl rand -hex 20)" SESSION_SECRET="$(openssl rand -hex 20)"
cat <<EOF > env.secrets mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN # DO NOT CHECK IN
CMD_OAUTH2_CLIENT_SECRET=$CLIENT_SECRET CMD_OAUTH2_CLIENT_SECRET=$CLIENT_SECRET
CMD_SESSION_SECRET=$SESSION_SECRET CMD_SESSION_SECRET=$SESSION_SECRET

2
keycloak/client-create
Unescape View File

@ -6,7 +6,7 @@ cd "$DIRNAME"
source ../env.production || die "no top levle env?" source ../env.production || die "no top levle env?"
source env.production || die "no local env?" source env.production || die "no local env?"
source env.secrets || die "no local secrets?" source "../data/keycloak/env.secrets" || die "no local secrets?"
sudo docker-compose exec -T keycloak \ sudo docker-compose exec -T keycloak \
/opt/keycloak/bin/kcadm.sh \ /opt/keycloak/bin/kcadm.sh \

2
keycloak/client-delete
Unescape View File

@ -6,7 +6,7 @@ cd "$DIRNAME"
source ../env.production || die "no top levle env?" source ../env.production || die "no top levle env?"
source env.production || die "no local env?" source env.production || die "no local env?"
source env.secrets || die "no local secrets?" source "../data/keycloak/env.secrets" || die "no local secrets?"
# try to get the clients by name # try to get the clients by name
CLIENT_NAME="$1" CLIENT_NAME="$1"

2
keycloak/docker-compose.yaml
Unescape View File

@ -22,7 +22,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/keycloak/env.secrets
environment: environment:
DB_VENDOR: MYSQL DB_VENDOR: MYSQL
DB_ADDR: mysql DB_ADDR: mysql

7
keycloak/setup
Unescape View File

@ -7,7 +7,9 @@ cd "$DIRNAME"
source ../env.production source ../env.production
source ./env.production source ./env.production
if [ -r "./env.secrets" ]; then SECRETS="../data/keycloak/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "keycloak: unable to start container" docker-compose up -d || die "keycloak: unable to start container"
exit 0 exit 0
fi fi
@ -17,7 +19,8 @@ docker-compose down 2>/dev/null
KEYCLOAK_ADMIN_PASSWORD="$(openssl rand -hex 8)" KEYCLOAK_ADMIN_PASSWORD="$(openssl rand -hex 8)"
echo "Keycloak admin password $KEYCLOAK_ADMIN_PASSWORD" echo "Keycloak admin password $KEYCLOAK_ADMIN_PASSWORD"
cat <<EOF > env.secrets mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN # DO NOT CHECK IN
KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD
EOF EOF

6
mastodon/docker-compose.yaml
Unescape View File

@ -52,7 +52,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/mastodon/env.secrets
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 6001" command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 6001"
networks: networks:
- external_network - external_network
@ -75,7 +75,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/mastodon/env.secrets
command: node ./streaming command: node ./streaming
networks: networks:
- external_network - external_network
@ -95,7 +95,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/mastodon/env.secrets
command: bundle exec sidekiq command: bundle exec sidekiq
depends_on: depends_on:
- database - database

11
mastodon/setup
Unescape View File

@ -10,7 +10,9 @@ source ./env.production
mkdir -p ../data/mastodon/system mkdir -p ../data/mastodon/system
chmod 777 ../data/mastodon/system chmod 777 ../data/mastodon/system
if [ -r "./env.secrets" ]; then SECRETS="../data/mastodon/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "unable to restart mastodon" docker-compose up -d || die "unable to restart mastodon"
exit 0 exit 0
fi fi
@ -22,7 +24,8 @@ OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"
# create the secrets file, # create the secrets file,
# along with some parameters that should be in the environment # along with some parameters that should be in the environment
cat <<EOF > env.secrets mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN # DO NOT CHECK IN
LOCAL_DOMAIN=$MASTODON_HOSTNAME LOCAL_DOMAIN=$MASTODON_HOSTNAME
OIDC_DISPLAY_NAME=$REALM OIDC_DISPLAY_NAME=$REALM
@ -36,7 +39,7 @@ EOF
info "mastodon: creating push keys" info "mastodon: creating push keys"
docker-compose run --rm mastodon \ docker-compose run --rm mastodon \
rails mastodon:webpush:generate_vapid_key \ rails mastodon:webpush:generate_vapid_key \
>> env.secrets \ >> "$SECRETS" \
|| die "unable to generate vapid key" || die "unable to generate vapid key"
info "mastodon: setting up database" info "mastodon: setting up database"
@ -44,7 +47,7 @@ docker-compose run --rm mastodon \
rails db:setup \ rails db:setup \
|| die "unable to login" || die "unable to login"
source ./env.secrets source "$SECRETS"
info "mastodon: creating keycloak interface" info "mastodon: creating keycloak interface"
../keycloak/client-delete mastodon ../keycloak/client-delete mastodon

2
nextcloud/docker-compose.yaml
Unescape View File

@ -19,7 +19,7 @@ services:
env_file: env_file:
- ../env.production - ../env.production
- env.production - env.production
- env.secrets - ../data/nextcloud/env.secrets
environment: environment:
POSTGRES_HOST: database POSTGRES_HOST: database
POSTGRES_DB: nextcloud POSTGRES_DB: nextcloud

6
nextcloud/setup
Unescape View File

@ -6,7 +6,8 @@ cd "$DIRNAME"
source ../env.production || die "no top level env?" source ../env.production || die "no top level env?"
source env.production || die "no local env?" source env.production || die "no local env?"
if [ -r "./env.secrets" ]; then SECRETS="../data/nextcloud/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "nextcloud: unable to start" docker-compose up -d || die "nextcloud: unable to start"
exit 0 exit 0
fi fi
@ -17,7 +18,8 @@ NEXTCLOUD_CLIENT_SECRET="$(openssl rand -hex 32)"
NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 6)" NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 6)"
echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD" echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD"
cat <<EOF > env.secrets mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# Do not check in! # Do not check in!
NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME

Write Preview
Loading…
Cancel
Save