WIP: feat(docker): Add ability to substitute env vars with _file vars #1621
|
@ -1,6 +1,41 @@
|
|||
#!/usr/bin/env sh
|
||||
set -e
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# Set $VAR to the contents of the path specified by $VAR_FILE. Useful for docker secrets
|
||||
file_env() {
|
||||
VAR="$1"
|
||||
FILE_VAR="${VAR}_FILE"
|
||||
eval "VAR_EXPANDED=\"\${$VAR}\""
|
||||
eval "FILE_VAR_EXPANDED=\"\${$FILE_VAR}\""
|
||||
DEFAULT="${2:-}"
|
||||
|
||||
if [ "${VAR_EXPANDED:-}" ] && [ "${FILE_VAR_EXPANDED:-}" ]; then
|
||||
echo >&2 "error: both $VAR and $FILE_VAR are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VAL="$DEFAULT"
|
||||
if [ "${VAR_EXPANDED:-}" ]; then
|
||||
VAL="${VAR_EXPANDED}"
|
||||
elif [ "${FILE_VAR_EXPANDED:-}" ]; then
|
||||
if [ -f "${FILE_VAR_EXPANDED}" ]; then
|
||||
VAL="$(cat "${FILE_VAR_EXPANDED}")"
|
||||
else
|
||||
echo >&2 "error: couldn't find file at '$FILE_VAR_EXPANDED'"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
export "$VAR"="$VAL"
|
||||
unset "$FILE_VAR"
|
||||
}
|
||||
|
||||
# Substitue all env vars starting with VIKUNJA and ending with _FILE
|
||||
for var in $(env | sed -n "s/^\(VIKUNJA.*\)_FILE=.*$/\1/p"); do
|
||||
file_env "${var}"
|
||||
done
|
||||
|
||||
if [ -n "$PUID" ] && [ "$PUID" -ne 0 ] && \
|
||||
[ -n "$PGID" ] && [ "$PGID" -ne 0 ] ; then
|
||||
echo "info: creating the new user vikunja with $PUID:$PGID"
|
||||
|
|
|
@ -27,6 +27,31 @@ first:
|
|||
child: true
|
||||
{{< /highlight >}}
|
||||
|
||||
## Docker
|
||||
Environment variables that contain senstitive data can be suffixed with `_FILE`. If you take the expected environment variable for the configuration
|
||||
option with the _FILE suffix at the end, the contents of the file it points to will be used. See [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/)
|
||||
and [Docker Compose](https://docs.docker.com/compose/use-secrets/) docs for more info on using secrets.
|
||||
|
||||
{{< highlight bash >}}
|
||||
echo "a super secure random secret" > /host/secrets/path/vikunja_service_jwtsecret
|
||||
{{< /highlight >}}
|
||||
|
||||
{{< highlight yaml >}}
|
||||
version: '3'
|
||||
|
||||
secrets:
|
||||
vikunja_service_jwtsecret:
|
||||
file: /host/secrets/path/vikunja_service_jwtsecret
|
||||
|
||||
services:
|
||||
api:
|
||||
image: vikunja/api
|
||||
secrets:
|
||||
- vikunja_service_jwtsecret
|
||||
environment:
|
||||
VIKUNJA_SERVICE_JWTSECRET_FILE: /run/secrets/vikunja_service_jwtsecret
|
||||
{{< /highlight >}}
|
||||
|
||||
# Formats
|
||||
|
||||
Vikunja supports using `toml`, `yaml`, `hcl`, `ini`, `json`, envfile, env variables and Java Properties files.
|
||||
|
|
Loading…
Reference in New Issue
Block a user