WIP: feat(docker): Add ability to substitute env vars with _file vars #1621
|
@ -1,6 +1,41 @@
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
# usage: file_env VAR [DEFAULT]
|
||||||
|
# Set $VAR to the contents of the path specified by $VAR_FILE. Useful for docker secrets
|
||||||
|
file_env() {
|
||||||
|
VAR="$1"
|
||||||
|
FILE_VAR="${VAR}_FILE"
|
||||||
|
eval "VAR_EXPANDED=\"\${$VAR}\""
|
||||||
|
eval "FILE_VAR_EXPANDED=\"\${$FILE_VAR}\""
|
||||||
|
DEFAULT="${2:-}"
|
||||||
|
|
||||||
|
if [ "${VAR_EXPANDED:-}" ] && [ "${FILE_VAR_EXPANDED:-}" ]; then
|
||||||
|
echo >&2 "error: both $VAR and $FILE_VAR are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
VAL="$DEFAULT"
|
||||||
|
if [ "${VAR_EXPANDED:-}" ]; then
|
||||||
|
VAL="${VAR_EXPANDED}"
|
||||||
|
elif [ "${FILE_VAR_EXPANDED:-}" ]; then
|
||||||
|
if [ -f "${FILE_VAR_EXPANDED}" ]; then
|
||||||
|
VAL="$(cat "${FILE_VAR_EXPANDED}")"
|
||||||
|
else
|
||||||
|
echo >&2 "error: couldn't find file at '$FILE_VAR_EXPANDED'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
export "$VAR"="$VAL"
|
||||||
|
unset "$FILE_VAR"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Substitue all env vars starting with VIKUNJA and ending with _FILE
|
||||||
|
for var in $(env | sed -n "s/^\(VIKUNJA.*\)_FILE=.*$/\1/p"); do
|
||||||
|
file_env "${var}"
|
||||||
|
done
|
||||||
|
|
||||||
if [ -n "$PUID" ] && [ "$PUID" -ne 0 ] && \
|
if [ -n "$PUID" ] && [ "$PUID" -ne 0 ] && \
|
||||||
[ -n "$PGID" ] && [ "$PGID" -ne 0 ] ; then
|
[ -n "$PGID" ] && [ "$PGID" -ne 0 ] ; then
|
||||||
echo "info: creating the new user vikunja with $PUID:$PGID"
|
echo "info: creating the new user vikunja with $PUID:$PGID"
|
||||||
|
|
|
@ -27,6 +27,31 @@ first:
|
||||||
child: true
|
child: true
|
||||||
{{< /highlight >}}
|
{{< /highlight >}}
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
Environment variables that contain senstitive data can be suffixed with `_FILE`. If you take the expected environment variable for the configuration
|
||||||
|
option with the _FILE suffix at the end, the contents of the file it points to will be used. See [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/)
|
||||||
|
and [Docker Compose](https://docs.docker.com/compose/use-secrets/) docs for more info on using secrets.
|
||||||
|
|
||||||
|
{{< highlight bash >}}
|
||||||
|
echo "a super secure random secret" > /host/secrets/path/vikunja_service_jwtsecret
|
||||||
|
{{< /highlight >}}
|
||||||
|
|
||||||
|
{{< highlight yaml >}}
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
vikunja_service_jwtsecret:
|
||||||
|
file: /host/secrets/path/vikunja_service_jwtsecret
|
||||||
|
|
||||||
|
services:
|
||||||
|
api:
|
||||||
|
image: vikunja/api
|
||||||
|
secrets:
|
||||||
|
- vikunja_service_jwtsecret
|
||||||
|
environment:
|
||||||
|
VIKUNJA_SERVICE_JWTSECRET_FILE: /run/secrets/vikunja_service_jwtsecret
|
||||||
|
{{< /highlight >}}
|
||||||
|
|
||||||
# Formats
|
# Formats
|
||||||
|
|
||||||
Vikunja supports using `toml`, `yaml`, `hcl`, `ini`, `json`, envfile, env variables and Java Properties files.
|
Vikunja supports using `toml`, `yaml`, `hcl`, `ini`, `json`, envfile, env variables and Java Properties files.
|
||||||
|
|
Loading…
Reference in New Issue