Rename secrets
files to overrides
This commit is contained in:
parent
ef630602d7
commit
050b72f5d3
24 changed files with 56 additions and 57 deletions
|
@ -2,7 +2,7 @@
|
|||
begin
|
||||
set -l name anki
|
||||
set -l dir (status dirname)
|
||||
set -l source "$dir/docker-compose.secrets.yml"
|
||||
set -l source "$dir/docker-compose.overrides.yml"
|
||||
source "$dir/../service.fish"
|
||||
|
||||
function installSW -V dir -V source
|
||||
|
@ -13,7 +13,7 @@ begin
|
|||
sudo cp "$dir/docker-compose.base.yml" (getServiceRoot $argv)
|
||||
|
||||
USER=$user yq "$userKey = env(USER)" "$source" | \
|
||||
sudo tee (getServiceSecretsConfig $argv) >/dev/null
|
||||
sudo tee (getServiceOverrides $argv) >/dev/null
|
||||
|
||||
installDockerService $argv
|
||||
end
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
include:
|
||||
- path:
|
||||
- docker-compose.base.yml
|
||||
- docker-compose.secrets.yml
|
||||
- docker-compose.overrides.yml
|
||||
|
|
|
@ -11,13 +11,13 @@ begin
|
|||
function installSW -V dir -V environments -V source
|
||||
set -l root (getServiceRoot $argv)
|
||||
set -l config "$root/docker-compose.base.yml"
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
|
||||
set -l dockerTemplate (yq -oj (getServiceKey docker-template) "$source")
|
||||
set -l sshTemplate (yq -oj (getServiceKey ssh-template) "$source")
|
||||
initializeServiceInstallation $argv
|
||||
echo "{}" | sudo tee "$config" >/dev/null
|
||||
echo "{}" | sudo tee "$secrets" >/dev/null
|
||||
echo "{}" | sudo tee "$overrides" >/dev/null
|
||||
|
||||
cp "$dir"/{ci.Dockerfile,docker-compose.core.yml,.dockerignore} "$root"
|
||||
echo "DRONE_JSONNET_ENABLED=true" | sudo tee "$root/server.common.env" >/dev/null
|
||||
|
@ -32,7 +32,7 @@ begin
|
|||
set -l runners ssh docker
|
||||
set -l services ci $runners
|
||||
set -l tmpConfig (mktemp)
|
||||
set -l tmpSecrets (mktemp)
|
||||
set -l tmpOverrides (mktemp)
|
||||
set -l ciName "$name-ci"
|
||||
set -l sshName "$name-ssh-runner"
|
||||
set -l dockerName "$name-docker-runner"
|
||||
|
@ -41,7 +41,7 @@ begin
|
|||
set -l dockerEnv
|
||||
|
||||
cp "$config" "$tmpConfig"
|
||||
cp "$secrets" "$tmpSecrets"
|
||||
cp "$overrides" "$tmpOverrides"
|
||||
|
||||
for serviceName in $services
|
||||
set -l file (mktemp)
|
||||
|
@ -83,8 +83,8 @@ begin
|
|||
rm "$file"
|
||||
end
|
||||
|
||||
PORT="127.0.0.1:1337:80" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
|
||||
sudo tee "$secrets" >/dev/null
|
||||
PORT="127.0.0.1:1337:80" yq "$ciKey.ports = [ env(PORT) ]" "$tmpOverrides" | \
|
||||
sudo tee "$overrides" >/dev/null
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -113,7 +113,7 @@ begin
|
|||
end
|
||||
|
||||
function getBackupArgs
|
||||
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
|
||||
printf "%s\n" --hidden --no-ignore "data|\.secret\.|\.overrides\." (getServiceRoot $argv)
|
||||
end
|
||||
|
||||
runInstaller --force $argv
|
||||
|
|
|
@ -13,8 +13,8 @@ begin
|
|||
|
||||
function installSW -V dir -V domain -V server -V service
|
||||
set -l root (getServiceRoot $argv)
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l source "$dir/$(basename "$secrets")"
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l source "$dir/$(basename "$overrides")"
|
||||
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
|
||||
set -l port (getRandomPort)
|
||||
initializeServiceInstallation $argv
|
||||
|
@ -36,7 +36,7 @@ begin
|
|||
yq "$dbEnv.MARIADB_USER = env(USER)" | \
|
||||
yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
|
||||
URL="https://$DOMAIN/" yq "$actEnv.GITEA_INSTANCE_URL = env(URL)" | \
|
||||
sudo tee "$secrets" >/dev/null
|
||||
sudo tee "$overrides" >/dev/null
|
||||
end
|
||||
|
||||
installDockerService $argv
|
||||
|
@ -51,7 +51,7 @@ begin
|
|||
set -l dir "$root/data"
|
||||
set -l bin "/usr/local/bin/forgejo"
|
||||
set -l config "$root/docker-compose.base.yml"
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l envKey "$(getServiceKey "$service").environment"
|
||||
configureDockerService $argv
|
||||
cp "$config" "$file"
|
||||
|
@ -74,7 +74,7 @@ begin
|
|||
and chown -R $uid:$gid "$dir"
|
||||
rm "$file"
|
||||
|
||||
set port (yq (getSSHPortKey) "$secrets" | extractPort)
|
||||
set port (yq (getSSHPortKey) "$overrides" | extractPort)
|
||||
|
||||
begin
|
||||
printf "%s\n" \
|
||||
|
|
|
@ -11,8 +11,8 @@ begin
|
|||
|
||||
function installSW -V dir -V domain -V server -V service
|
||||
set -l root (getServiceRoot $argv)
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l source "$dir/$(basename "$secrets")"
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l source "$dir/$(basename "$overrides")"
|
||||
set -l port (getRandomPort)
|
||||
set -l servarrKeys
|
||||
initializeServiceInstallation $argv
|
||||
|
@ -20,7 +20,7 @@ begin
|
|||
sudo cp "$dir/.dockerignore" "$root"
|
||||
sudo cp "$dir/pvpn-cli.py" "$root"
|
||||
sudo cp "$dir/rtorrent.Dockerfile" "$root"
|
||||
sudo cp "$source" "$secrets"
|
||||
sudo cp "$source" "$overrides"
|
||||
|
||||
installDockerService $argv
|
||||
end
|
||||
|
@ -33,7 +33,7 @@ begin
|
|||
set -l root (getServiceRoot $argv)
|
||||
set -l bin "/usr/local/bin/forgejo"
|
||||
set -l config "$root/docker-compose.base.yml"
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l envKey "$(getServiceKey "$service").environment"
|
||||
configureDockerService $argv
|
||||
|
||||
|
@ -62,9 +62,9 @@ begin
|
|||
sudo tee "$config" >/dev/null
|
||||
end
|
||||
|
||||
cp "$secrets" "$file"
|
||||
cp "$overrides" "$file"
|
||||
URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" | \
|
||||
sudo tee "$secrets" >/dev/null
|
||||
sudo tee "$overrides" >/dev/null
|
||||
|
||||
for dir in "$root"/{downloads,config/{,jellyfin,flood,rtorrent,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}}
|
||||
sudo mkdir -p "$dir"
|
||||
|
|
|
@ -33,8 +33,8 @@ begin
|
|||
set -l domain (getServiceDomain $domain)
|
||||
set -l base "$root/docker-compose.base.yml"
|
||||
set -l baseSource "$dir/$(basename "$base")"
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l secretsSource "$dir/$(basename "$secrets")"
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l overridesSource "$dir/$(basename "$overrides")"
|
||||
set -l turnKey "$(getServiceKey "$turn")"
|
||||
set -l portKey "$turnKey.ports[1]"
|
||||
set -l officeEnv "$(getServiceKey "$office").environment"
|
||||
|
@ -81,16 +81,16 @@ begin
|
|||
|
||||
PW="--static-auth-secret=$turnPW" \
|
||||
DOMAIN="--realm=$domain" \
|
||||
yq "$key |= . + [env(PW), env(DOMAIN)]" "$secretsSource" | \
|
||||
sudo tee "$secrets" >/dev/null
|
||||
yq "$key |= . + [env(PW), env(DOMAIN)]" "$overridesSource" | \
|
||||
sudo tee "$overrides" >/dev/null
|
||||
end
|
||||
|
||||
installDockerService $argv
|
||||
set turnPort (yq (getServicePortKey "$turn") "$secrets" | extractPort)
|
||||
set turnPort (yq "$portKey" "$secrets" | mutatePort "$turnPort")
|
||||
set turnPort (yq (getServicePortKey "$turn") "$overrides" | extractPort)
|
||||
set turnPort (yq "$portKey" "$overrides" | mutatePort "$turnPort")
|
||||
|
||||
cp "$secrets" "$file"
|
||||
PORT="$turnPort" yq "$portKey = env(PORT)" "$file" | sudo tee "$secrets" >/dev/null
|
||||
cp "$overrides" "$file"
|
||||
PORT="$turnPort" yq "$portKey = env(PORT)" "$file" | sudo tee "$overrides" >/dev/null
|
||||
rm "$file"
|
||||
end
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ begin
|
|||
set -l dir (status dirname)
|
||||
set -l domain "tracker" ""
|
||||
set -l service "ryot"
|
||||
set -l source "$dir/docker-compose.secrets.yml"
|
||||
set -l source "$dir/docker-compose.overrides.yml"
|
||||
source "$dir/../service.fish"
|
||||
|
||||
function installSW -V dir -V domain -V service -V source
|
||||
|
@ -19,7 +19,7 @@ begin
|
|||
|
||||
URL=$dbUrl yq "$dbKey = env(URL)" "$source" | \
|
||||
PW=$pw yq ".services.db.environment.POSTGRES_PASSWORD = env(PW)" | \
|
||||
sudo tee (getServiceSecretsConfig $argv) >/dev/null
|
||||
sudo tee (getServiceOverrides $argv) >/dev/null
|
||||
|
||||
installDockerService $argv
|
||||
end
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
begin
|
||||
set -l dir (status dirname)
|
||||
set -l root /usr/local/lib
|
||||
set -l secretsFile "docker-compose.secrets.yml"
|
||||
set -l overrides "docker-compose.overrides.yml"
|
||||
set -l nginxRoot "/etc/nginx/conf.d"
|
||||
source "$dir/../../../../lib/software.fish"
|
||||
|
||||
|
@ -48,11 +48,11 @@ begin
|
|||
echo "$nginxRoot/$(getServiceName $argv).conf"
|
||||
end
|
||||
|
||||
function getServiceSecretsConfig -V secretsFile
|
||||
echo "$(getServiceRoot $argv)/$secretsFile"
|
||||
function getServiceOverrides -V overrides
|
||||
echo "$(getServiceRoot $argv)/$overrides"
|
||||
end
|
||||
|
||||
function getServicePortKey -V secretsFile -a name
|
||||
function getServicePortKey -V overrides -a name
|
||||
echo "$(getServiceKey "$name").ports[0]"
|
||||
end
|
||||
|
||||
|
@ -78,7 +78,7 @@ begin
|
|||
function getServiceDefaultProxy -a domain service location
|
||||
argparse -i "comment=" "path=" "url=" -- $argv
|
||||
set -l url
|
||||
set -l config (getServiceSecretsConfig $argv)
|
||||
set -l config (getServiceOverrides $argv)
|
||||
set -l portKey (getServicePortKey "$service")
|
||||
set -l port (yq "$portKey" "$config" | extractPort)
|
||||
|
||||
|
@ -115,13 +115,13 @@ begin
|
|||
set -l root (getServiceRoot $argv)
|
||||
sudo mkdir -p (getServiceRoot $argv)
|
||||
sudo mkdir -p "$nginxRoot"
|
||||
sudo mkdir -p (dirname (getServiceSecretsConfig $argv))
|
||||
sudo mkdir -p (dirname (getServiceOverrides $argv))
|
||||
sudo touch "$root/docker-compose.overrides.yml"
|
||||
sudo cp "$dir/docker-compose.yml" "$root"
|
||||
end
|
||||
|
||||
function installDockerService -V dir -V nginxRoot
|
||||
set -l config (getServiceSecretsConfig $argv)
|
||||
set -l config (getServiceOverrides $argv)
|
||||
set -l servers (getServiceServers $argv | string split0)
|
||||
|
||||
for i in (seq 1 2 (count $servers))
|
||||
|
@ -184,6 +184,6 @@ begin
|
|||
set extraPatterns "|$extraPatterns"
|
||||
end
|
||||
|
||||
printf "%s\n" --base-directory (getServiceRoot $argv) --hidden --no-ignore "^(docker-compose\.(secrets|overrides)\.yml|data)\$$extraPatterns"
|
||||
printf "%s\n" --base-directory (getServiceRoot $argv) --hidden --no-ignore "^(docker-compose\.overrides\.yml|data)\$$extraPatterns"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/env fish
|
||||
begin
|
||||
set -l dir (status dirname)
|
||||
set -l source "$dir/docker-compose.secrets.yml"
|
||||
set -l source "$dir/docker-compose.overrides.yml"
|
||||
source "$dir/../service.fish"
|
||||
|
||||
function installSW -V dir -V domain -V source
|
||||
|
@ -25,7 +25,7 @@ begin
|
|||
yq "$tsEnv.TS3SERVER_DB_NAME = env(DB)" | \
|
||||
yq "$dbEnv.MARIADB_DATABASE = env(DB)"
|
||||
end | \
|
||||
sudo tee (getServiceSecretsConfig $argv) >/dev/null
|
||||
sudo tee (getServiceOverrides $argv) >/dev/null
|
||||
|
||||
installDockerService $argv
|
||||
end
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
services:
|
||||
tm:
|
||||
extends:
|
||||
file: docker-compose.core.secrets.yml
|
||||
file: docker-compose.core.overrides.yml
|
||||
service: tm
|
||||
volumes: &tm-volumes
|
||||
- tm-server:/app
|
||||
|
@ -17,7 +17,7 @@ services:
|
|||
- xaseco:/cache
|
||||
xaseco:
|
||||
extends:
|
||||
file: docker-compose.core.secrets.yml
|
||||
file: docker-compose.core.overrides.yml
|
||||
service: xaseco
|
||||
<<:
|
||||
- *xaseco-base
|
||||
|
@ -26,5 +26,5 @@ services:
|
|||
build: *xaseco-build
|
||||
db:
|
||||
extends:
|
||||
file: docker-compose.core.secrets.yml
|
||||
file: docker-compose.core.overrides.yml
|
||||
service: db
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/env fish
|
||||
begin
|
||||
set -l dir (status dirname)
|
||||
set -l source "$dir/docker-compose.core.secrets.yml"
|
||||
set -l source "$dir/docker-compose.core.overrides.yml"
|
||||
source "$dir/../service.fish"
|
||||
|
||||
function installSW -V dir -V domain -V source
|
||||
|
@ -10,7 +10,7 @@ begin
|
|||
set -l sqlPW (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
|
||||
initializeServiceInstallation $argv
|
||||
|
||||
cp -rf "$dir"/{.dockerignore,docker-compose{.base,.secrets,.core{,.secrets}}.yml,parser.patch,tmforever-entrypoint.sh,trackmania.Dockerfile,xaseco-entrypoint.sh,xaseco.Dockerfile} "$root"
|
||||
cp -rf "$dir"/{.dockerignore,docker-compose{.base,.overrides,.core{,.overrides}}.yml,parser.patch,tmforever-entrypoint.sh,trackmania.Dockerfile,xaseco-entrypoint.sh,xaseco.Dockerfile} "$root"
|
||||
|
||||
PW="$tmPW" yq "$(getServiceKey "tm").environment.TM_SUPERADMIN_PASSWORD = env(PW)" "$source" | \
|
||||
PW="$sqlPW" yq "$(getServiceKey "db").environment.MYSQL_PASSWORD = env(PW)" | \
|
||||
|
@ -30,7 +30,7 @@ begin
|
|||
end
|
||||
|
||||
function getBackupArgs
|
||||
printf "%s\n" --hidden --no-ignore "^docker-compose\.(.*\.)\?.secrets.yml|data\$" (getServiceRoot $argv)
|
||||
printf "%s\n" --hidden --no-ignore "^docker-compose\.(.*\.)\?.overrides.yml|data\$" (getServiceRoot $argv)
|
||||
end
|
||||
|
||||
runInstaller --force $argv --name "tm-forever"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
begin
|
||||
set -l dir (status dirname)
|
||||
set -l domain "passwords"
|
||||
set -l source "$dir/docker-compose.secrets.yml"
|
||||
set -l source "$dir/docker-compose.overrides.yml"
|
||||
source "$dir/../service.fish"
|
||||
|
||||
function installSW -V dir -V domain -V source
|
||||
|
@ -19,7 +19,7 @@ begin
|
|||
|
||||
URL=$dbUrl yq "$dbKey = env(URL)" "$source" | \
|
||||
PW=$pw yq ".services.db.environment.MARIADB_PASSWORD = env(PW)" | \
|
||||
sudo tee (getServiceSecretsConfig $argv) >/dev/null
|
||||
sudo tee (getServiceOverrides $argv) >/dev/null
|
||||
|
||||
installDockerService $argv
|
||||
end
|
||||
|
|
|
@ -13,7 +13,7 @@ begin
|
|||
URL="https://$domain" yq "$(getServiceKey "$service").environment.DOMAIN = env(URL)" "$file" | \
|
||||
sudo tee "$(getServiceRoot $argv)/$(basename "$file")" >/dev/null
|
||||
|
||||
sudo cp "$dir/docker-compose.secrets.yml" (getServiceRoot $argv)
|
||||
sudo cp "$dir/docker-compose.overrides.yml" (getServiceRoot $argv)
|
||||
installDockerService $argv
|
||||
end
|
||||
|
||||
|
|
|
@ -12,13 +12,13 @@ begin
|
|||
function installSW -V dir -V environments -V source
|
||||
set -l root (getServiceRoot $argv)
|
||||
set -l config "$root/docker-compose.base.yml"
|
||||
set -l secrets (getServiceSecretsConfig $argv)
|
||||
set -l overrides (getServiceOverrides $argv)
|
||||
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
|
||||
set -l agentTemplate (yq -oj (getServiceKey agent-template) "$source")
|
||||
set -l dbTemplate (yq -oj (getServiceKey db-template) "$source")
|
||||
initializeServiceInstallation $argv
|
||||
echo "{}" | sudo tee "$config" >/dev/null
|
||||
echo "{}" | sudo tee "$secrets" >/dev/null
|
||||
echo "{}" | sudo tee "$overrides" >/dev/null
|
||||
|
||||
cp "$dir/.dockerignore" "$root"
|
||||
sudo touch "$root"/{agent,ci}.common.env
|
||||
|
@ -30,7 +30,7 @@ begin
|
|||
set -l secret (openssl rand -hex 32)
|
||||
set -l services ci db agent
|
||||
set -l tmpConfig (mktemp)
|
||||
set -l tmpSecrets (mktemp)
|
||||
set -l tmpOverrides (mktemp)
|
||||
set -l ciName "$name-ci"
|
||||
set -l dbName "$name-db"
|
||||
set -l agentName "$name-agent"
|
||||
|
@ -46,7 +46,7 @@ begin
|
|||
set -l domain (getServiceDomain "$subdomain" "$domain")
|
||||
|
||||
cp "$config" "$tmpConfig"
|
||||
cp "$secrets" "$tmpSecrets"
|
||||
cp "$overrides" "$tmpOverrides"
|
||||
|
||||
for serviceName in $services
|
||||
set -l file (mktemp)
|
||||
|
@ -74,13 +74,13 @@ begin
|
|||
ENTRY="./data/$name/db:/var/lib/mysql" yq "$dbKey.volumes |= . + [ env(ENTRY) ]" | \
|
||||
sudo tee "$config" >/dev/null
|
||||
|
||||
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
|
||||
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpOverrides" | \
|
||||
HOST="https://$domain" yq "$ciEnv.WOODPECKER_HOST = env(HOST)" | \
|
||||
DB="$dbUser:$pw@tcp($dbName:3306)/$db?parseTime=true" yq "$ciEnv.WOODPECKER_DATABASE_DATASOURCE = env(DB)" | \
|
||||
USER="$dbUser" yq "$dbEnv.MARIADB_USER = env(USER)" | \
|
||||
PW="$pw" yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
|
||||
DB="$db" yq "$dbEnv.MARIADB_DATABASE = env(DB)" | \
|
||||
sudo tee "$secrets" >/dev/null
|
||||
sudo tee "$overrides" >/dev/null
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -109,7 +109,7 @@ begin
|
|||
end
|
||||
|
||||
function getBackupArgs
|
||||
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
|
||||
printf "%s\n" --hidden --no-ignore "data|\.secret\.|docker-compose\.overrides\.yml" (getServiceRoot $argv)
|
||||
end
|
||||
|
||||
runInstaller --force $argv
|
||||
|
|
Loading…
Reference in a new issue