Rename secrets files to overrides

This commit is contained in:
Manuel Thalmann 2024-11-27 02:54:44 +01:00
parent df74ac2337
commit 9a3d7d4f68
24 changed files with 56 additions and 57 deletions

View file

@ -2,7 +2,7 @@
begin
set -l name anki
set -l dir (status dirname)
set -l source "$dir/docker-compose.secrets.yml"
set -l source "$dir/docker-compose.overrides.yml"
source "$dir/../service.fish"
function installSW -V dir -V source
@ -13,7 +13,7 @@ begin
sudo cp "$dir/docker-compose.base.yml" (getServiceRoot $argv)
USER=$user yq "$userKey = env(USER)" "$source" | \
sudo tee (getServiceSecretsConfig $argv) >/dev/null
sudo tee (getServiceOverrides $argv) >/dev/null
installDockerService $argv
end

View file

@ -1,5 +1,4 @@
include:
- path:
- docker-compose.base.yml
- docker-compose.secrets.yml
- docker-compose.overrides.yml

View file

@ -11,13 +11,13 @@ begin
function installSW -V dir -V environments -V source
set -l root (getServiceRoot $argv)
set -l config "$root/docker-compose.base.yml"
set -l secrets (getServiceSecretsConfig $argv)
set -l overrides (getServiceOverrides $argv)
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
set -l dockerTemplate (yq -oj (getServiceKey docker-template) "$source")
set -l sshTemplate (yq -oj (getServiceKey ssh-template) "$source")
initializeServiceInstallation $argv
echo "{}" | sudo tee "$config" >/dev/null
echo "{}" | sudo tee "$secrets" >/dev/null
echo "{}" | sudo tee "$overrides" >/dev/null
cp "$dir"/{ci.Dockerfile,docker-compose.core.yml,.dockerignore} "$root"
echo "DRONE_JSONNET_ENABLED=true" | sudo tee "$root/server.common.env" >/dev/null
@ -32,7 +32,7 @@ begin
set -l runners ssh docker
set -l services ci $runners
set -l tmpConfig (mktemp)
set -l tmpSecrets (mktemp)
set -l tmpOverrides (mktemp)
set -l ciName "$name-ci"
set -l sshName "$name-ssh-runner"
set -l dockerName "$name-docker-runner"
@ -41,7 +41,7 @@ begin
set -l dockerEnv
cp "$config" "$tmpConfig"
cp "$secrets" "$tmpSecrets"
cp "$overrides" "$tmpOverrides"
for serviceName in $services
set -l file (mktemp)
@ -83,8 +83,8 @@ begin
rm "$file"
end
PORT="127.0.0.1:1337:80" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
sudo tee "$secrets" >/dev/null
PORT="127.0.0.1:1337:80" yq "$ciKey.ports = [ env(PORT) ]" "$tmpOverrides" | \
sudo tee "$overrides" >/dev/null
end
end
@ -113,7 +113,7 @@ begin
end
function getBackupArgs
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
printf "%s\n" --hidden --no-ignore "data|\.secret\.|\.overrides\." (getServiceRoot $argv)
end
runInstaller --force $argv

View file

@ -13,8 +13,8 @@ begin
function installSW -V dir -V domain -V server -V service
set -l root (getServiceRoot $argv)
set -l secrets (getServiceSecretsConfig $argv)
set -l source "$dir/$(basename "$secrets")"
set -l overrides (getServiceOverrides $argv)
set -l source "$dir/$(basename "$overrides")"
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
set -l port (getRandomPort)
initializeServiceInstallation $argv
@ -36,7 +36,7 @@ begin
yq "$dbEnv.MARIADB_USER = env(USER)" | \
yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
URL="https://$DOMAIN/" yq "$actEnv.GITEA_INSTANCE_URL = env(URL)" | \
sudo tee "$secrets" >/dev/null
sudo tee "$overrides" >/dev/null
end
installDockerService $argv
@ -51,7 +51,7 @@ begin
set -l dir "$root/data"
set -l bin "/usr/local/bin/forgejo"
set -l config "$root/docker-compose.base.yml"
set -l secrets (getServiceSecretsConfig $argv)
set -l overrides (getServiceOverrides $argv)
set -l envKey "$(getServiceKey "$service").environment"
configureDockerService $argv
cp "$config" "$file"
@ -74,7 +74,7 @@ begin
and chown -R $uid:$gid "$dir"
rm "$file"
set port (yq (getSSHPortKey) "$secrets" | extractPort)
set port (yq (getSSHPortKey) "$overrides" | extractPort)
begin
printf "%s\n" \

View file

@ -11,8 +11,8 @@ begin
function installSW -V dir -V domain -V server -V service
set -l root (getServiceRoot $argv)
set -l secrets (getServiceSecretsConfig $argv)
set -l source "$dir/$(basename "$secrets")"
set -l overrides (getServiceOverrides $argv)
set -l source "$dir/$(basename "$overrides")"
set -l port (getRandomPort)
set -l servarrKeys
initializeServiceInstallation $argv
@ -20,7 +20,7 @@ begin
sudo cp "$dir/.dockerignore" "$root"
sudo cp "$dir/pvpn-cli.py" "$root"
sudo cp "$dir/rtorrent.Dockerfile" "$root"
sudo cp "$source" "$secrets"
sudo cp "$source" "$overrides"
installDockerService $argv
end
@ -33,7 +33,7 @@ begin
set -l root (getServiceRoot $argv)
set -l bin "/usr/local/bin/forgejo"
set -l config "$root/docker-compose.base.yml"
set -l secrets (getServiceSecretsConfig $argv)
set -l overrides (getServiceOverrides $argv)
set -l envKey "$(getServiceKey "$service").environment"
configureDockerService $argv
@ -62,9 +62,9 @@ begin
sudo tee "$config" >/dev/null
end
cp "$secrets" "$file"
cp "$overrides" "$file"
URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" | \
sudo tee "$secrets" >/dev/null
sudo tee "$overrides" >/dev/null
for dir in "$root"/{downloads,config/{,jellyfin,flood,rtorrent,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}}
sudo mkdir -p "$dir"

View file

@ -33,8 +33,8 @@ begin
set -l domain (getServiceDomain $domain)
set -l base "$root/docker-compose.base.yml"
set -l baseSource "$dir/$(basename "$base")"
set -l secrets (getServiceSecretsConfig $argv)
set -l secretsSource "$dir/$(basename "$secrets")"
set -l overrides (getServiceOverrides $argv)
set -l overridesSource "$dir/$(basename "$overrides")"
set -l turnKey "$(getServiceKey "$turn")"
set -l portKey "$turnKey.ports[1]"
set -l officeEnv "$(getServiceKey "$office").environment"
@ -81,16 +81,16 @@ begin
PW="--static-auth-secret=$turnPW" \
DOMAIN="--realm=$domain" \
yq "$key |= . + [env(PW), env(DOMAIN)]" "$secretsSource" | \
sudo tee "$secrets" >/dev/null
yq "$key |= . + [env(PW), env(DOMAIN)]" "$overridesSource" | \
sudo tee "$overrides" >/dev/null
end
installDockerService $argv
set turnPort (yq (getServicePortKey "$turn") "$secrets" | extractPort)
set turnPort (yq "$portKey" "$secrets" | mutatePort "$turnPort")
set turnPort (yq (getServicePortKey "$turn") "$overrides" | extractPort)
set turnPort (yq "$portKey" "$overrides" | mutatePort "$turnPort")
cp "$secrets" "$file"
PORT="$turnPort" yq "$portKey = env(PORT)" "$file" | sudo tee "$secrets" >/dev/null
cp "$overrides" "$file"
PORT="$turnPort" yq "$portKey = env(PORT)" "$file" | sudo tee "$overrides" >/dev/null
rm "$file"
end

View file

@ -3,7 +3,7 @@ begin
set -l dir (status dirname)
set -l domain "tracker" ""
set -l service "ryot"
set -l source "$dir/docker-compose.secrets.yml"
set -l source "$dir/docker-compose.overrides.yml"
source "$dir/../service.fish"
function installSW -V dir -V domain -V service -V source
@ -19,7 +19,7 @@ begin
URL=$dbUrl yq "$dbKey = env(URL)" "$source" | \
PW=$pw yq ".services.db.environment.POSTGRES_PASSWORD = env(PW)" | \
sudo tee (getServiceSecretsConfig $argv) >/dev/null
sudo tee (getServiceOverrides $argv) >/dev/null
installDockerService $argv
end

View file

@ -2,7 +2,7 @@
begin
set -l dir (status dirname)
set -l root /usr/local/lib
set -l secretsFile "docker-compose.secrets.yml"
set -l overrides "docker-compose.overrides.yml"
set -l nginxRoot "/etc/nginx/conf.d"
source "$dir/../../../../lib/software.fish"
@ -48,11 +48,11 @@ begin
echo "$nginxRoot/$(getServiceName $argv).conf"
end
function getServiceSecretsConfig -V secretsFile
echo "$(getServiceRoot $argv)/$secretsFile"
function getServiceOverrides -V overrides
echo "$(getServiceRoot $argv)/$overrides"
end
function getServicePortKey -V secretsFile -a name
function getServicePortKey -V overrides -a name
echo "$(getServiceKey "$name").ports[0]"
end
@ -78,7 +78,7 @@ begin
function getServiceDefaultProxy -a domain service location
argparse -i "comment=" "path=" "url=" -- $argv
set -l url
set -l config (getServiceSecretsConfig $argv)
set -l config (getServiceOverrides $argv)
set -l portKey (getServicePortKey "$service")
set -l port (yq "$portKey" "$config" | extractPort)
@ -115,13 +115,13 @@ begin
set -l root (getServiceRoot $argv)
sudo mkdir -p (getServiceRoot $argv)
sudo mkdir -p "$nginxRoot"
sudo mkdir -p (dirname (getServiceSecretsConfig $argv))
sudo mkdir -p (dirname (getServiceOverrides $argv))
sudo touch "$root/docker-compose.overrides.yml"
sudo cp "$dir/docker-compose.yml" "$root"
end
function installDockerService -V dir -V nginxRoot
set -l config (getServiceSecretsConfig $argv)
set -l config (getServiceOverrides $argv)
set -l servers (getServiceServers $argv | string split0)
for i in (seq 1 2 (count $servers))
@ -184,6 +184,6 @@ begin
set extraPatterns "|$extraPatterns"
end
printf "%s\n" --base-directory (getServiceRoot $argv) --hidden --no-ignore "^(docker-compose\.(secrets|overrides)\.yml|data)\$$extraPatterns"
printf "%s\n" --base-directory (getServiceRoot $argv) --hidden --no-ignore "^(docker-compose\.overrides\.yml|data)\$$extraPatterns"
end
end

View file

@ -1,7 +1,7 @@
#!/bin/env fish
begin
set -l dir (status dirname)
set -l source "$dir/docker-compose.secrets.yml"
set -l source "$dir/docker-compose.overrides.yml"
source "$dir/../service.fish"
function installSW -V dir -V domain -V source
@ -25,7 +25,7 @@ begin
yq "$tsEnv.TS3SERVER_DB_NAME = env(DB)" | \
yq "$dbEnv.MARIADB_DATABASE = env(DB)"
end | \
sudo tee (getServiceSecretsConfig $argv) >/dev/null
sudo tee (getServiceOverrides $argv) >/dev/null
installDockerService $argv
end

View file

@ -1,7 +1,7 @@
services:
tm:
extends:
file: docker-compose.core.secrets.yml
file: docker-compose.core.overrides.yml
service: tm
volumes: &tm-volumes
- tm-server:/app
@ -17,7 +17,7 @@ services:
- xaseco:/cache
xaseco:
extends:
file: docker-compose.core.secrets.yml
file: docker-compose.core.overrides.yml
service: xaseco
<<:
- *xaseco-base
@ -26,5 +26,5 @@ services:
build: *xaseco-build
db:
extends:
file: docker-compose.core.secrets.yml
file: docker-compose.core.overrides.yml
service: db

View file

@ -1,7 +1,7 @@
#!/bin/env fish
begin
set -l dir (status dirname)
set -l source "$dir/docker-compose.core.secrets.yml"
set -l source "$dir/docker-compose.core.overrides.yml"
source "$dir/../service.fish"
function installSW -V dir -V domain -V source
@ -10,7 +10,7 @@ begin
set -l sqlPW (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
initializeServiceInstallation $argv
cp -rf "$dir"/{.dockerignore,docker-compose{.base,.secrets,.core{,.secrets}}.yml,parser.patch,tmforever-entrypoint.sh,trackmania.Dockerfile,xaseco-entrypoint.sh,xaseco.Dockerfile} "$root"
cp -rf "$dir"/{.dockerignore,docker-compose{.base,.overrides,.core{,.overrides}}.yml,parser.patch,tmforever-entrypoint.sh,trackmania.Dockerfile,xaseco-entrypoint.sh,xaseco.Dockerfile} "$root"
PW="$tmPW" yq "$(getServiceKey "tm").environment.TM_SUPERADMIN_PASSWORD = env(PW)" "$source" | \
PW="$sqlPW" yq "$(getServiceKey "db").environment.MYSQL_PASSWORD = env(PW)" | \
@ -30,7 +30,7 @@ begin
end
function getBackupArgs
printf "%s\n" --hidden --no-ignore "^docker-compose\.(.*\.)\?.secrets.yml|data\$" (getServiceRoot $argv)
printf "%s\n" --hidden --no-ignore "^docker-compose\.(.*\.)\?.overrides.yml|data\$" (getServiceRoot $argv)
end
runInstaller --force $argv --name "tm-forever"

View file

@ -2,7 +2,7 @@
begin
set -l dir (status dirname)
set -l domain "passwords"
set -l source "$dir/docker-compose.secrets.yml"
set -l source "$dir/docker-compose.overrides.yml"
source "$dir/../service.fish"
function installSW -V dir -V domain -V source
@ -19,7 +19,7 @@ begin
URL=$dbUrl yq "$dbKey = env(URL)" "$source" | \
PW=$pw yq ".services.db.environment.MARIADB_PASSWORD = env(PW)" | \
sudo tee (getServiceSecretsConfig $argv) >/dev/null
sudo tee (getServiceOverrides $argv) >/dev/null
installDockerService $argv
end

View file

@ -13,7 +13,7 @@ begin
URL="https://$domain" yq "$(getServiceKey "$service").environment.DOMAIN = env(URL)" "$file" | \
sudo tee "$(getServiceRoot $argv)/$(basename "$file")" >/dev/null
sudo cp "$dir/docker-compose.secrets.yml" (getServiceRoot $argv)
sudo cp "$dir/docker-compose.overrides.yml" (getServiceRoot $argv)
installDockerService $argv
end

View file

@ -12,13 +12,13 @@ begin
function installSW -V dir -V environments -V source
set -l root (getServiceRoot $argv)
set -l config "$root/docker-compose.base.yml"
set -l secrets (getServiceSecretsConfig $argv)
set -l overrides (getServiceOverrides $argv)
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
set -l agentTemplate (yq -oj (getServiceKey agent-template) "$source")
set -l dbTemplate (yq -oj (getServiceKey db-template) "$source")
initializeServiceInstallation $argv
echo "{}" | sudo tee "$config" >/dev/null
echo "{}" | sudo tee "$secrets" >/dev/null
echo "{}" | sudo tee "$overrides" >/dev/null
cp "$dir/.dockerignore" "$root"
sudo touch "$root"/{agent,ci}.common.env
@ -30,7 +30,7 @@ begin
set -l secret (openssl rand -hex 32)
set -l services ci db agent
set -l tmpConfig (mktemp)
set -l tmpSecrets (mktemp)
set -l tmpOverrides (mktemp)
set -l ciName "$name-ci"
set -l dbName "$name-db"
set -l agentName "$name-agent"
@ -46,7 +46,7 @@ begin
set -l domain (getServiceDomain "$subdomain" "$domain")
cp "$config" "$tmpConfig"
cp "$secrets" "$tmpSecrets"
cp "$overrides" "$tmpOverrides"
for serviceName in $services
set -l file (mktemp)
@ -74,13 +74,13 @@ begin
ENTRY="./data/$name/db:/var/lib/mysql" yq "$dbKey.volumes |= . + [ env(ENTRY) ]" | \
sudo tee "$config" >/dev/null
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpOverrides" | \
HOST="https://$domain" yq "$ciEnv.WOODPECKER_HOST = env(HOST)" | \
DB="$dbUser:$pw@tcp($dbName:3306)/$db?parseTime=true" yq "$ciEnv.WOODPECKER_DATABASE_DATASOURCE = env(DB)" | \
USER="$dbUser" yq "$dbEnv.MARIADB_USER = env(USER)" | \
PW="$pw" yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
DB="$db" yq "$dbEnv.MARIADB_DATABASE = env(DB)" | \
sudo tee "$secrets" >/dev/null
sudo tee "$overrides" >/dev/null
end
end
@ -109,7 +109,7 @@ begin
end
function getBackupArgs
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
printf "%s\n" --hidden --no-ignore "data|\.secret\.|docker-compose\.overrides\.yml" (getServiceRoot $argv)
end
runInstaller --force $argv