From 8b9011102122e93c096f9760e18c4ee71938094b Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:08:43 +0000 Subject: [PATCH 01/12] feat: portainer via caddy --- ansible/roles/docker-swarm-app-caddy/assets/Caddyfile | 2 +- ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml | 2 +- .../assets/portainer-agent-stack.yml.j2 | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index 951463e..f4e6124 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -1,7 +1,7 @@ { # Global options block. Entirely optional, https is on by default # Optional email key for lets encrypt - email youremail@domain.com + email nokwebspace@gmail.com # Optional staging lets encrypt for testing. Comment out for production. acme_ca https://acme-staging-v02.api.letsencrypt.org/directory } diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml index b88c961..7f74d1a 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml +++ b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml @@ -41,7 +41,7 @@ services: - caddy deploy: labels: - caddy: whoami.nokwebspace.ovh + caddy: whoami.{{domain}} # this include escape for ansible caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}' }}" diff --git a/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 b/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 index 642aae5..03337d5 100644 --- a/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 +++ b/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 @@ -34,6 +34,12 @@ services: replicas: 1 placement: constraints: [node.role == manager] +{% if caddy %} + labels: + caddy: portainer.{{domain}} + # this include escape for ansible + caddy.reverse_proxy: "{{ '{{' }}upstreams 9000{{ '}}' }}" +{% endif %} networks: agent_network: From 54e4d07507582a53630e150bd48b1d4a79144ba6 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:30:13 +0000 Subject: [PATCH 02/12] feat: caddy auth github --- .../docker-swarm-app-caddy/assets/Caddyfile | 56 ++++++++++++++++++- .../assets/caddy-stack.yml | 14 ++++- .../docker-swarm-app-caddy/defaults/main.yaml | 1 + .../docker-swarm-app-caddy/tasks/main.yaml | 23 ++------ 4 files changed, 74 insertions(+), 20 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index f4e6124..3c0aebb 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -1,7 +1,61 @@ { # Global options block. Entirely optional, https is on by default # Optional email key for lets encrypt - email nokwebspace@gmail.com + email {{email}} # Optional staging lets encrypt for testing. Comment out for production. acme_ca https://acme-staging-v02.api.letsencrypt.org/directory } + +{ + http_port 8080 + https_port 8443 + debug + + order authenticate before respond + order authorize before basicauth + + security { + oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET} + + authentication portal myportal { + crypto default token lifetime 3600 + crypto key sign-verify {env.JWT_SHARED_KEY} + cookie domain {{domain}} + enable identity provider github + ui { + links { + "My Identity" "/whoami" icon "las la-user" + } + } + + transform user { + match realm github + action add role authp/user + ui link "File Server" https://assetq.myfiosgateway.com:8443/ icon "las la-star" + } + + transform user { + match realm github + match sub github.com/{{github_org}} + action add role authp/admin + } + } + + authorization policy mypolicy { + set auth url https://auth.{{domain}}:8443/oauth2/github + crypto key verify {env.JWT_SHARED_KEY} + allow roles authp/admin authp/user + validate bearer header + inject headers with claims + } + } +} + +(tls_config) { + tls {$HOME}/.local/caddy/server.crt {$HOME}/.local/caddy/server.key +} + +auth.{{domain}} { + import tls_config + authenticate with myportal +} diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml index 7f74d1a..7d924c6 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml +++ b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml @@ -21,7 +21,13 @@ services: - caddy_data:/data - caddy_config:/config secrets: - - caddy_github_auth + - caddy_github_client_id + - caddy_github_client_secret + - caddy_jwt_shared_key + environment: + GITHUB_CLIENT_ID: /run/secrets/caddy_github_client_id + GITHUB_CLIENT_SECRET: /run/secrets/caddy_github_client_secret + JWT_SHARED_KEY: /run/secrets/caddy_jwt_shared_key deploy: placement: constraints: @@ -54,5 +60,9 @@ networks: attachable: true secrets: - caddy_github_auth: + caddy_github_client_id: + external: true + caddy_github_client_secret: + external: true + caddy_jwt_shared_key: external: true diff --git a/ansible/roles/docker-swarm-app-caddy/defaults/main.yaml b/ansible/roles/docker-swarm-app-caddy/defaults/main.yaml index 894f8df..c4aa9ee 100644 --- a/ansible/roles/docker-swarm-app-caddy/defaults/main.yaml +++ b/ansible/roles/docker-swarm-app-caddy/defaults/main.yaml @@ -1,3 +1,4 @@ caddy_dir: /var/data/caddy +email: nokwebspace@gmail.com domain: nokwebspace.ovh github_org: xnok diff --git a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml index f66a2ff..f1825cf 100644 --- a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml +++ b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml @@ -26,26 +26,15 @@ ### # Create Caddy Pre-requisits ### -- name: Create Secret file - template: - src: "{{ role_path }}/assets/caddy_github_auth" - dest: "{{ caddy_dir }}/caddy_github_auth" - mode: '0644' - vars: - github_client_id: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}" - github_client_secret: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}" - jwt_shared_key: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}" - - name: Create secret for github auth docker_secret: - name: caddy_github_auth - data: "{{ caddy_dir }}/caddy_github_auth" + name: "{{ item.name }}" + data: "{{ item.value }}" state: present - -- name: Remove secrets file - ansible.builtin.file: - path: "{{ caddy_dir }}/caddy_github_auth" - state: absent + loop: + - { name: 'caddy_github_client_id', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}" } + - { name: 'caddy_github_client_secret', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}" } + - { name: 'caddy_jwt_shared_key', value: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}" } ### # Start Container From bafc54d5a21def906c5fdce5793cedaa4b4e8196 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:30:43 +0000 Subject: [PATCH 03/12] fix: duplicate global block --- ansible/roles/docker-swarm-app-caddy/assets/Caddyfile | 8 -------- 1 file changed, 8 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index 3c0aebb..b03fd78 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -1,11 +1,3 @@ -{ - # Global options block. Entirely optional, https is on by default - # Optional email key for lets encrypt - email {{email}} - # Optional staging lets encrypt for testing. Comment out for production. - acme_ca https://acme-staging-v02.api.letsencrypt.org/directory -} - { http_port 8080 https_port 8443 From 49cf42a7e8511e76a347afc0ec11f73d94424598 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:32:33 +0000 Subject: [PATCH 04/12] fix: lint --- ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml | 2 +- ansible/roles/docker-swarm-app-caddy/tasks/main.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml index 7d924c6..1967286 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml +++ b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml @@ -24,7 +24,7 @@ services: - caddy_github_client_id - caddy_github_client_secret - caddy_jwt_shared_key - environment: + environment: GITHUB_CLIENT_ID: /run/secrets/caddy_github_client_id GITHUB_CLIENT_SECRET: /run/secrets/caddy_github_client_secret JWT_SHARED_KEY: /run/secrets/caddy_jwt_shared_key diff --git a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml index f1825cf..3b83921 100644 --- a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml +++ b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml @@ -32,9 +32,9 @@ data: "{{ item.value }}" state: present loop: - - { name: 'caddy_github_client_id', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}" } - - { name: 'caddy_github_client_secret', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}" } - - { name: 'caddy_jwt_shared_key', value: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}" } + - { name: 'caddy_github_client_id', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}" } + - { name: 'caddy_github_client_secret', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}" } + - { name: 'caddy_jwt_shared_key', value: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}" } ### # Start Container From c90c447592a89a427b0d4dacc9a8ec1232dc3f84 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:36:23 +0000 Subject: [PATCH 05/12] chore: lint and upgrade portainer --- ansible/roles/docker-swarm-app-caddy/tasks/main.yaml | 6 +++--- .../assets/portainer-agent-stack.yml.j2 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml index 3b83921..16dbabc 100644 --- a/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml +++ b/ansible/roles/docker-swarm-app-caddy/tasks/main.yaml @@ -32,9 +32,9 @@ data: "{{ item.value }}" state: present loop: - - { name: 'caddy_github_client_id', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}" } - - { name: 'caddy_github_client_secret', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}" } - - { name: 'caddy_jwt_shared_key', value: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}" } + - {name: 'caddy_github_client_id', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_ID') }}"} + - {name: 'caddy_github_client_secret', value: "{{ lookup('env', 'CADDY_GITHUB_CLIENT_SECRET') }}"} + - {name: 'caddy_jwt_shared_key', value: "{{ lookup('env', 'CADDY_JWT_SHARED_KEY') | replace('\n', '\\n') }}"} ### # Start Container diff --git a/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 b/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 index 03337d5..8e64673 100644 --- a/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 +++ b/ansible/roles/docker-swarm-app-portainer/assets/portainer-agent-stack.yml.j2 @@ -2,7 +2,7 @@ version: '3.2' services: agent: - image: portainer/agent:2.11.1 + image: portainer/agent:2.19.4 volumes: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes @@ -14,7 +14,7 @@ services: constraints: [node.platform.os == linux] portainer: - image: portainer/portainer-ce:2.11.1 + image: portainer/portainer-ce:2.19.4 command: -H tcp://tasks.agent:9001 --tlsskipverify {% if not caddy %} ports: From d9d26ab0063ca35168975aeaea4a82e2f4c84cf7 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 22:52:00 +0000 Subject: [PATCH 06/12] test: remove tls config to see --- ansible/roles/docker-swarm-app-caddy/assets/Caddyfile | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index b03fd78..cfcdc1c 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -43,11 +43,6 @@ } } -(tls_config) { - tls {$HOME}/.local/caddy/server.crt {$HOME}/.local/caddy/server.key -} - auth.{{domain}} { - import tls_config authenticate with myportal } From 3bd57504d9da827a19ddb1ba146403811fc4b0aa Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 23:11:24 +0000 Subject: [PATCH 07/12] fix: change caddy ports --- .../roles/docker-swarm-app-caddy/assets/Caddyfile | 12 +++--------- .../docker-swarm-app-caddy/assets/caddy_github_auth | 3 --- 2 files changed, 3 insertions(+), 12 deletions(-) delete mode 100644 ansible/roles/docker-swarm-app-caddy/assets/caddy_github_auth diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index cfcdc1c..8bef47a 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -1,6 +1,6 @@ { - http_port 8080 - https_port 8443 + http_port 80 + https_port 443 debug order authenticate before respond @@ -20,12 +20,6 @@ } } - transform user { - match realm github - action add role authp/user - ui link "File Server" https://assetq.myfiosgateway.com:8443/ icon "las la-star" - } - transform user { match realm github match sub github.com/{{github_org}} @@ -34,7 +28,7 @@ } authorization policy mypolicy { - set auth url https://auth.{{domain}}:8443/oauth2/github + set auth url https://auth.{{domain}}:443/oauth2/github crypto key verify {env.JWT_SHARED_KEY} allow roles authp/admin authp/user validate bearer header diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy_github_auth b/ansible/roles/docker-swarm-app-caddy/assets/caddy_github_auth deleted file mode 100644 index 806dea4..0000000 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy_github_auth +++ /dev/null @@ -1,3 +0,0 @@ -GITHUB_CLIENT_ID={{ github_client_id }} -GITHUB_CLIENT_SECRET={{ github_client_secret }} -JWT_SHARED_KEY={{ jwt_shared_key }} \ No newline at end of file From 8886f9d82879baceb40d79f865caebc6df6f0329 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 23:26:50 +0000 Subject: [PATCH 08/12] fix:caddy secrets from file --- ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml index 1967286..85e9e2a 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml +++ b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml @@ -25,9 +25,9 @@ services: - caddy_github_client_secret - caddy_jwt_shared_key environment: - GITHUB_CLIENT_ID: /run/secrets/caddy_github_client_id - GITHUB_CLIENT_SECRET: /run/secrets/caddy_github_client_secret - JWT_SHARED_KEY: /run/secrets/caddy_jwt_shared_key + GITHUB_CLIENT_ID_FILE: /run/secrets/caddy_github_client_id + GITHUB_CLIENT_SECRET_FILE: /run/secrets/caddy_github_client_secret + JWT_SHARED_KEY_FILE: /run/secrets/caddy_jwt_shared_key deploy: placement: constraints: From 9e0a772aaf88e04a2000047bfa057ccd3177a57e Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 23:30:25 +0000 Subject: [PATCH 09/12] test: caddy portal on whoami --- ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml index 85e9e2a..046f266 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml +++ b/ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml @@ -50,6 +50,7 @@ services: caddy: whoami.{{domain}} # this include escape for ansible caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}' }}" + caddy.authenticate: with myportal volumes: caddy_data: From 06576f12dc6e0a50eab547b77c2d6257d6a1cbc3 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 23:40:05 +0000 Subject: [PATCH 10/12] fix: caddy environement varaible interpolation --- ansible/roles/docker-swarm-app-caddy/assets/Caddyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index 8bef47a..2aa0d6c 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -7,11 +7,11 @@ order authorize before basicauth security { - oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET} + oauth identity provider github {$GITHUB_CLIENT_ID} {$GITHUB_CLIENT_SECRET} authentication portal myportal { crypto default token lifetime 3600 - crypto key sign-verify {env.JWT_SHARED_KEY} + crypto key sign-verify {$JWT_SHARED_KEY} cookie domain {{domain}} enable identity provider github ui { From ef0b9f27c775509f33cb1d2327dae5a0f55fb793 Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Thu, 22 Feb 2024 23:53:54 +0000 Subject: [PATCH 11/12] fix: revert caddy substitution --- ansible/roles/docker-swarm-app-caddy/assets/Caddyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile index 2aa0d6c..8bef47a 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Caddyfile @@ -7,11 +7,11 @@ order authorize before basicauth security { - oauth identity provider github {$GITHUB_CLIENT_ID} {$GITHUB_CLIENT_SECRET} + oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET} authentication portal myportal { crypto default token lifetime 3600 - crypto key sign-verify {$JWT_SHARED_KEY} + crypto key sign-verify {env.JWT_SHARED_KEY} cookie domain {{domain}} enable identity provider github ui { From bfa8fbf3701be625e332e5ac1326121ac67d933e Mon Sep 17 00:00:00 2001 From: Alexandre Couedelo Date: Fri, 23 Feb 2024 00:36:01 +0000 Subject: [PATCH 12/12] test: use env_file in bash container --- .../docker-swarm-app-caddy/assets/Dockerfile | 3 ++ .../assets/docker-entrypoint.sh | 32 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 ansible/roles/docker-swarm-app-caddy/assets/docker-entrypoint.sh diff --git a/ansible/roles/docker-swarm-app-caddy/assets/Dockerfile b/ansible/roles/docker-swarm-app-caddy/assets/Dockerfile index 5c624b7..81262ea 100644 --- a/ansible/roles/docker-swarm-app-caddy/assets/Dockerfile +++ b/ansible/roles/docker-swarm-app-caddy/assets/Dockerfile @@ -10,4 +10,7 @@ FROM caddy:${CADDY_VERSION}-alpine COPY --from=builder /usr/bin/caddy /usr/bin/caddy +COPY docker-entrypoint.sh /usr/local/bin/ + +ENTRYPOINT ["docker-entrypoint.sh"] CMD ["caddy", "docker-proxy"] diff --git a/ansible/roles/docker-swarm-app-caddy/assets/docker-entrypoint.sh b/ansible/roles/docker-swarm-app-caddy/assets/docker-entrypoint.sh new file mode 100644 index 0000000..89d3e2a --- /dev/null +++ b/ansible/roles/docker-swarm-app-caddy/assets/docker-entrypoint.sh @@ -0,0 +1,32 @@ +# docker-entrypoint.sh + +#!/bin/bash + +set -e + +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +env | grep "_FILE" | while read -r line ; do + echo "Processing ${line%_FILE*}" + file_env "${line%_FILE*}" +done + +exec "$@" \ No newline at end of file