diff --git a/README.md b/README.md index 047d0ce1..fd463e3c 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,12 @@ Available options/variables and their default values: See `config.js` for all options. +#### Using Secrets for Docker + +You can set any options/variables via [docker secrets](https://docs.docker.com/compose/use-secrets/) by appending `_FILE` to the variable/option name, e.g. to set `EG_PASSWORD` as secret replace it with `EG_PASSWORD_FILE` and setup secret as described in a docker documentation. You can find example in `docker-compose.yml`. + +If you set same options as variables and as secret, secret value will override variable. + #### How to set options You can add options directly in the command or put them in a file to load. diff --git a/docker-compose.yml b/docker-compose.yml index dbcc679e..a42082f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,10 @@ # start with `docker compose up` +version: "3.7" + services: - free-games-claimer: + free-games-claimer: # Service Example with localdata and variables container_name: fgc # is printed in front of every output line image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer - build: . ports: # - "5900:5900" # VNC server - "6080:6080" # noVNC (browser-based VNC client) @@ -11,5 +12,43 @@ services: - fgc:/fgc/data # command: bash -c "node epic-games; node gog" environment: - # - EMAIL=foo@bar.org - # - NOTIFY='tgram://...' + - VNC_PASSWORD="vnc password" + - EMAIL="user name" + - PASSWORD="password" + - EG_OTPKEY="epic otp" + +#### +# OR +#### + + free-games-claimer-secrets: # Service Example with Secrets support + container_name: fgc # is printed in front of every output line + image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer + ports: + # - "5900:5900" # VNC server + - "6080:6080" # noVNC (browser-based VNC client) + volumes: + - fgc:/fgc/data + # command: bash -c "node epic-games; node gog" + environment: + - VNC_PASSWORD_FILE=/run/secrets/vnc_password + - EMAIL_FILE=/run/secrets/common_user + - PASSWORD_FILE=/run/secrets/common_password + - EG_OTPKEY_FILE=/run/secrets/epic_otp + secrets: + - user + - password + - epic_otp + - vnc_password + +# Secrets section is only needed if you are using docker secrets, not .env solution. +# In this case use "free-games-claimer-secrets" from the services and "free-games-claimer" otherwise. +secrets: + vnc_password: + file: .secrets/vnc_password + user: + file: .secrets/common_user + password: + file: .secrets/common_password + epic_otp: + file: .secrets/epic_otp diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 77963647..4b523aee 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -13,6 +13,34 @@ rm -f /fgc/data/browser/SingletonLock # ls -l /tmp/.X11-unix/ rm -f /tmp/.X1-lock +# Check and export secrets to variables if exist +# Get list of VARIABLES with "_FILE" at the end +SECRETS_LIST=$(env | grep "_FILE") +if [ ! -z "$SECRETS_LIST" ]; then + + echo "Secrets were found, will try to convert them into the Variables..." + + # Will read one by one, remove "_FILE" from the end and get value from the file + # Known bug: if you set "=" in the variable value, it will be converted to the space + while read SECRETS; do + SECRET_VALUE=$(echo $SECRETS | awk -F'[=]' '{ $1=""; print $0 }') + # Remove unneeded space at the begging + SECRET_VALUE=${SECRET_VALUE:1} + SECRET_NAME=$(echo $SECRETS | awk -F'[=]' '{ print $1 }') + # Remove "_FILE" at the end of the Variable Name + SECRET_NAME=${SECRET_NAME::-5} + + # If file with value readable, use it to fetch value and export variable + if [ -r "$SECRET_VALUE" ]; then + echo "Setting $SECRET_NAME with value from $SECRET_VALUE" + export "$SECRET_NAME"="$(cat "$SECRET_VALUE")" + else + echo "ERROR - $SECRETS is configured, but file not exist or not readable." + fi + done <<< $SECRETS_LIST + +fi + # 6000+SERVERNUM is the TCP port Xvfb is listening on: # SERVERNUM=$(echo "$DISPLAY" | sed 's/:\([0-9][0-9]*\).*/\1/')