From 6abd0adb4214322fb142ff767d8c127a0ec6d3c1 Mon Sep 17 00:00:00 2001 From: "Georgiy.Sitnikov@telekom.de" Date: Tue, 27 Jun 2023 13:42:19 +0200 Subject: [PATCH 1/2] Add Docker Secrets Support Documentation Update Add more examples to the compose --- README.md | 6 ++++++ docker-compose.yml | 40 +++++++++++++++++++++++++++++++++++++++- docker-entrypoint.sh | 28 ++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 047d0ce1..fd463e3c 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,12 @@ Available options/variables and their default values: See `config.js` for all options. +#### Using Secrets for Docker + +You can set any options/variables via [docker secrets](https://docs.docker.com/compose/use-secrets/) by appending `_FILE` to the variable/option name, e.g. to set `EG_PASSWORD` as secret replace it with `EG_PASSWORD_FILE` and setup secret as described in a docker documentation. You can find example in `docker-compose.yml`. + +If you set same options as variables and as secret, secret value will override variable. + #### How to set options You can add options directly in the command or put them in a file to load. diff --git a/docker-compose.yml b/docker-compose.yml index dbcc679e..67dc747e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,20 @@ # start with `docker compose up` +version: "3.7" + +secrets: + vnc_password: + file: .secrets/vnc_password_common + epic_user: + file: .secrets/epic_user + epic_password: + file: .secrets/epic_password + epic_otp: + file: .secrets/epic_otp + services: free-games-claimer: container_name: fgc # is printed in front of every output line image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer - build: . ports: # - "5900:5900" # VNC server - "6080:6080" # noVNC (browser-based VNC client) @@ -13,3 +24,30 @@ services: environment: # - EMAIL=foo@bar.org # - NOTIFY='tgram://...' + # - NOTIFY_TITLE="Optional title for notifications" + # - VNC_PASSWORD="VNC Password" + - VNC_PASSWORD_FILE=/run/secrets/vnc_password + # - BROWSER_DIR="data/browser" + # - TIMEOUT="60" + # - LOGIN_TIMEOUT="80" + # - EMAIL="Default email for any login" + # - PASSWORD="Default password for any login" + # - EG_EMAIL="Epic Games email for login" + # - EG_PASSWORD="Epic Games password for login" + # - EG_OTPKEY="Epic Games MFA OTP key" + - EG_EMAIL_FILE=/run/secrets/epic_user + - EG_PASSWORD_FILE=/run/secrets/epic_password + - EG_OTPKEY_FILE=/run/secrets/epic_otp + # - EG_PARENTALPIN="Epic Games Parental Controls PIN" + # - PG_EMAIL="Prime Gaming email for login" + # - PG_PASSWORD="Prime Gaming password for login" + # - PG_OTPKEY="Prime Gaming MFA OTP key" + # - PG_REDEEM="0" + # - PG_CLAIMDLC="0" + # - GOG_EMAIL="GOG email for login" + # - GOG_PASSWORD="GOG Password" + secrets: + - epic_user + - epic_password + - epic_otp + - vnc_password diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 77963647..4b523aee 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -13,6 +13,34 @@ rm -f /fgc/data/browser/SingletonLock # ls -l /tmp/.X11-unix/ rm -f /tmp/.X1-lock +# Check and export secrets to variables if exist +# Get list of VARIABLES with "_FILE" at the end +SECRETS_LIST=$(env | grep "_FILE") +if [ ! -z "$SECRETS_LIST" ]; then + + echo "Secrets were found, will try to convert them into the Variables..." + + # Will read one by one, remove "_FILE" from the end and get value from the file + # Known bug: if you set "=" in the variable value, it will be converted to the space + while read SECRETS; do + SECRET_VALUE=$(echo $SECRETS | awk -F'[=]' '{ $1=""; print $0 }') + # Remove unneeded space at the begging + SECRET_VALUE=${SECRET_VALUE:1} + SECRET_NAME=$(echo $SECRETS | awk -F'[=]' '{ print $1 }') + # Remove "_FILE" at the end of the Variable Name + SECRET_NAME=${SECRET_NAME::-5} + + # If file with value readable, use it to fetch value and export variable + if [ -r "$SECRET_VALUE" ]; then + echo "Setting $SECRET_NAME with value from $SECRET_VALUE" + export "$SECRET_NAME"="$(cat "$SECRET_VALUE")" + else + echo "ERROR - $SECRETS is configured, but file not exist or not readable." + fi + done <<< $SECRETS_LIST + +fi + # 6000+SERVERNUM is the TCP port Xvfb is listening on: # SERVERNUM=$(echo "$DISPLAY" | sed 's/:\([0-9][0-9]*\).*/\1/') From 251863f68419eda71cf8b29ea87d5b9625646736 Mon Sep 17 00:00:00 2001 From: "Georgiy.Sitnikov@telekom.de" Date: Wed, 28 Jun 2023 09:17:36 +0200 Subject: [PATCH 2/2] Remove variables list from compose example. Add non secrets example. Move to generic variables --- docker-compose.yml | 71 +++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 67dc747e..a42082f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,18 +1,27 @@ # start with `docker compose up` version: "3.7" -secrets: - vnc_password: - file: .secrets/vnc_password_common - epic_user: - file: .secrets/epic_user - epic_password: - file: .secrets/epic_password - epic_otp: - file: .secrets/epic_otp - services: - free-games-claimer: + free-games-claimer: # Service Example with localdata and variables + container_name: fgc # is printed in front of every output line + image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer + ports: + # - "5900:5900" # VNC server + - "6080:6080" # noVNC (browser-based VNC client) + volumes: + - fgc:/fgc/data + # command: bash -c "node epic-games; node gog" + environment: + - VNC_PASSWORD="vnc password" + - EMAIL="user name" + - PASSWORD="password" + - EG_OTPKEY="epic otp" + +#### +# OR +#### + + free-games-claimer-secrets: # Service Example with Secrets support container_name: fgc # is printed in front of every output line image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer ports: @@ -22,32 +31,24 @@ services: - fgc:/fgc/data # command: bash -c "node epic-games; node gog" environment: - # - EMAIL=foo@bar.org - # - NOTIFY='tgram://...' - # - NOTIFY_TITLE="Optional title for notifications" - # - VNC_PASSWORD="VNC Password" - VNC_PASSWORD_FILE=/run/secrets/vnc_password - # - BROWSER_DIR="data/browser" - # - TIMEOUT="60" - # - LOGIN_TIMEOUT="80" - # - EMAIL="Default email for any login" - # - PASSWORD="Default password for any login" - # - EG_EMAIL="Epic Games email for login" - # - EG_PASSWORD="Epic Games password for login" - # - EG_OTPKEY="Epic Games MFA OTP key" - - EG_EMAIL_FILE=/run/secrets/epic_user - - EG_PASSWORD_FILE=/run/secrets/epic_password + - EMAIL_FILE=/run/secrets/common_user + - PASSWORD_FILE=/run/secrets/common_password - EG_OTPKEY_FILE=/run/secrets/epic_otp - # - EG_PARENTALPIN="Epic Games Parental Controls PIN" - # - PG_EMAIL="Prime Gaming email for login" - # - PG_PASSWORD="Prime Gaming password for login" - # - PG_OTPKEY="Prime Gaming MFA OTP key" - # - PG_REDEEM="0" - # - PG_CLAIMDLC="0" - # - GOG_EMAIL="GOG email for login" - # - GOG_PASSWORD="GOG Password" secrets: - - epic_user - - epic_password + - user + - password - epic_otp - vnc_password + +# Secrets section is only needed if you are using docker secrets, not .env solution. +# In this case use "free-games-claimer-secrets" from the services and "free-games-claimer" otherwise. +secrets: + vnc_password: + file: .secrets/vnc_password + user: + file: .secrets/common_user + password: + file: .secrets/common_password + epic_otp: + file: .secrets/epic_otp