fix: Remove Docker swarm docker secret files

add_users.sh

@@ -29,7 +29,7 @@ for i in $(ls /tmp/users/userimport*.ldif); do
     ls $i;
     docker exec ${container} sh -c 'slapadd -l '$i;
 done;
-#'ldapadd -w \$(cat \${LDAP_ADMIN_PWD_FILE}) -D cn=admin,dc=\${LDAP_ORGANIZATION},dc=\${LDAP_EXTENSION} -f '\$i; \
+#'ldapadd -w \${LDAP_ADMIN_PWD} -D cn=admin,dc=\${LDAP_ORGANIZATION},dc=\${LDAP_EXTENSION} -f '\$i; \
 
 echo Removing copied user files
 docker exec ${container} sh -c 'rm -Rf /tmp/users'

env.template

@@ -15,7 +15,7 @@ DB_DATA_VOLUME_PATH=${VOLUMES_PATH}/mariadb/data
 # LDAP
 LDAP_ORGANIZATION=${ORGANIZATION}
 LDAP_EXTENSION=${EXTENSION}
-LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd
+LDAP_ADMIN_PWD=
 LDAP_DATA_VOLUME_PATH=${VOLUMES_PATH}/openldap/data
 LDAP_CONFIG_VOLUME_PATH=${VOLUMES_PATH}/openldap/config
 LDAP_CERTS_VOLUME_PATH=${VOLUMES_PATH}/openldap/certs

gitea.env.template

@@ -1,9 +1,9 @@
 GITEA_DOMAIN=${DOMAIN}
-GITEA_ADMIN_PWD_FILE=/run/secrets/admin_pwd
+GITEA_ADMIN_PWD=
 ADMIN_EMAIL=${ADMIN_EMAIL}
 
 # LDAP
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${LDAP_GITEA_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
-LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
+LDAP_BIND_PWD=
 LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}

haproxy.env.template

@@ -1,2 +1,4 @@
-# Let's Encrypt
-ADMIN_EMAIL=${ADMIN_EMAIL}
+NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}
+GITEA_SERVER_NAME=${GITEA_SERVER_NAME}
+BLOG_1_SERVER_NAME=${BLOG_1_SERVER_NAME}
+HAUK_SERVER_NAME=${HAUK_SERVER_NAME}

hauk.env.template

@@ -1,5 +1,5 @@
 # LDAP
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${LDAP_HAUK_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
-LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
+LDAP_BIND_PWD=
 LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}

images/email/startup.sh

@@ -1,10 +1,5 @@
 #!/bin/bash
 
-# set LDAP password from secret
-if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
-    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
-fi
-
 function replace {
     #echo $1
     sed -i "s/\${LDAP_SERVER_HOST}/${LDAP_SERVER_HOST}/g" $1

images/gitea/docker-entrypoint.sh

@@ -2,16 +2,6 @@
 
 GITEA_FULL_DOMAIN=${GITEA_SERVER_NAME}.${GITEA_DOMAIN}
 
-# set LDAP password from secret
-if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
-    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
-fi
-
-# set Admin password from secret
-if [ ! -z $GITEA_ADMIN_PWD_FILE -a -f $GITEA_ADMIN_PWD_FILE ]; then
-    GITEA_ADMIN_PWD=`cat $GITEA_ADMIN_PWD_FILE`;
-fi
-
 GITEA_SECRET_KEY=`openssl rand -hex 64`
 
 # check needed variables

images/hauk/docker-entrypoint.sh

@@ -1,10 +1,5 @@
 #!/bin/bash
 
-# set LDAP password from secret
-if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
-    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
-fi
-
 PASSWORD_HASH=$(htpasswd -nbBC 10 "" ${HAUK_SERVER_PWD} | tail -c +2)
 
 # ### Conf file ###

images/nextcloud/docker-entrypoint.sh

@@ -12,27 +12,6 @@ fi
 
 sed -i "s/server_name localhost/server_name ${NEXTCLOUD_SERVER_NAME}.${DOMAIN} ${NEXTCLOUD_SERVER_NAME}/g" /etc/nginx/sites-available/default
 
-# set Admin password from secret
-if [ ! -z $NEXTCLOUD_ADMIN_PWD_FILE -a -f $NEXTCLOUD_ADMIN_PWD_FILE ]; then
-    NEXTCLOUD_ADMIN_PWD=`cat $NEXTCLOUD_ADMIN_PWD_FILE`;
-fi
-# set LDAP password from secret
-if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
-    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
-fi
-# set DB root password from secret
-if [ ! -z $MARIADB_ROOT_PWD_FILE -a -f $MARIADB_ROOT_PWD_FILE ]; then
-    MARIADB_ROOT_PASSWORD=`cat $MARIADB_ROOT_PWD_FILE`;
-fi
-# set password salt from secret
-if [ ! -z $NEXTCLOUD_SALT_FILE -a -f $NEXTCLOUD_SALT_FILE ]; then
-    NEXTCLOUD_SALT=`cat $NEXTCLOUD_SALT_FILE`;
-fi
-# set NC secret from secret
-if [ ! -z $NEXTCLOUD_SECRET_FILE -a -f $NEXTCLOUD_SECRET_FILE ]; then
-    NEXTCLOUD_SECRET=`cat $NEXTCLOUD_SECRET_FILE`;
-fi
-
 # check needed variables
 if [[ -z ${DB_HOST} || -z ${NEXTCLOUD_DB_NAME} || -z ${NEXTCLOUD_DB_USER} \
             || -z ${NEXTCLOUD_DB_PWD} || -z ${NEXTCLOUD_ADMIN_PWD} \

images/openldap/startup.sh

@@ -11,23 +11,6 @@
 # https://github.com/moby/moby/issues/8231#issuecomment-63871343
 ulimit -n 1024
 
-# Passwords
-if [ ! -z $LDAP_ADMIN_PWD_FILE -a -f $LDAP_ADMIN_PWD_FILE ]; then
-    LDAP_ADMIN_PWD=`cat $LDAP_ADMIN_PWD_FILE`;
-fi
-if [ ! -z $LDAP_MAIL_PWD_FILE -a -f $LDAP_MAIL_PWD_FILE ]; then
-    LDAP_MAIL_PWD=`cat $LDAP_MAIL_PWD_FILE`;
-fi
-if [ ! -z $LDAP_NEXTCLOUD_PWD_FILE -a -f $LDAP_NEXTCLOUD_PWD_FILE ]; then
-    LDAP_NEXTCLOUD_PWD=`cat $LDAP_NEXTCLOUD_PWD_FILE`;
-fi
-if [ ! -z $LDAP_GITEA_PWD_FILE -a -f $LDAP_GITEA_PWD_FILE ]; then
-    LDAP_GITEA_PWD=`cat $LDAP_GITEA_PWD_FILE`;
-fi
-if [ ! -z $LDAP_HAUK_PWD_FILE -a -f $LDAP_HAUK_PWD_FILE ]; then
-    LDAP_HAUK_PWD=`cat $LDAP_HAUK_PWD_FILE`;
-fi
-
 echo slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD} | debconf-set-selections \
     && echo slapd slapd/internal/adminpw password ${LDAP_ADMIN_PWD} | debconf-set-selections \
     && echo slapd slapd/password2 password ${LDAP_ADMIN_PWD} | debconf-set-selections \

images/sftp/docker-entrypoint.sh

@@ -3,11 +3,6 @@
 # Set consumption directory
 mkdir -p ${PAPERLESS_CONSUMPTION_DIR}
 
-# set FTP user password from secret
-if [ ! -z ${PAPERLESS_FTP_PWD_FILE} -a -f ${PAPERLESS_FTP_PWD_FILE} ]; then
-    PAPERLESS_FTP_PWD=`cat $PAPERLESS_FTP_PWD_FILE`;
-fi
-
 # create FTP user
 useradd -d ${PAPERLESS_CONSUMPTION_DIR} -p `openssl passwd -1 ${PAPERLESS_FTP_PWD}` ${PAPERLESS_FTP_USER}
 

mail.env.template

@@ -1,5 +1,5 @@
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${LDAP_MAIL_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
-LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
+LDAP_BIND_PWD=
 LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}
 DATA_CHOWN=1

mariadb.env.template

@@ -1 +1 @@
-MARIADB_ROOT_PWD_FILE=/run/secrets/admin_pwd
+MARIADB_ROOT_PASSWORD=

nextcloud.env.template

@@ -1,17 +1,17 @@
-NEXTCLOUD_ADMIN_PWD_FILE=/run/secrets/admin_pwd
-NEXTCLOUD_SALT_FILE=/run/secrets/salt
-NEXTCLOUD_SECRET_FILE=/run/secrets/secret
+NEXTCLOUD_ADMIN_PWD=
+NEXTCLOUD_SALT=
+NEXTCLOUD_SECRET=
 DATA_CHOWN=1
 
 # LDAP
 LDAP_SERVER_HOST=openldap
 LDAP_BIND_DN=uid=${LDAP_NEXTCLOUD_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
-LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
+LDAP_BIND_PWD=
 #LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}
 LDAP_SEARCH_BASE=dc=${ORGANIZATION},dc=${EXTENSION}
 
 # DB
-MARIADB_ROOT_PWD_FILE=/run/secrets/mysql_pwd
+MARIADB_ROOT_PASSWORD=
 DB_HOST=db
 NEXTCLOUD_DB_NAME=nextcloud
 NEXTCLOUD_DB_USER=nextcloud

openldap.env.template

@@ -1,13 +1,13 @@
 VOLUMES_PATH=${VOLUMES_PATH}
 LDAP_ORGANIZATION=${ORGANIZATION}
 LDAP_EXTENSION=${EXTENSION}
-LDAP_ADMIN_PWD_FILE=/run/secrets/admin_pwd
+LDAP_ADMIN_PWD=
 LDAP_MAIL_UID=${LDAP_MAIL_UID}
-LDAP_MAIL_PWD_FILE=/run/secrets/mail_pwd
+LDAP_MAIL_PWD=
 LDAP_NEXTCLOUD_UID=${LDAP_NEXTCLOUD_UID}
-LDAP_NEXTCLOUD_PWD_FILE=/run/secrets/nextcloud_pwd
+LDAP_NEXTCLOUD_PWD=
 LDAP_GITEA_UID=${LDAP_GITEA_UID}
-LDAP_GITEA_PWD_FILE=/run/secrets/gitea_pwd
+LDAP_GITEA_PWD=
 DEBUG_LEVEL=0
 #BKP_FILE=/tmp/ldap_bkp.ldif
 LDAP_BACKEND="hdb"

paperless.env.template

@@ -1,8 +1,8 @@
 # Webserver
 PAPERLESS_WEBSERVER_USER=${PAPERLESS_WEBSERVER_USER}
-PAPERLESS_WEBSERVER_PWD_FILE=/run/secrets/webserver_pwd
+PAPERLESS_WEBSERVER_PWD=
 # paperless variables
-PAPERLESS_PASSPHRASE_FILE=/run/secrets/passphrase
+PAPERLESS_PASSPHRASE=
 #PAPERLESS_OCR_THREADS=
 PAPERLESS_OCR_LANGUAGES=cat spa
 #USERMAP_UID=

sftp.env.template

@@ -1,3 +1,3 @@
 # FTP server
 PAPERLESS_FTP_USER=${PAPERLESS_FTP_USER}
-PAPERLESS_FTP_PWD_FILE=/run/secrets/ftp_pwd
+PAPERLESS_FTP_PWD=