Add support for secrets, add dns name and cleanup

2023-07-15 10:48:26 +00:00 · 2023-07-15 10:48:26 +00:00 · 16e0f02a8a
parent e0136abc34
commit 16e0f02a8a
5 changed files with 22 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 oci-archive.tar
 build_id
+secrets/
--- a/19
+++ b/19
@ -7,26 +7,35 @@ CONTAINERS := $(shell find ./ -name 'Containerfile' -exec 'dirname' '{}' ';' | c
 IMAGES := $(addsuffix /${IMAGE_OUTPUT},${CONTAINERS})
 BUILD_IDS := $(addsuffix /${BUILD_ID_OUT},${CONTAINERS})

+# Make workaround
+# Inserting literal commas into function calls without interpreting them as delimiters
+, := ,
+
 # Build all containers in order by default
-all: $(IMAGES)
+all: oci
+
+oci: $(IMAGES)
+localbuild: $(BUILD_IDS)

 # Build process
 %/${IMAGE_OUTPUT}: %/${BUILD_ID_OUT}
 	buildah push -f oci \
 		$(shell cat $<) \
-		oci-archive:$@:$(DOMAIN)/$*:latest
+		oci-archive:$@:${DOMAIN}/$*:latest

 %/${BUILD_ID_OUT}: %/Containerfile
 	buildah build \
-		-t $(DOMAIN)/$*:latest \
+		-t ${DOMAIN}/$*:latest \
 		--iidfile $*/${BUILD_ID_OUT} \
+		$(foreach secretpath,$(wildcard $*/secrets/*),\
+			--secret id=$(patsubst $*/secrets/%,%,${secretpath})$(,)src=${secretpath}) \
 		$*

 # Clean up
 clean:
-	-rm -rv $(IMAGES) $(BUILD_IDS)
+	-rm -rv ${IMAGES} ${BUILD_IDS}

-.PHONY: all clean
+.PHONY: all localbuild oci clean
 .SUFFIXES:

 # Somehow GNU make forgets these are intermediates if not explicitly stated, feel free to look into it *shrug*
--- a/daemons/murmurd/Containerfile
+++ b/daemons/murmurd/Containerfile
@ -12,6 +12,7 @@ COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/murmur.crt /roo
 COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/murmur.key /root/.postgresql/postgresql.key

 ADD murmur.ini $CONFIG
+RUN --mount=type=secret,id=mregpass sed -i -e "s/MUMBLE_REGISTER_PASS/$(cat /run/secrets/mregpass)/" $CONFIG

 ENV CONFIG $CONFIG
 CMD murmurd -fg -ini $CONFIG
--- a/daemons/murmurd/murmur.ini
+++ b/daemons/murmurd/murmur.ini
@ -3,11 +3,11 @@ dbDriver=QPSQL
 dbUsername=murmur
 dbHost=localhost
 dbPort=5432
-#registerName="[RedXen] Good software lasts long!"
-#registerPassword=MUMBLE_REGISTER_PASS
-#registerUrl=https://redxen.eu/
-#registerHostname=redxen.eu
-#registerLocation=DE
+registerName="[RedXen] Good software lasts long!"
+registerPassword=MUMBLE_REGISTER_PASS
+registerUrl=https://redxen.eu/
+registerHostname=redxen.eu
+registerLocation=DE
 host=
 opusthreshold=10
 bandwidth=150000
--- a/data/selfsigned/Containerfile
+++ b/data/selfsigned/Containerfile
@ -16,6 +16,7 @@ RUN openssl req \
 	-sha256 \
 	-key /ca/keys/ca.key \
 	-subj "/O=RedXen/CN=mumble" \
+	-addext "subjectAltName = DNS: mumble.redxen.eu" \
 	-nodes \
 	-keyout keys/mumble.key \
 	-out /tmp/mumble.csr