feat: password env variable

docker-compose.sh

@@ -5,17 +5,29 @@ readonly PROJECT_DIR 2>/dev/null
 
 source $PROJECT_DIR/utils.sh
 
+ENV_LIST_PS=(
+	"MIRROR_AUTH_SECRET"
+	"SYNAPSE_PASSWORD"
+)
+
 if [[ "--install" == $1 ]]; then
+
 	log_info "docker-compose Installation"
 	COMPOSE_FILE="$(realpath "$PROJECT_DIR/docker-compose.yml")"
 
 	if [[ -f "$COMPOSE_FILE" ]]; then
-        docker compose -f "$COMPOSE_FILE" up -d --force-recreate --remove-orphans && \
-        log_success "$COMPOSE_FILE is running.";
+		log_info "set docker password..."
+		
+		for env in "${ENV_LIST_PS[@]}"; do
+			env_variable "$env" "$(openssl rand -base64 32)"
+		done
+
+		docker compose -f "$COMPOSE_FILE" up -d --force-recreate --remove-orphans &&
+			log_success "$COMPOSE_FILE is running."
 		CMD="0 0 * * * PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /usr/bin/docker compose --env-file $ENV_FILE -f $PROJECT_DIR/docker-compose.yml pull -q && /usr/bin/docker compose --env-file $ENV_FILE -f $PROJECT_DIR/docker-compose.yml up -d --remove-orphans"
 		add_crontab "$CMD"
 	else
-        log_error "no docker-compose.yml found at $PROJECT_DIR";
+		log_error "no docker-compose.yml found at $PROJECT_DIR"
 	fi
 	exit
 fi

docker-compose.yml

@@ -220,7 +220,7 @@ services:
       - VIRTUAL_PORT=8008
       - SYNAPSE_POSTGRES_HOST=db-matrix
       - SYNAPSE_POSTGRES_USER=synapse
-      - SYNAPSE_POSTGRES_PASSWORD=${DB_PASSWORD}
+      - SYNAPSE_POSTGRES_PASSWORD=${SYNAPSE_PASSWORD}
       - SYNAPSE_POSTGRES_DB=synapse
     networks:
       - web-network
@@ -244,7 +244,7 @@ services:
       - VIRTUAL_PORT=3000
       - GITEA__server__DOMAIN=git.${HOSTNAME}
       - GITEA__server__ROOT_URL=https://git.${HOSTNAME}/
-    #      - DISABLE_REGISTRATION=true # Private instance security
+      - GITEA__service__DISABLE_REGISTRATION=true
     volumes:
       - ./data/gitea:/data
       - /etc/localtime:/etc/localtime:ro
@@ -263,7 +263,7 @@ services:
       - LETSENCRYPT_HOST=mirror.${HOSTNAME}
       - LETSENCRYPT_EMAIL=${EMAIL}
       - VIRTUAL_PORT=4321
-      - BETTER_AUTH_SECRET=${GITHUB_AUTH_SECRET}
+      - BETTER_AUTH_SECRET=${MIRROR_AUTH_SECRET}
       - BETTER_AUTH_TRUSTED_ORIGINS=https://mirror.${HOSTNAME}
     volumes:
       - gitea-mirror-data:/app/data

install.sh

@@ -10,8 +10,6 @@ ENV_LIST=(
 	"EMAIL" "HOSTNAME"
 	"TELEGRAM_TOKEN" "TELEGRAM_CHAT_ID"
 	"AWS" "ENDPOINT" "AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY"
-	"GITHUB_AUTH_SECRET"
-	"DB_PASSWORD"
 )
 
 readonly REQ=(
@@ -24,6 +22,7 @@ readonly REQ=(
 	"pgrep"
 	"pkill"
 	"uptime"
+	"openssl"
 )
 
 function check_root() {
@@ -74,7 +73,7 @@ function main() {
 	for env in "${ENV_LIST[@]}"; do
 		read -sp "Enter value for $env: " value
 		echo
-		env_variable "$env" "$value"
+		env_variable_interaction "$env" "$value"
 	done
 
 	install_scripts

utils.sh

@@ -43,9 +43,7 @@ function send_notification() {
 		-d "parse_mode=HTML"
 }
 
-function env_variable() {
-	source $ENV_FILE
-
+function env_variable_interaction() {
 	local key="$1"
 	local value="$2"
 
@@ -65,7 +63,21 @@ function env_variable() {
 			;;
 		esac
 	else
-		echo "$key=$value" >> "$ENV_FILE"
+
+		echo "$key=$value" >>"$ENV_FILE"
+		log_success "$key created."
+	fi
+}
+
+function env_variable() {
+	local key="$1"
+	local value="$2"
+
+	if grep -Eq "^${key}=" "$ENV_FILE" 2>/dev/null; then
+		sed -i "s/^$key=.*/$key=$value/" "$ENV_FILE"
+		log_success "$key updated."
+	else
+		echo "$key=$value" >>"$ENV_FILE"
 		log_success "$key created."
 	fi
 }
@@ -76,10 +88,13 @@ function add_crontab() {
 	fi
 
 	CRON_JOB=$1
-    crontab -l 2>/dev/null | grep -F "$CRON_JOB" > /dev/null 2>&1
+	crontab -l 2>/dev/null | grep -F "$CRON_JOB" >/dev/null 2>&1
 
 	if ! crontab -l 2>/dev/null | grep -Fq "$CRON_JOB"; then
-        (crontab -l 2>/dev/null; echo "$CRON_JOB") | crontab -
+		(
+			crontab -l 2>/dev/null
+			echo "$CRON_JOB"
+		) | crontab -
 		log_success "Cron job added."
 	fi
 }