homelab/fighter/config/ddns
Joey Hafner 1109cfd9e6
All checks were successful
Deploy to Fighter / Deploy (push) Successful in 17s
Deploy to Druid / Deploy (push) Successful in 18s
Deploy to Fighter / Notify (push) Successful in 2s
Deploy to Druid / Notify (push) Successful in 9s
Update all compose files to 3.9 spec
2024-02-15 02:09:59 -08:00
..
ddclient Rename jafner-net to fighter 2023-10-05 09:10:22 -07:00
ddclient.env Switch UID and GID to match admin 2023-12-15 01:47:31 -08:00
docker-compose.yml Update all compose files to 3.9 spec 2024-02-15 02:09:59 -08:00
README.md #110 Init Secrets.md 2023-12-15 11:48:44 -08:00

Updating ddclient.conf

ddclient does not natively support proper secret management for credentials. So in order to ensure that our DNS management credentials are not kept in Git, we have to work around that.

Our credentials are stored in ddclient_secrets.env, which is git-ignored. Additionally, the actual ddclient.conf file is git-ignored because it must contain the credentials.

So we generate the config file when it must be updated. To update the file, we can run the following command:

cd ~/homelab/fighter/config/ddns/ && \
export $(cat ddclient_secrets.env | xargs) && \
envsubst < ./ddclient/ddclient.template > ./ddclient/ddclient.conf && \
unset $(grep -v '^#' ddclient_secrets.env | sed -E 's/(.*)=.*/\1/' | xargs) && \
docker-compose up -d --force-recreate

First we export the variables in the ddclient_secrets.env file (which are all simple key-value pairs). Then, the envsubst command looks for env variable references (like $USER_Jafner_chat) in the ddclient.template file (via stdin) and replaces them with the values from the current shell. We remove the secrets from the shell to preserve security. Finally, we recreate the container to apply the new settings.

StackOverflow - Set environment variables from file of ke/value pairs