From 1520a5a63f818e19667ef2de98d04f1af9f6dbf9 Mon Sep 17 00:00:00 2001
From: Colin Hebert <hebert.colin@gmail.com>
Date: Sun, 16 Apr 2023 09:34:30 +1000
Subject: [PATCH] Replace secrets/configs with mounted files/folders

---
 services/authentication/docker-compose.yml    | 35 ++++-----------
 services/bootstrap/docker-compose.yml         |  8 +---
 services/docker-monitoring/docker-compose.yml |  7 ++-
 services/dynamic-dns/docker-compose.yml       |  9 ++--
 .../reverse-proxy/docker-compose.macvlan.yml  | 11 -----
 services/reverse-proxy/docker-compose.yml     | 44 +++----------------
 services/scrobbler/docker-compose.yml         | 12 ++---
 services/torrents/docker-compose.yml          |  4 +-
 8 files changed, 28 insertions(+), 102 deletions(-)

diff --git a/services/authentication/docker-compose.yml b/services/authentication/docker-compose.yml
index 396bf1f..7722897 100644
--- a/services/authentication/docker-compose.yml
+++ b/services/authentication/docker-compose.yml
@@ -21,17 +21,14 @@ services:
       - reverse-proxy
     volumes:
       - ${NASCOMPOSE_SERVICES?}/authentication/volumes/authelia_config/:/config/
-    configs:
-      - source: authelia_configuration
-        target: /etc/authelia/configuration.yml
-      - source: authelia_access
-        target: /etc/authelia/access.yml
-      - source: authelia_authentication
-        target: /etc/authelia/authentication.yml
-    secrets:
-      - jwt_secret
-      - storage_key
-      - smtp_password
+      # Configuration
+      - ${NASCOMPOSE_SERVICES?}/authentication/configs/configuration.yml:/etc/authelia/configuration.yml:ro
+      - ${NASCOMPOSE_SERVICES?}/authentication/configs/access.yml:/etc/authelia/access.yml:ro
+      - ${NASCOMPOSE_SERVICES?}/authentication/configs/authentication.yml:/etc/authelia/authentication.yml:ro
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/authentication/secrets/jwt_secret:/run/secrets/jwt_secret:ro
+      - ${NASCOMPOSE_SERVICES?}/authentication/secrets/storage_key:/run/secrets/storage_key:ro
+      - ${NASCOMPOSE_SERVICES?}/authentication/secrets/smtp_password:/run/secrets/smtp_password:ro
     restart: unless-stopped
     labels:
       traefik.enable: true
@@ -39,19 +36,3 @@ services:
 networks:
   reverse-proxy:
     external: true
-
-configs:
-  authelia_configuration:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/configs/configuration.yml
-  authelia_access:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/configs/access.yml
-  authelia_authentication:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/configs/authentication.yml
-
-secrets:
-  jwt_secret:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/secrets/jwt_secret
-  storage_key:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/secrets/storage_key
-  smtp_password:
-    file: ${NASCOMPOSE_SERVICES?}/authentication/secrets/smtp_password
diff --git a/services/bootstrap/docker-compose.yml b/services/bootstrap/docker-compose.yml
index de75b4d..cb68eb5 100644
--- a/services/bootstrap/docker-compose.yml
+++ b/services/bootstrap/docker-compose.yml
@@ -26,8 +26,8 @@ services:
     volumes:
       - /var/packages/Docker/var/docker/volumes/:/var/lib/docker/volumes/
       - ${NASCOMPOSE_SERVICES?}/bootstrap/volumes/portainer_data/:/data/
-    secrets:
-      - portainer_password
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/bootstrap/secrets/portainer_password:/run/secrets/portainer_password:ro
     depends_on:
       - docker
     restart: unless-stopped
@@ -39,7 +39,3 @@ networks:
     name: docker
     labels:
       nas-compose.boostrap: true
-
-secrets:
-  portainer_password:
-    file: ${NASCOMPOSE_SERVICES?}/bootstrap/secrets/portainer_password
diff --git a/services/docker-monitoring/docker-compose.yml b/services/docker-monitoring/docker-compose.yml
index 539bc33..1d27cd9 100644
--- a/services/docker-monitoring/docker-compose.yml
+++ b/services/docker-monitoring/docker-compose.yml
@@ -13,6 +13,9 @@ services:
       WATCHTOWER_NOTIFICATION_URL: /run/secrets/watchtower_notification_url
     networks:
       - docker
+    volumes:
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/docker-monitoring/secrets/notification_url:/run/secrets/watchtower_notification_url:ro
     secrets:
       - watchtower_notification_url
     restart: unless-stopped
@@ -20,7 +23,3 @@ services:
 networks:
   docker:
     external: true
-
-secrets:
-  watchtower_notification_url:
-    file: ${NASCOMPOSE_SERVICES?}/docker-monitoring/secrets/notification_url
diff --git a/services/dynamic-dns/docker-compose.yml b/services/dynamic-dns/docker-compose.yml
index 4dc7988..c0bf2de 100644
--- a/services/dynamic-dns/docker-compose.yml
+++ b/services/dynamic-dns/docker-compose.yml
@@ -7,10 +7,7 @@ services:
     environment:
       - SUBDOMAINS=${NASCOMPOSE_DUCKDNS_DOMAIN?}
       - FILE__TOKEN=/run/secrets/duckdns_token
-    secrets:
-      - duckdns_token
+    volumes:
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/dynamic-dns/secrets/duckdns_token:/run/secrets/duckdns_token:ro
     restart: unless-stopped
-
-secrets:
-  duckdns_token:
-    file: ${NASCOMPOSE_SERVICES?}/dynamic-dns/secrets/duckdns_token
diff --git a/services/reverse-proxy/docker-compose.macvlan.yml b/services/reverse-proxy/docker-compose.macvlan.yml
index c0df6a4..b4ee598 100644
--- a/services/reverse-proxy/docker-compose.macvlan.yml
+++ b/services/reverse-proxy/docker-compose.macvlan.yml
@@ -6,18 +6,7 @@ services:
     networks:
       macvlan:
         ipv4_address: ${NASCOMPOSE_MACVLAN_TRAEFIK_IP?}
-    configs:
-      - source: traefik_synology
-        target: /etc/traefik/dynamic/synology.yml
-      - source: traefik_portainer
-        target: /etc/traefik/dynamic/portainer.yml
 
 networks:
   macvlan:
     external: true
-
-configs:
-  traefik_synology:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/synology.yml
-  traefik_portainer:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/portainer.yml
diff --git a/services/reverse-proxy/docker-compose.yml b/services/reverse-proxy/docker-compose.yml
index c8b02a0..6fb09e5 100644
--- a/services/reverse-proxy/docker-compose.yml
+++ b/services/reverse-proxy/docker-compose.yml
@@ -9,24 +9,12 @@ services:
     networks:
       - reverse-proxy
       - docker
-    configs:
-      - source: traefik_static
-        target: /etc/traefik/traefik.yml
-
-      - source: traefik_dynamic
-        target: /etc/traefik/dynamic/traefik.yml
-      - source: traefik_tls
-        target: /etc/traefik/dynamic/tls.yml
-      - source: traefik_hsts
-        target: /etc/traefik/dynamic/hsts.yml
-
-      - source: traefik_authelia
-        target: /etc/traefik/dynamic/authelia.yml
-      - source: traefik_transmission-api
-        target: /etc/traefik/dynamic/transmission-api.yml
-    secrets:
-      - traefik_tls_cert
-      - traefik_tls_key
+    volumes:
+      # Config
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/:/etc/traefik:ro
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.cert:/run/secrets/traefik_tls_cert:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.key:/run/secrets/traefik_tls_key:ro
     restart: unless-stopped
     labels:
       traefik.enable: true
@@ -39,23 +27,3 @@ networks:
 
   docker:
     external: true
-
-configs:
-  traefik_static:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml
-  traefik_dynamic:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/traefik.yml
-  traefik_tls:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/tls.yml
-  traefik_hsts:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/hsts.yml
-  traefik_authelia:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/authelia.yml
-  traefik_transmission-api:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/transmission-api.yml
-
-secrets:
-  traefik_tls_cert:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.cert
-  traefik_tls_key:
-    file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.key
diff --git a/services/scrobbler/docker-compose.yml b/services/scrobbler/docker-compose.yml
index 11e40af..453246c 100644
--- a/services/scrobbler/docker-compose.yml
+++ b/services/scrobbler/docker-compose.yml
@@ -20,9 +20,9 @@ services:
       - scrobbler
     volumes:
       - ${NASCOMPOSE_SERVICES?}/scrobbler/volumes/plaxt_keystore/:/app/keystore/
-    secrets:
-      - trakt_id
-      - trakt_secret
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/scrobbler/secrets/trakt_id:/run/secrets/trakt_id:ro
+      - ${NASCOMPOSE_SERVICES?}/scrobbler/secrets/trakt_secret:/run/secrets/trakt_secret:ro
     restart: unless-stopped
     labels:
       traefik.enable: true
@@ -34,9 +34,3 @@ networks:
 
   reverse-proxy:
     external: true
-
-secrets:
-  trakt_id:
-    file: ${NASCOMPOSE_SERVICES?}/scrobbler/secrets/trakt_id
-  trakt_secret:
-    file: ${NASCOMPOSE_SERVICES?}/scrobbler/secrets/trakt_secret
diff --git a/services/torrents/docker-compose.yml b/services/torrents/docker-compose.yml
index 85561bb..d7916a3 100644
--- a/services/torrents/docker-compose.yml
+++ b/services/torrents/docker-compose.yml
@@ -20,11 +20,13 @@ services:
     volumes:
       - ${NASCOMPOSE_SERVICES?}/torrents/volumes/qbittorrent_config/:/config/
       - ${NASCOMPOSE_DATA?}/torrents/:/data/
-      - ${NASCOMPOSE_SERVICES?}/torrents/secrets/wg0.conf:/config/wireguard/wg0.conf:ro
+      # Configuration
       - ${NASCOMPOSE_SERVICES?}/torrents/config/set_port.sh:/bin/set_port.sh:ro
       - ${NASCOMPOSE_SERVICES?}/torrents/config/01-natpmp-install:/etc/cont-init.d/01-natpmp-install:ro
       - ${NASCOMPOSE_SERVICES?}/torrents/config/98-gateway-setup:/etc/cont-init.d/98-gateway-setup:ro
       - ${NASCOMPOSE_SERVICES?}/torrents/config/99-cron-start:/etc/cont-init.d/99-cron-start:ro
+      # Secrets
+      - ${NASCOMPOSE_SERVICES?}/torrents/secrets/wg0.conf:/config/wireguard/wg0.conf:ro
     restart: unless-stopped
     labels:
       traefik.enable: true