🔨 Move secret to init script

2025-05-04 19:01:21 +00:00 · 2019-03-30 11:31:16 +00:00 · 2019-03-30 11:31:16 +00:00 · b78ed7750a
commit b78ed7750a
parent 162914b052
3 changed files with 7 additions and 41 deletions
--- a/home-panel/Dockerfile
+++ b/home-panel/Dockerfile
@ -10,7 +10,6 @@ COPY rootfs /
 RUN \
    apk add --no-cache --virtual .build-dependencies \
        git=2.20.1-r0 \
-        openssl=1.1.1b-r1 \
        yarn=1.12.3-r0 \
    \
    && apk add --no-cache \
@ -26,9 +25,6 @@ RUN \
        "https://github.com/timmo001/home-panel.git" /tmp/panel \
    && mv /tmp/panel/api /opt/api \
    \
-    && mv /etc/home-panel/default.json /opt/api/config \
-    && sed -i "s/API_AUTH_SECRET/$(openssl rand -base64 32)/g" /opt/api/config/default.json \
-    \
    && cd /opt/api \
    && yarn install \
    \
--- a/home-panel/rootfs/etc/cont-init.d/20-secrets.sh
+++ b/home-panel/rootfs/etc/cont-init.d/20-secrets.sh
@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: Home Panel
+# This updates the internal auth secret for the API
+# ==============================================================================
+# shellcheck disable=2094,2016
+bashio::jq /opt/api/config/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/api/config/default.json
--- a/home-panel/rootfs/etc/home-panel/default.json
+++ b/home-panel/rootfs/etc/home-panel/default.json
@ -1,37 +0,0 @@
-{
-    "host": "localhost",
-    "port": 3234,
-    "public": "../public/",
-    "paginate": {
-      "default": 10,
-      "max": 50
-    },
-    "authentication": {
-      "secret": "API_AUTH_SECRET",
-      "strategies": ["jwt", "local"],
-      "path": "/authentication",
-      "service": "users",
-      "jwt": {
-        "header": {
-          "typ": "access"
-        },
-        "audience": "https://timmo.dev/home-panel",
-        "subject": "anonymous",
-        "issuer": "feathers",
-        "algorithm": "HS256",
-        "expiresIn": "1d"
-      },
-      "local": {
-        "entity": "user",
-        "usernameField": "username",
-        "passwordField": "password"
-      },
-      "cookie": {
-        "enabled": true,
-        "name": "feathers-jwt",
-        "httpOnly": false,
-        "secure": false
-      }
-    },
-    "nedb": "/data"
-  }