Add auto network creation & podman secret environment variables

2025-07-25 20:04:12 +02:00
parent 5bcd4bdca2
commit d5bc3539b6
3 changed files with 24 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -58,6 +58,11 @@ read_only = true # Whether to use ro mode, optional
 key = "<SECRET KEY>" # Secret key used in `podman secret`
 target = "<TARGET SECRET FILE>" # Target secret filename in /var/run/secrets. Optional, defaults to the key

+# Between environment and secrets: get secret from Podman and set it as environment variable
+[[environment_secrets]]
+name = "<ENV VARIABLE>" # Target environment variable name
+secret = "<SECRET NAME>" # Secret key in `podman secret`
+
 # Optionally, you can configure a healthcheck
 [service.healthcheck]
 cmd = "<HEALTHCHECK COMMAND>" # The command or route to run/check
--- a/src/main.rs
+++ b/src/main.rs
@@ -26,7 +26,12 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {

    // start_pre()
    script.push_str("start_pre() {\n");
-    script.push_str(&wrap(&format!("podman rm {} --ignore", config.service.name)));
+    let mut start_pre_commands = Vec::new();
+    if let Some(network) = &config.service.network {
+        start_pre_commands.push(format!("podman network create {} --ignore;", network));
+    }
+    start_pre_commands.push(format!("podman rm {} --ignore;", config.service.name));
+    script.push_str(&wrap(&start_pre_commands.join("\n")));
    script.push_str("\n}\n\n");
    // }

@@ -66,6 +71,10 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {
        arguments.push(format!("--env {}='{}'", key, value));
    }

+    for secret in &config.environment_secrets {
+        arguments.push(format!("--env {}='$(podman secret inspect --showsecret --format {{.SecretData}} {})'", secret.name, secret.secret));
+    }
+
    for volume in &config.volumes {
        arguments.push(format!("--volume {}:{}", &volume.volume, &volume.path));
    }
--- a/src/service.rs
+++ b/src/service.rs
@@ -12,6 +12,9 @@ pub struct ServiceConfig {
    #[serde(default)]
    pub environment: HashMap<String, String>,

+    #[serde(default)]
+    pub environment_secrets: Vec<EnvironmentSecret>,
+
    #[serde(default)]
    pub ports: Vec<PortMapping>,

@@ -48,6 +51,12 @@ pub struct Secret {
    pub target: Option<String>
 }

+#[derive(Debug, Deserialize)]
+pub struct EnvironmentSecret {
+    pub name: String,
+    pub secret: String
+}
+
 #[derive(Debug, Deserialize)]
 pub struct PortMapping {
    pub host: u16,