Development (#357)

* Switched from S6-overlay v2 to S6-overlay v3
* Base image Alpine 3.19
* PostrgeSQL 16 support
* HASSIO support (PostgreSQL 16 and s6-overlay v3 dependency). (thanks for all the great help @sanderdw and @Alfagek!)
* Support for Docker secrets (thank for your input @frankforpresident)

Dockerfile

@@ -133,12 +133,11 @@ RUN echo "**** configure nginx package ****" \
 FROM base as final
 
 COPY rootfs /
-COPY ./docker/entrypoint /
 
 # TODO: Improve healtcheck to respond on 200 only
 # TODO: Improve healtcheck so it's only valid for containers with the webinterface enabled
 HEALTHCHECK --interval=15s --timeout=3s --retries=10 CMD curl -Lsf http://127.0.0.1/about -o /dev/null -w "HTTP_%{http_code}" || exit 1
 
 WORKDIR /app
 
-ENTRYPOINT ["/docker-entrypoint.sh", "/init"]
+ENTRYPOINT ["/init"]

Makefile

@@ -9,3 +9,7 @@ test: build
 
 shell:
 	exec docker exec -ti dsmr bash
+
+
+# docker build --pull --rm --format docker --build-arg DSMR_VERSION="5.11.0" --platform="linux/amd64" --build-arg QEMU_ARCH="x86_64" --build-arg DOCKER_TARGET_RELEASE="2099.09.09" -t dsmr_test_image .; docker save localhost/dsmr_test_image:latest > dsmr_dev; scp -O dsmr_dev [email protected]:/volume1/onedrive/smarthome
+# docker image load < dsmr_dev ; ./docker.sh dsmr_dev; docker logs -f dsmr

README.md

@@ -272,6 +272,25 @@ It's not possible to combine those settings!!!:
 
 The ```--no-healthcheck``` argument should only be used when the containers function NOT presenting the DSMR Reader webinterface, for example the datalogger sender mode. By default this argument should not be used!
 
+* ##### Environment variables from files (Docker secrets)
+You can set any environment variable from a file by using a special prepend `FILE__`.
+
+As an example:
+```yaml
+services:
+    some_service:
+    image: some_image
+    environment:
+        FILE__SECRET: /run/secrets/a_secret_file
+    secrets: - a_secret_file
+
+secrets:
+    a_secret_file:
+        file : somedir/my_secret.txt
+```
+
+Basiccally, the bottom secrets section mounts `my_secrets.txt` as `/run/secrets/a_secret_file`. The secrets section under the service authorize the service to use the `a_secret_file secret`. The environment variable FILE__SECRET tells the service what file to read to set/get the value of the environment variable `SECRET`.
+
 ***
 #### Features
 * ##### DSMR Reader - Database cleanup/vacuum

examples/docker-compose.example.yaml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   dsmrdb:
-    # When using Postgres, release 13.x, 14.x and 15.x are supported only
+    # When using Postgres, release 13.x, 14.x, 15.x, and 16.x are supported only
     # due to the limited availability of client packages, especially for arm32v7
     image: postgres:16-alpine
     container_name: dsmrdb
@@ -42,6 +42,9 @@ services:
       - TZ=Europe/Amsterdam
       - DJANGO_TIME_ZONE=Europe/Amsterdam
       - VIRTUAL_HOST=localhost
+      - FILE__SECRET=/run/secrets/a_secret_file
+    secrets:
+      - a_secret_file
     ports:
       - 7777:80
       - 7779:443
@@ -65,6 +68,10 @@ services:
       timeout: 5s
       retries: 10
 
+secrets:
+    a_secret_file:
+        file : somedir/my_secret.txt
+
 volumes:
   dsmrdb: null
   dsmrdb_backups: null

rootfs/etc/s6-overlay/s6-rc.d/docker-entrypoint/run → rootfs/etc/s6-overlay/s6-rc.d/init-docker-entrypoint/run

@@ -24,7 +24,7 @@ function _pre_reqs() {
     groupmod -o -g "${DGID}" app >/dev/null 2>&1
     usermod -o -u "${DUID}" app >/dev/null 2>&1
 
-    cat /etc/s6-overlay/s6-rc.d/docker-entrypoint/branding
+    cat /etc/s6-overlay/s6-rc.d/init-docker-entrypoint/branding
     echo "
     User UID: $(id -u app)
     User GID: $(id -g app)
@@ -324,14 +324,50 @@ function _generate_clientcert_auth_configuration() {
                 _info "CLIENT CERT AUTHENTICATION configured and enabled"
                 return
             else
-                _error "NGINX configuration error"
+                _error "NGINX configuration error!"
                 exit 1
             fi
         fi
     fi
     _info "ENABLE_CLIENTCERT_AUTH is disabled, nothing to see here. Continuing..."
 }
 
+# Todo: improve docker secrets scripts do check on hex for newline
+# filename="${FILENAME##*/}"
+# last_bytes=$(tail -c 2 "${SECRETFILE}" | od -An -tx1 | tr -d ' ')
+
+# if [[ "$last_bytes" == "0a" ]]; then  # Only LF
+#     _info "Warning: Docker secret file '$filename' contains a trailing Line Feed (LF) newline ('\\n') which may cause issues."
+#     echo "Consider removing it with 'sed -i '' ':a;N;$!ba;s/\\n$//' '$SECRETFILE'' if you encounter problems."
+# elif [[ "$last_bytes" == "0d0a" ]]; then  # CRLF
+#     _info "Warning: Docker secret file '$filename' contains a trailing Windows-style newline (CRLF) which may cause issues."
+#     echo "Consider removing it with 'sed -i '' 's/\\r\\n$//' '$SECRETFILE'' if you encounter problems."
+# elif [[ "$last_bytes" =~ "0d" ]]; then  # Only CR
+#     _info "Warning: Docker secret file '$filename' contains a trailing Carriage Return (CR) newline ('\\r') which may cause issues."
+#     echo "Consider removing it with 'sed -i '' 's/\\r$//' '$SECRETFILE'' if you encounter problems."
+# else
+#     _info "Docker secret file '$filename' is properly formatted without any trailing newline."
+# fi
+
+function _docker_secrets {
+    if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
+        _info "Enabling Docker secrets..."
+        for FILENAME in /run/s6/container_environment/FILE__*; do
+                SECRETFILE=$(cat "${FILENAME}")
+                if [[ -f ${SECRETFILE} ]]; then
+                    FILESTRIP=${FILENAME//FILE__/}
+                    if [[ $(tail -n1 "${SECRETFILE}" | wc -l) != 0 ]]; then
+                        _info "Docker secret: ${FILENAME##*/} contains a trailing newline and may not work as expected!"
+                    fi
+                    cat "${SECRETFILE}" >"${FILESTRIP}"
+                    _info "Docker secret ${FILESTRIP##*/} set from ${FILENAME##*/}..."
+                else
+                    _info "Cannot find Docker secret in ${FILENAME##*/}..."
+                fi
+        done
+    fi
+}
+
 function _iframe {
     if [[ "${ENABLE_IFRAME}" = true ]]; then
         _info "Enabling IFrame..."
@@ -362,4 +398,5 @@ if [[ "${DSMRREADER_OPERATION_MODE}" != api_client ]]; then
     _generate_auth_configuration
     _dsmr_datalogger_mode
     _optional_settings
+    _docker_secrets
 fi

rootfs/etc/s6-overlay/s6-rc.d/init-docker-entrypoint/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-docker-entrypoint/run

rootfs/etc/s6-overlay/s6-rc.d/svc-dsmr-backend/dependencies

@@ -1 +1 @@
-docker-entrypoint
+init-docker-entrypoint

rootfs/etc/s6-overlay/s6-rc.d/svc-dsmr-datalogger/dependencies

@@ -1,2 +1,2 @@
-docker-entrypoint
+init-docker-entrypoint
 svc-nginx

rootfs/etc/s6-overlay/s6-rc.d/svc-dsmr-remote-datalogger/dependencies

@@ -1,2 +1,2 @@
-docker-entrypoint
+init-docker-entrypoint
 svc-nginx

rootfs/etc/s6-overlay/s6-rc.d/svc-dsmr-webinterface/dependencies

@@ -1 +1 @@
-docker-entrypoint
+init-docker-entrypoint

rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies

@@ -1 +1 @@
-docker-entrypoint
+init-docker-entrypoint