From c921a9610147a8af012e0d0cdf0c54571cfa5a5c Mon Sep 17 00:00:00 2001
From: Tao Chen <tachen@phys.ethz.ch>
Date: Fri, 6 Oct 2023 18:58:01 +0200
Subject: [PATCH] add secrets for USERNAME and PASSWORD

---
 .gitignore            |  3 ++-
 docker-compose.yml    | 15 ++++++++++++---
 scripts/000-config.sh | 10 ++++++----
 secrets/.gitignore    |  2 ++
 4 files changed, 22 insertions(+), 8 deletions(-)
 create mode 100644 secrets/.gitignore

diff --git a/.gitignore b/.gitignore
index 6320cd2..279069b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-data
\ No newline at end of file
+data
+sec
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 2140882..12a3e11 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,9 +11,18 @@ services:
     environment:
       EXEC_INTERVAL_MINUTE: 10
       RUN_ON_STARTUP: true
-      RESTIC_USER: $USER
-      RESTIC_PASSWORD: '%24---%40'
-      # %24 means $, %40 means @
+      RESTIC_USER_FILE: /run/secrets/USERNAME
+      RESTIC_PASSWORD_FILE: /run/secrets/PASSWORD
       # DEBUG: true
       RESTIC_HOST: restic-lab.phys.ethz.ch
+    secrets:
+      - USERNAME
+      - PASSWORD
+
+secrets:
+  USERNAME:
+    file: ./secrets/USERNAME
+  PASSWORD:
+    file: ./secrets/PASSWORD
+
       
\ No newline at end of file
diff --git a/scripts/000-config.sh b/scripts/000-config.sh
index 2475bb0..37520a8 100644
--- a/scripts/000-config.sh
+++ b/scripts/000-config.sh
@@ -2,13 +2,15 @@
 
 RESTIC_DIR="${HOME}/.backupbox-phys"
 
-if [ -z "$RESTIC_USER" ]; then
-    echo "Please provide your restic user from the backupbox web interface: "
+if [ -z $RESTIC_HOST ]; then
+    echo "Please provide your restic host from the backupbox web interface: "
     exit 1
 fi
 
-if [ -z $RESTIC_HOST ]; then
-    echo "Please provide your restic host from the backupbox web interface: "
+if [ -f "$RESTIC_USER_FILE" ]; then
+    RESTIC_USER=$(cat $RESTIC_USER_FILE)
+elif [ -z "$RESTIC_USER" ]; then
+    echo "Please provide your restic user from the backupbox web interface: "
     exit 1
 fi
 
diff --git a/secrets/.gitignore b/secrets/.gitignore
new file mode 100644
index 0000000..c96a04f
--- /dev/null
+++ b/secrets/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
-- 
GitLab