Keep secrets out of repo

2025-11-13 01:44:01 +08:00
parent f8e38599b0
commit 56055187f8
5 changed files with 25 additions and 5 deletions
--- a/scripts/render_dynamic.sh
+++ b/scripts/render_dynamic.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR"
+if [[ ! -f .env ]]; then
+  echo "Missing .env file. Copy .env.example and fill in secrets." >&2
+  exit 1
+fi
+set -a
+# shellcheck disable=SC1091
+source .env
+set +a
+: "${CROWDSEC_LAPI_KEY:?CROWDSEC_LAPI_KEY must be set in .env}"
+if ! command -v envsubst >/dev/null 2>&1; then
+  echo "envsubst is required to render templates." >&2
+  exit 1
+fi
+envsubst < dynamic.d/middlewares/crowdsec.yml.tmpl > dynamic.d/middlewares/crowdsec.yml
+echo "Rendered dynamic.d/middlewares/crowdsec.yml"