Add SSMTP_PASSWORD_FILE env var (#80)

crazy-max · Nov 22, 2020 · 48a6a44 · 48a6a44
1 parent 6c46f81
commit 48a6a44
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.11.1-RC4 (2020/11/22)
+
+* Add `SSMTP_PASSWORD_FILE` env var
+
 ## 0.11.1-RC3 (2020/07/30)
 
 * Bringing the `INPUT` and `DOCKER-USER` chains together (#17 #46)

diff --git a/Dockerfile b/Dockerfile
@@ -10,6 +10,7 @@ ENV FAIL2BAN_VERSION="0.11.1" \
   TZ="UTC"
 
 RUN apk --update --no-cache add \
+    bash \
     curl \
     ipset \
     iptables \

diff --git a/README.md b/README.md
@@ -76,6 +76,8 @@ Image: crazymax/fail2ban:latest
 * `SSMTP_TLS`: Use TLS to talk to the SMTP server (default `NO`)
 * `SSMTP_STARTTLS`: Specifies whether ssmtp does a EHLO/STARTTLS before starting SSL negotiation (default `NO`)
 
+> 💡 `SSMTP_PASSWORD_FILE` can be used to fill in the value from a file, especially for Docker's secrets feature.
+
 ### Volumes
 
 * `/data`: Contains customs jails, actions and filters and Fail2ban persistent database

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 TZ=${TZ:-UTC}
 
@@ -11,12 +11,36 @@ SSMTP_HOSTNAME=${SSMTP_HOSTNAME:-$(hostname -f)}
 SSMTP_TLS=${SSMTP_TLS:-NO}
 SSMTP_STARTTLS=${SSMTP_STARTTLS:-NO}
 
+# From https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh#L21-L41
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
 # Timezone
 echo "Setting timezone to ${TZ}..."
 ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime
 echo ${TZ} > /etc/timezone
 
 # SSMTP
+file_env 'SSMTP_PASSWORD'
 echo "Setting SSMTP configuration..."
 if [ -z "$SSMTP_HOST" ] ; then
   echo "WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails"
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,6 +10,7 @@ ENV FAIL2BAN_VERSION="0.11.1" \ @@
       TZ="UTC"
     RUN apk --update --no-cache add \
+        bash \
         curl \
         ipset \
         iptables \
@@ Expand Down @@