44 lines
1.3 KiB
HCL
44 lines
1.3 KiB
HCL
[[- /*
|
|
# vim: syntax=hcl
|
|
# Note: for compatibility, we take env either from .env (when passing the whole context to the template)
|
|
# or from . (when only .env is passed as context)
|
|
*/ -]]
|
|
[[- $env := dict ]]
|
|
[[- if and (has . "env") (isKind "map" .env) ]]
|
|
[[- $env = .env ]]
|
|
[[- else ]]
|
|
[[- $env = . ]]
|
|
[[- end -]]
|
|
|
|
[[- if gt (keys $env | len) 0 ]]
|
|
|
|
# Use a template block instead of env {} so we can fetch values from vault
|
|
template {
|
|
data = <<_EOT
|
|
[[- range $k, $v := $env ]]
|
|
[[- if or (isKind "string" $v) (isKind "number" $v) (isKind "bool" $v) ]]
|
|
[[ $k ]]=[[ $v ]]
|
|
[[- else if isKind "map" $v ]]
|
|
[[- if and (has $v "source") (eq $v.source "vault") ]]
|
|
[[ $k ]]={{ with secret "[[ if has $v "path" ]][[ $v.path ]][[ else ]][[ $.vault.kv.path ]][[ end ]]" }}{{ [[ $v.key ]] }}{{ end }}
|
|
[[- end ]]
|
|
[[- end ]]
|
|
[[- end ]]
|
|
[[- if and (has . "proxy") .proxy.enabled ]]
|
|
[[- if not (has $env "HTTP_PROXY") ]]
|
|
HTTP_PROXY=[[ .proxy.address ]]
|
|
[[- end ]]
|
|
[[- if not (has $env "HTTPS_PROXY") ]]
|
|
HTTPS_PROXY=[[ .proxy.address ]]
|
|
[[- end ]]
|
|
[[- if and (has .proxy "no_proxy") (not (has $env "NO_PROXY")) ]]
|
|
NO_PROXY=[[ join .proxy.no_proxy "," ]]
|
|
[[- end ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/.env"
|
|
perms = 400
|
|
env = true
|
|
}
|
|
[[- end ]]
|