Added docker secrets support for PASSWORD and WG_HOST

docker-compose.dev-secrets.yml

@@ -0,0 +1,24 @@
+version: "3.8"
+services:
+  wg-easy:
+    image: wgeasy
+    command: npm run serve
+    volumes:
+      - ./src/:/app/
+    environment: 
+      - PASSWORD=/run/secrets/wireguard_password
+      - WG_HOST=/run/secrets/wireguard_host
+    secrets:
+      - wireguard_password
+      - wireguard_host
+secrets:
+  wireguard_password:
+    external: true
+  wireguard_host:
+    external: true
+
+# require docker swarm to test
+# docker swarm int
+# printf "password" | docker secret create wireguard_password -
+# printf "domain.com" | docker secret create wireguard_host -
+# docker stack deploy -c docker-compose.dev-secrets.yml wg-easy

src/config.js

@@ -1,12 +1,13 @@
 'use strict';
 
 const { release } = require('./package.json');
+const secrets = require('./secrets');
 
 module.exports.RELEASE = release;
 module.exports.PORT = process.env.PORT || 51821;
-module.exports.PASSWORD = process.env.PASSWORD;
+module.exports.PASSWORD = secrets.read(process.env.PASSWORD) || process.env.PASSWORD;
 module.exports.WG_PATH = process.env.WG_PATH || '/etc/wireguard/';
-module.exports.WG_HOST = process.env.WG_HOST;
+module.exports.WG_HOST = secrets.read(process.env.WG_HOST)|| process.env.WG_HOST;
 module.exports.WG_PORT = process.env.WG_PORT || 51820;
 module.exports.WG_MTU = process.env.WG_MTU || null;
 module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;

src/secrets.js

@@ -0,0 +1,18 @@
+const fs = require('fs');
+
+const dockerSecret = {};
+
+dockerSecret.read = function read(secret) {
+  try {
+    return fs.readFileSync(secret, 'utf8');
+  } catch(err) {
+    if (err.code !== 'ENOENT') {
+        console.error(`An error occurred while trying to read the secret: ${secret}. Err: ${err}`);
+    } else {
+        console.debug(`Could not find the secret, probably not running in swarm mode: ${secret}. Err: ${err}`);
+    }    
+    return false;
+  }
+};
+
+module.exports = dockerSecret;