From a54e00319690feccf437a7c56bb946a3ca536f33 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Mon, 30 Mar 2026 21:00:25 -0700 Subject: [PATCH] feat: inject Navidrome/slskd/Threadfin secrets from Infisical Replace hardcoded env vars with Infisical entrypoint wrapper that fetches TOKEN_SECRET, THREADFIN_*, NAVIDROME_*, and SLSKD_* from the claude-ops/media secret path at container startup. Co-Authored-By: Claude Opus 4.6 --- docker-compose.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b175f55..4a6264c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,21 +9,22 @@ services: - ALL security_opt: - no-new-privileges:true + volumes: + - /opt/infisical/entrypoint-wrapper.sh:/infisical-entrypoint.sh:ro + entrypoint: ["/infisical-entrypoint.sh"] + command: ["node", "server.js"] environment: + - INFISICAL_CLIENT_ID=${INFISICAL_CLIENT_ID} + - INFISICAL_CLIENT_SECRET=${INFISICAL_CLIENT_SECRET} + - INFISICAL_PROJECT_SLUG=claude-ops + - INFISICAL_SECRET_PATH=/media + - INFISICAL_URL=http://infisical:8080 - SMTP_HOST=${SMTP_HOST:-mail.rmail.online} - SMTP_PORT=${SMTP_PORT:-587} - SMTP_USER=${SMTP_USER} - SMTP_PASS=${SMTP_PASS} - ADMIN_EMAIL=${ADMIN_EMAIL:-jeff@jeffemmett.com} - - TOKEN_SECRET=${TOKEN_SECRET} - THREADFIN_URL=https://threadfin.jefflix.lol - - THREADFIN_USER=${THREADFIN_USER} - - THREADFIN_PASS=${THREADFIN_PASS} - - NAVIDROME_URL=${NAVIDROME_URL:-https://music.jefflix.lol} - - NAVIDROME_USER=${NAVIDROME_USER} - - NAVIDROME_PASS=${NAVIDROME_PASS} - - SLSKD_URL=${SLSKD_URL:-https://slskd.jefflix.lol} - - SLSKD_API_KEY=${SLSKD_API_KEY} labels: - "traefik.enable=true" - "traefik.http.routers.jefflix-website.rule=Host(`jefflix.lol`) || Host(`www.jefflix.lol`)" @@ -36,7 +37,11 @@ services: start_period: 15s networks: - traefik-public + - infisical-internal networks: traefik-public: external: true + infisical-internal: + external: true + name: infisical_infisical-internal