GitCryptでSettingsディレクトリを暗号化

.git-crypt/.gitattributes

@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary

.git-crypt/keys/default/0/2F830A044B12914C909059CD457549F11D7F905D.gpg

@@ -0,0 +1,3 @@
+�^�qo��[��
@�IK�S�Š���1������=O�X���]
+D�z0���i����#�̟9��=�,	�S��T����L�B&��d/ֳ����
	9�
���J�bF�:�r��@����Ts���쾒��QJ\����F�����ݛV0����B���4	M�����x P$�����{���*
+�O����:#�.���.%�$��k��n��?�ݜD���]
�lbsh��0��X�.���^��Ĭ�{���N�o鸟^z����|l}�Օ�۞�t���l���:tz1�d��<9��

.git-crypt/keys/default/0/F67BA90EAE6E5689EE438EF3D415E06BEDA5AA76.gpg

@@ -0,0 +1 @@
+�^��-&�
@��!��-0I����G>ڀ�b��h-K�tDI0jʂ䊚��
��0�@��<��]��J�v�Y:c��[�� S˫>��Ў��
	Eۮ-�sg�����T)샹�t����De����x��;)��O��,}o�pa�	N��y��tUܟw�����G�[�x�yq��*�K�_V揔/���<v�,�ސ��s�6�]�G��x6��"	��#?`��C����ᗟ���WY}G������t�Se(�ǠM��+�S?p���B5`恮/zS�2�P��"��a.{����

.gitattributes

@@ -0,0 +1,5 @@
+# all envfile
+*/**.env filter=git-crypt diff=git-crypt
+
+# settings
+settings/** filter=git-crypt diff=git-crypt

.gitignore

@@ -1,11 +1,4 @@
-# env_file
-*/**.env
-
 # keycloak
-auth/data/export.json
-auth/data/out*.json
-auth/data/merged.json
-
-# cloudflare
-cloudflare/**/cert.pem
-cloudflare/**/*.json
+settings/dev/data/export.json
+settings/dev/data/out*.json
+settings/dev/data/merged.json

Makefile

@@ -1,6 +1,6 @@
 build:
-# セッティングをPull
-	sh ../settings/pull.sh
+# # セッティングをPull
+# 	sh ../settings/pull.sh
 # 全てのコンテナをビルド
 	docker compose down -v
 	docker compose build

docker-compose.prod.yml

@@ -3,7 +3,7 @@ services:
   cloudflare:
     image: cloudflare/cloudflared:latest
     container_name: "cloudflare"
-    volumes: [./cloudflare/prod:/home/nonroot/.cloudflared]
+    volumes: [settings/prod/cloudflare:/home/nonroot/.cloudflared]
     command: tunnel run
 
   auth: # keycloak
@@ -15,15 +15,15 @@ services:
     volumes:
       - ./auth/merge.sh:/opt/keycloak/merge.sh
       - ./auth/themes:/opt/keycloak/themes
-    env_file: [../settings/account/production.env]
+    env_file: [settings/prod/auth.env]
 
   api: # hasura
     build:
       context: .docker
       dockerfile: api.Dockerfile
     container_name: "account_api"
     volumes: [./api:/hasura]
-    env_file: [../settings/account/production.env]
+    env_file: [settings/prod/api.env]
 
   front: # nextjs
     build:
@@ -32,4 +32,4 @@ services:
     container_name: account_front
     command: sh -c "npm install && npm run build && npm run start"
     volumes: [.:/repo]
-    env_file: [../settings/account/production.env]
+    env_file: [settings/prod/front.env]

docker-compose.yml

@@ -6,7 +6,7 @@ services:
     volumes:
       - db_data:/var/lib/postgresql/data
       - ./sql:/sql
-    env_file: [../settings/account/development.env]
+    env_file: [settings/dev/db.env]
     healthcheck:
       test: ["CMD-SHELL", "pg_isready"]
       interval: 10s
@@ -22,11 +22,11 @@ services:
       - 8080:8080
       - 9990:9990
     command: start-dev
-    env_file: [../settings/account/development.env]
+    env_file: [settings/dev/auth.env]
     volumes:
       - ./auth/merge.sh:/opt/keycloak/merge.sh
       - ./auth/themes:/opt/keycloak/themes
-      - ../settings/account/data:/opt/keycloak/data # required settings repository
+      - ./auth/data:/opt/keycloak/data # required unlock for git-crypt
     depends_on:
       db:
         condition: service_healthy
@@ -40,7 +40,7 @@ services:
     container_name: "account_api"
     ports: ["8082:8080"]
     volumes: [./api:/hasura]
-    env_file: [../settings/account/development.env]
+    env_file: [settings/dev/api.env]
     depends_on:
       db:
         condition: service_healthy
@@ -53,7 +53,7 @@ services:
     ports: [3000:3000]
     command: sh -c "npm install && npm run dev"
     volumes: [.:/repo]
-    env_file: [../settings/account/development.env]
+    env_file: [settings/dev/front.env]
     depends_on: [auth, api]
 
 volumes: