diff --git a/CLAUDE.md b/CLAUDE.md index 0c6d863..c6ce03e 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -11,18 +11,15 @@ Proxmox VE homelab cluster running Docker Swarm services. Three Proxmox hosts (p All services deploy as Docker Swarm stacks from the manager node (pve-postgres). The active service definitions are in `proxmox/services/`. The `services/` directory contains older pre-migration copies. ```bash -# Generate env var prefix from pass (run locally) -./proxmox/services/gen-env.sh - -# Copy yml to manager and deploy +# Copy yml to manager and deploy (resolve secrets from pass inline) scp proxmox/services/.yml pve-postgres:~/ -ssh pve-postgres " docker stack deploy -c .yml " +ssh pve-postgres "VAR=$(pass homelab/VAR) docker stack deploy -c .yml " # Remove a stack ssh pve-postgres "docker stack rm " ``` -Secrets come from `pass` under the `homelab/` prefix. Use `gen-env.sh` to extract required `${VAR}` references from a yml and resolve them. Never hardcode secrets in files. +Secrets come from `pass` under the `homelab/` prefix. Resolve them inline when deploying. Never hardcode secrets in files. ## Service YML Conventions @@ -51,7 +48,6 @@ Use SSH config aliases (`pve-postgres`, `pve-tools`, `adder-ghost`, `pve`, `adde ## Key Files - `proxmox/services/*.yml` — Active swarm stack definitions -- `proxmox/services/gen-env.sh` — Extracts env vars from yml, resolves from `pass homelab/` - `proxmox/services/nats.conf` — NATS server config (JetStream, websocket, monitoring) - `proxmox/services/01-init.sql` — Postgres init script (creates users/databases) - `proxmox/post_init_node.org` — Fresh Proxmox node setup steps diff --git a/proxmox/services/gen-env.sh b/proxmox/services/gen-env.sh deleted file mode 100755 index 1a6e6b7..0000000 --- a/proxmox/services/gen-env.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash -set -uo pipefail - -if [ $# -eq 0 ]; then - echo "Usage: gen-env.sh " - exit 1 -fi - -PREFIX="homelab" -out="" - -for var in $(sed -n 's/.*\${{\([A-Z_]*\)}}.*/\1/p' "$1" | grep -v OVERLAY_NETWORK | sort -u); do - val=$(pass "$PREFIX/$var" 2>/dev/null) || continue - out+="$var=$val " -done - -echo "$out"