pk910 · zedanazad43 · Mar 12, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -48,4 +48,5 @@ USER nginx
 WORKDIR /data
 
 EXPOSE 8080
+HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 CMD ["node", "-e", "fetch('http://127.0.0.1:8080/api/getVersion').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
 ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/docs/ZEDANAZAD43_FORK_QUICKSTART.md b/docs/ZEDANAZAD43_FORK_QUICKSTART.md
@@ -0,0 +1,51 @@
+# zedanazad43 Fork Quickstart
+
+This fork can now be operated with sensitive values supplied through environment variables instead of storing them in `faucet-config.yaml`.
+
+## Recommended operator flow
+
+1. Copy the example config:
+   - `cp faucet-config.example.yaml faucet-config.yaml`
+2. Keep non-secret faucet behavior in YAML.
+3. Inject secrets and deployment-specific values through environment variables.
+
+## Supported environment overrides
+
+- `POWFAUCET_SECRET`
+- `POWFAUCET_RPC_HOST`
+- `POWFAUCET_WALLET_KEY`
+- `POWFAUCET_CHAIN_ID`
+- `POWFAUCET_TITLE`
+- `POWFAUCET_IMAGE`
+- `POWFAUCET_COIN_SYMBOL`
+- `POWFAUCET_COIN_TYPE`
+- `POWFAUCET_COIN_CONTRACT`
+- `POWFAUCET_TX_EXPLORER`
+- `POWFAUCET_CAPTCHA_SITE_KEY`
+- `POWFAUCET_CAPTCHA_SECRET`
+- `POWFAUCET_GITHUB_CLIENT_ID`
+- `POWFAUCET_GITHUB_CLIENT_SECRET`
+- `POWFAUCET_CORS_ALLOW_ORIGIN`
+
+Docker-specific runtime overrides remain supported:
+
+- `FAUCET_SERVER_PORT`
+- `FAUCET_HTTP_PROXY_OFFSET`
+
+## Example
+
+```powershell
+$env:POWFAUCET_SECRET = "replace-with-random-secret"
+$env:POWFAUCET_RPC_HOST = "https://sepolia.infura.io/v3/YOUR_KEY"
+$env:POWFAUCET_WALLET_KEY = "hex-private-key-without-0x"
+$env:POWFAUCET_CORS_ALLOW_ORIGIN = "https://your-faucet-domain.example"
+npm start
+```
+
+## Container healthcheck
+
+The Docker image now exposes a built-in healthcheck against:
+
+- `GET /api/getVersion`
+
+This makes it easier to run the faucet behind Fly.io, Docker Compose, Kubernetes, or other orchestrators.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -10,8 +10,8 @@
     "build-client": "cd faucet-client && node build-client.js",
     "start": "tsc && node dist/app.js",
     "bundle": "tsc && webpack --mode production",
-    "test": "tsc -p tsconfig.test.json && cp -r libs dist-test/ && cp -r static dist-test/ && NODE_OPTIONS='--experimental-vm-modules' NODE_NO_WARNINGS=1 npx mocha --exit 'dist-test/tests/**/*.js'",
-    "test-coverage": "tsc -p tsconfig.test.json && cp -r libs dist-test/ && cp -r static dist-test/ && NODE_OPTIONS='--experimental-vm-modules' NODE_NO_WARNINGS=1 npx c8 --reporter=text --reporter=lcov npx mocha --exit 'dist-test/tests/**/*.js'"
+    "test": "tsc -p tsconfig.test.json && shx cp -r libs dist-test/ && shx cp -r static dist-test/ && cross-env NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 mocha --exit \"dist-test/tests/**/*.js\"",
+    "test-coverage": "tsc -p tsconfig.test.json && shx cp -r libs dist-test/ && shx cp -r static dist-test/ && cross-env NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 c8 --reporter=text --reporter=lcov mocha --exit \"dist-test/tests/**/*.js\""
   },
   "author": "pk910 (https://pk910.de)",
   "license": "AGPL-3.0",
@@ -51,6 +51,8 @@
     "mocha": "^11.0.1",
     "mysql-memory-server": "^1.3.0",
     "nyc": "^18.0.0",
+    "cross-env": "^7.0.3",
+    "shx": "^0.3.4",
     "sinon": "^21.0.0",
     "ts-loader": "^9.5.1",
     "ts-node": "^10.9.2",

diff --git a/src/config/FaucetConfig.ts b/src/config/FaucetConfig.ts
@@ -7,6 +7,8 @@ import { ServiceManager } from '../common/ServiceManager.js';
 import { FaucetLogLevel, FaucetProcess } from '../common/FaucetProcess.js';
 import { IConfigSchema } from './ConfigSchema.js';
 import { getDefaultConfig } from './DefaultConfig.js';
+import { ICaptchaConfig } from '../modules/captcha/CaptchaConfig.js';
+import { IGithubConfig } from '../modules/github/GithubConfig.js';
 
 export let cliArgs = (function() {
   let args = {};
@@ -116,13 +118,64 @@ export function loadFaucetConfig(loadDefaultsOnly?: boolean) {
     faucetVersion: faucetVersion,
   } as any);
 
+  applyEnvOverrides();
+}
+
+function applyEnvOverrides() {
   // Apply environment variable overrides (used by Docker image with internal nginx)
   if(process.env.FAUCET_SERVER_PORT) {
     faucetConfig.serverPort = parseInt(process.env.FAUCET_SERVER_PORT, 10);
   }
   if(process.env.FAUCET_HTTP_PROXY_OFFSET) {
     faucetConfig.httpProxyCount += parseInt(process.env.FAUCET_HTTP_PROXY_OFFSET, 10);
   }
+
+  const envMap: {[key: string]: (value: string) => void} = {
+    POWFAUCET_SECRET: (value) => faucetConfig.faucetSecret = value,
+    POWFAUCET_RPC_HOST: (value) => faucetConfig.ethRpcHost = value,
+    POWFAUCET_WALLET_KEY: (value) => faucetConfig.ethWalletKey = value,
+    POWFAUCET_CHAIN_ID: (value) => faucetConfig.ethChainId = parseInt(value, 10),
+    POWFAUCET_TITLE: (value) => faucetConfig.faucetTitle = value,
+    POWFAUCET_IMAGE: (value) => faucetConfig.faucetImage = value,
+    POWFAUCET_COIN_SYMBOL: (value) => faucetConfig.faucetCoinSymbol = value,
+    POWFAUCET_COIN_TYPE: (value) => faucetConfig.faucetCoinType = value as any,
+    POWFAUCET_COIN_CONTRACT: (value) => faucetConfig.faucetCoinContract = value,
+    POWFAUCET_TX_EXPLORER: (value) => faucetConfig.ethTxExplorerLink = value,
+    POWFAUCET_CAPTCHA_SITE_KEY: (value) => {
+      faucetConfig.modules = faucetConfig.modules || {};
+      const captchaConfig = ((faucetConfig.modules.captcha || { enabled: false }) as ICaptchaConfig);
+      captchaConfig.siteKey = value;
+      faucetConfig.modules.captcha = captchaConfig;
+    },
+    POWFAUCET_CAPTCHA_SECRET: (value) => {
+      faucetConfig.modules = faucetConfig.modules || {};
+      const captchaConfig = ((faucetConfig.modules.captcha || { enabled: false }) as ICaptchaConfig);
+      captchaConfig.secret = value;
+      faucetConfig.modules.captcha = captchaConfig;
+    },
+    POWFAUCET_GITHUB_CLIENT_ID: (value) => {
+      faucetConfig.modules = faucetConfig.modules || {};
+      const githubConfig = ((faucetConfig.modules.github || { enabled: false }) as IGithubConfig);
+      githubConfig.appClientId = value;
+      faucetConfig.modules.github = githubConfig;
+    },
+    POWFAUCET_GITHUB_CLIENT_SECRET: (value) => {
+      faucetConfig.modules = faucetConfig.modules || {};
+      const githubConfig = ((faucetConfig.modules.github || { enabled: false }) as IGithubConfig);
+      githubConfig.appSecret = value;
+      faucetConfig.modules.github = githubConfig;
+    },
+    POWFAUCET_CORS_ALLOW_ORIGIN: (value) => {
+      faucetConfig.corsAllowOrigin = value.split(",").map((origin) => origin.trim()).filter(Boolean);
+    },
+  };
+
+  Object.keys(envMap).forEach((envKey) => {
+    const value = process.env[envKey];
+    if(value !== undefined && value !== "") {
+      envMap[envKey](value);
+    }
+  });
 }
 
 export function resolveRelativePath(inputPath: string, customBasePath?: string): string {

diff --git a/tests/FaucetConfig.spec.ts b/tests/FaucetConfig.spec.ts
@@ -0,0 +1,28 @@
+import 'mocha';
+import { expect } from 'chai';
+import { faucetConfig, loadFaucetConfig } from '../src/config/FaucetConfig.js';
+import { ICaptchaConfig } from '../src/modules/captcha/CaptchaConfig.js';
+
+describe('FaucetConfig environment overrides', () => {
+  const originalEnv = { ...process.env };
+
+  afterEach(() => {
+    process.env = { ...originalEnv };
+  });
+
+  it('applies sensitive config overrides from environment variables', () => {
+    process.env.POWFAUCET_SECRET = 'env-secret';
+    process.env.POWFAUCET_RPC_HOST = 'https://rpc.example.org';
+    process.env.POWFAUCET_WALLET_KEY = 'abc123';
+    process.env.POWFAUCET_CORS_ALLOW_ORIGIN = 'https://a.example, https://b.example';
+    process.env.POWFAUCET_CAPTCHA_SECRET = 'captcha-secret';
+
+    loadFaucetConfig(true);
+
+    expect(faucetConfig.faucetSecret).to.equal('env-secret');
+    expect(faucetConfig.ethRpcHost).to.equal('https://rpc.example.org');
+    expect(faucetConfig.ethWalletKey).to.equal('abc123');
+    expect(faucetConfig.corsAllowOrigin).to.deep.equal(['https://a.example', 'https://b.example']);
+    expect((faucetConfig.modules.captcha as ICaptchaConfig).secret).to.equal('captcha-secret');
+  });
+});