cas/glitch-soc
cas/glitch-soc
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update secrets collection for latest mastodon

Browse Source
This commit is contained in:
Cassowary 2024-07-04 18:12:36 -07:00
parent cf744e2266
commit 64b237743f
3 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env.sample
View File

@ -77,6 +77,9 @@ SECRET_OTP_SECRET_VERSION=v1
SECRET_VAPID_PRIVATE_KEY_VERSION=v1 SECRET_VAPID_PRIVATE_KEY_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1 SECRET_SMTP_PASSWORD_VERSION=v1
SECRET_ACTIVE_REC_DET_KEY_VERSION=v1
SECRET_ACTIVE_REC_SALT_VERSION=v1
SECRET_ACTIVE_REC_PRIM_KEY_VERSION=v1
# Web Push # Web Push
# ======== # ========

4
abra.sh
View File

@ -68,7 +68,7 @@ generate_secrets() {
docker run \ docker run \
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \ -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
-e OTP_SECRET="$OTP_SECRET" \ -e OTP_SECRET="$OTP_SECRET" \
--rm tootsuite/mastodon:v3.4.0 \ --rm tootsuite/mastodon:latest \
bundle exec rake mastodon:webpush:generate_vapid_key \ bundle exec rake mastodon:webpush:generate_vapid_key \
> /tmp/key.txt > /tmp/key.txt
@ -90,4 +90,6 @@ generate_secrets() {
echo "don't forget to insert your smtp_password! your deployment won't work without it" echo "don't forget to insert your smtp_password! your deployment won't work without it"
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\"" echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
echo "" echo ""
echo "FIXME need to generate the ACTIVE_RECORD keys too with bin/rails db:encryption:init"
} }

22
compose.yml
View File

@ -24,8 +24,8 @@ services:
- source: entrypoint_sh - source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh target: /usr/local/bin/entrypoint.sh
mode: 0555 mode: 0555
entrypoint: &entrypoint /usr/local/bin/entrypoint.sh # entrypoint: &entrypoint /usr/local/bin/entrypoint.sh
# entrypoint: &entrypoint ['tail', '-f', '/dev/null'] entrypoint: &entrypoint ['tail', '-f', '/dev/null']
volumes: &appVolume volumes: &appVolume
- app:/opt/mastodon/public/system - app:/opt/mastodon/public/system
#healthcheck: #healthcheck:
@ -38,7 +38,10 @@ services:
- secret_key_base - secret_key_base
- smtp_password - smtp_password
- vapid_private_key - vapid_private_key
environment: &env - active_rec_det_key
- active_rec_salt
- active_rec_prim_key
environment: &env
- ALLOW_ACCESS_TO_HIDDEN_SERVICE - ALLOW_ACCESS_TO_HIDDEN_SERVICE
- ALTERNATE_DOMAINS - ALTERNATE_DOMAINS
- AUTHORIZED_FETCH - AUTHORIZED_FETCH
@ -161,6 +164,10 @@ services:
- VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key - VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
- VAPID_PUBLIC_KEY - VAPID_PUBLIC_KEY
- WEB_DOMAIN - WEB_DOMAIN
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/active_rec_det_key
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/active_rec_salt
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/active_rec_key
streaming: streaming:
image: yakumosaki/glitch-soc:latest image: yakumosaki/glitch-soc:latest
command: node ./streaming command: node ./streaming
@ -249,6 +256,15 @@ secrets:
smtp_password: smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true external: true
active_rec_det_key:
name: ${STACK_NAME}_active_rec_det_key_${SECRET_ACTIVE_REC_DET_KEY_VERSION}
external: true
active_rec_salt:
name: ${STACK_NAME}_active_rec_salt_${SECRET_ACTIVE_REC_SALT_VERSION}
external: true
active_rec_prim_key:
name: ${STACK_NAME}_active_rec_prim_key_${SECRET_ACTIVE_REC_PRIM_KEY_VERSION}
external: true
volumes: volumes:
app: app: