diff --git a/abra.sh b/abra.sh index ba25834..c837be5 100644 --- a/abra.sh +++ b/abra.sh @@ -2,69 +2,91 @@ export ENTRYPOINT_CONF_VERSION=v7 -assets() { - export OTP_SECRET=$(cat /run/secrets/otp_secret) - export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) - export DB_PASS=$(cat /run/secrets/db_password) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" - RAILS_ENV=production bundle exec rails assets:precompile + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + + declare -x -g "$var"="$val" + unset "$fileVar" } -setup() { - export OTP_SECRET=$(cat /run/secrets/otp_secret) - export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) - export DB_PASS=$(cat /run/secrets/db_password) +environment() { + # for sidekiq service bundle exec env var threading + file_env "OTP_SECRET" + file_env "SECRET_KEY_BASE" + file_env "DB_PASS" + file_env "SMTP_PASSWORD" + file_env "VAPID_PRIVATE_KEY" - RAILS_ENV=production bundle exec rake db:setup + declare -x RAILS_ENV=production } -admin() { - export OTP_SECRET=$(cat /run/secrets/otp_secret) - export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) - export DB_PASS=$(cat /run/secrets/db_password) - - RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin +setup_admin() { + ## Create an admin user + environment + accounts create "$1" --email "$2" --confirmed --role admin } -secrets() { - docker context use default > /dev/null 2>&1 - - echo "Generating secrets for new Hometown deployment..." - echo "" - - SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret) - abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE" - echo "SECRET_KEY_BASE = $SECRET_KEY_BASE" - echo "" - - OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret) - abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET" - echo "OTP_SECRET = $OTP_SECRET" - echo "" - - docker run \ - -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \ - -e OTP_SECRET="$OTP_SECRET" \ - --rm tootsuite/mastodon:v3.4.0 \ - bundle exec rake mastodon:webpush:generate_vapid_key \ - > /tmp/key.txt - - VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt") - VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt") - rm -rf /tmp/key.txt - - echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY" - echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!" - echo "" - - abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY" - echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY" - echo "" - - abra app secret generate "$APP_NAME" db_password v1 - echo "" - - echo "don't forget to insert your smtp_password! your deployment won't work without it" - echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\"" - echo "" +shell() { + ## Run a shell with proper environment + environment + bash $@ +} + +generate_secrets() { + ## Run `abra app cmd -l generate_secrets` to use Docker to generate secrets you'll need to deploy + ## your new instance (and create the secrets on target app). + docker context use default > /dev/null 2>&1 + + echo "Generating secrets for new Hometown deployment..." + echo "" + + SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret) + abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE" + echo "SECRET_KEY_BASE = $SECRET_KEY_BASE" + echo "" + + OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret) + abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET" + echo "OTP_SECRET = $OTP_SECRET" + echo "" + + docker run \ + -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \ + -e OTP_SECRET="$OTP_SECRET" \ + --rm tootsuite/mastodon:v3.4.0 \ + bundle exec rake mastodon:webpush:generate_vapid_key \ + > /tmp/key.txt + + VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt") + VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt") + rm -rf /tmp/key.txt + + echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY" + echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!" + echo "" + + abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY" + echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY" + echo "" + + abra app secret generate "$APP_NAME" db_password v1 + echo "" + + echo "don't forget to insert your smtp_password! your deployment won't work without it" + echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\"" + echo "" } diff --git a/compose.yml b/compose.yml index 946a707..7ba29d7 100644 --- a/compose.yml +++ b/compose.yml @@ -45,6 +45,7 @@ services: - DB_NAME - DB_PORT - DB_USER + - DB_PASS_FILE=/run/secrets/db_password - DEFAULT_LOCALE - DISALLOW_UNAUTHENTICATED_API_ACCESS - EMAIL_DOMAIN_ALLOWLIST diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 9d354ac..fb0b345 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -23,9 +23,8 @@ file_env() { unset "$fileVar" } -export DB_PASS=$(cat /run/secrets/db_password) - # for sidekiq service bundle exec env var threading +file_env "DB_PASS" file_env "OTP_SECRET" file_env "SECRET_KEY_BASE" file_env "SMTP_PASSWORD"