Improve abra.sh and use DB_PASS_FILE
This commit is contained in:
parent
66adadea97
commit
1155b3cc50
60
abra.sh
60
abra.sh
|
@ -2,42 +2,64 @@
|
||||||
|
|
||||||
export ENTRYPOINT_CONF_VERSION=v7
|
export ENTRYPOINT_CONF_VERSION=v7
|
||||||
|
|
||||||
assets() {
|
file_env() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
local var="$1"
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
local fileVar="${var}_FILE"
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
local def="${2:-}"
|
||||||
|
|
||||||
RAILS_ENV=production bundle exec rails assets:precompile
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare -x -g "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
}
|
}
|
||||||
|
|
||||||
setup() {
|
environment() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
# for sidekiq service bundle exec env var threading
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
file_env "OTP_SECRET"
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
file_env "SECRET_KEY_BASE"
|
||||||
|
file_env "DB_PASS"
|
||||||
|
file_env "SMTP_PASSWORD"
|
||||||
|
file_env "VAPID_PRIVATE_KEY"
|
||||||
|
|
||||||
RAILS_ENV=production bundle exec rake db:setup
|
declare -x RAILS_ENV=production
|
||||||
}
|
}
|
||||||
|
|
||||||
admin() {
|
setup_admin() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
## Create an admin user
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
environment
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
accounts create "$1" --email "$2" --confirmed --role admin
|
||||||
|
|
||||||
RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin
|
|
||||||
}
|
}
|
||||||
|
|
||||||
secrets() {
|
shell() {
|
||||||
|
## Run a shell with proper environment
|
||||||
|
environment
|
||||||
|
bash $@
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_secrets() {
|
||||||
|
## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
|
||||||
|
## your new instance (and create the secrets on target app).
|
||||||
docker context use default > /dev/null 2>&1
|
docker context use default > /dev/null 2>&1
|
||||||
|
|
||||||
echo "Generating secrets for new Hometown deployment..."
|
echo "Generating secrets for new Hometown deployment..."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||||
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
||||||
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||||
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
||||||
echo "OTP_SECRET = $OTP_SECRET"
|
echo "OTP_SECRET = $OTP_SECRET"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
|
@ -45,6 +45,7 @@ services:
|
||||||
- DB_NAME
|
- DB_NAME
|
||||||
- DB_PORT
|
- DB_PORT
|
||||||
- DB_USER
|
- DB_USER
|
||||||
|
- DB_PASS_FILE=/run/secrets/db_password
|
||||||
- DEFAULT_LOCALE
|
- DEFAULT_LOCALE
|
||||||
- DISALLOW_UNAUTHENTICATED_API_ACCESS
|
- DISALLOW_UNAUTHENTICATED_API_ACCESS
|
||||||
- EMAIL_DOMAIN_ALLOWLIST
|
- EMAIL_DOMAIN_ALLOWLIST
|
||||||
|
|
|
@ -23,9 +23,8 @@ file_env() {
|
||||||
unset "$fileVar"
|
unset "$fileVar"
|
||||||
}
|
}
|
||||||
|
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
|
||||||
|
|
||||||
# for sidekiq service bundle exec env var threading
|
# for sidekiq service bundle exec env var threading
|
||||||
|
file_env "DB_PASS"
|
||||||
file_env "OTP_SECRET"
|
file_env "OTP_SECRET"
|
||||||
file_env "SECRET_KEY_BASE"
|
file_env "SECRET_KEY_BASE"
|
||||||
file_env "SMTP_PASSWORD"
|
file_env "SMTP_PASSWORD"
|
||||||
|
|
Loading…
Reference in New Issue