coop-cloud/hometown
coop-cloud
/
hometown
1
0
Fork 2
Code Issues 1 Pull Requests Projects Releases Activity

Improve abra.sh and use DB_PASS_FILE

This commit is contained in:
3wc 2024-01-11 21:32:36 -03:00
parent 66adadea97
commit 1155b3cc50
3 changed files with 81 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
abra.sh
View File

@ -2,69 +2,91 @@
export ENTRYPOINT_CONF_VERSION=v7 export ENTRYPOINT_CONF_VERSION=v7
assets() { file_env() {
export OTP_SECRET=$(cat /run/secrets/otp_secret) local var="$1"
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) local fileVar="${var}_FILE"
export DB_PASS=$(cat /run/secrets/db_password) local def="${2:-}"
RAILS_ENV=production bundle exec rails assets:precompile if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
declare -x -g "$var"="$val"
unset "$fileVar"
} }
setup() { environment() {
export OTP_SECRET=$(cat /run/secrets/otp_secret) # for sidekiq service bundle exec env var threading
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) file_env "OTP_SECRET"
export DB_PASS=$(cat /run/secrets/db_password) file_env "SECRET_KEY_BASE"
file_env "DB_PASS"
file_env "SMTP_PASSWORD"
file_env "VAPID_PRIVATE_KEY"
RAILS_ENV=production bundle exec rake db:setup declare -x RAILS_ENV=production
} }
admin() { setup_admin() {
export OTP_SECRET=$(cat /run/secrets/otp_secret) ## Create an admin user
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base) environment
export DB_PASS=$(cat /run/secrets/db_password) accounts create "$1" --email "$2" --confirmed --role admin
RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin
} }
secrets() { shell() {
docker context use default > /dev/null 2>&1 ## Run a shell with proper environment
environment
echo "Generating secrets for new Hometown deployment..." bash $@
echo "" }
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret) generate_secrets() {
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE" ## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE" ## your new instance (and create the secrets on target app).
echo "" docker context use default > /dev/null 2>&1
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret) echo "Generating secrets for new Hometown deployment..."
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET" echo ""
echo "OTP_SECRET = $OTP_SECRET"
echo "" SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
docker run \ echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \ echo ""
-e OTP_SECRET="$OTP_SECRET" \
--rm tootsuite/mastodon:v3.4.0 \ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
bundle exec rake mastodon:webpush:generate_vapid_key \ abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
> /tmp/key.txt echo "OTP_SECRET = $OTP_SECRET"
echo ""
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt") docker run \
rm -rf /tmp/key.txt -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
-e OTP_SECRET="$OTP_SECRET" \
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY" --rm tootsuite/mastodon:v3.4.0 \
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!" bundle exec rake mastodon:webpush:generate_vapid_key \
echo "" > /tmp/key.txt
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY" VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY" VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
echo "" rm -rf /tmp/key.txt
abra app secret generate "$APP_NAME" db_password v1 echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
echo "" echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
echo ""
echo "don't forget to insert your smtp_password! your deployment won't work without it"
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\"" abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
echo "" echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
echo ""
abra app secret generate "$APP_NAME" db_password v1
echo ""
echo "don't forget to insert your smtp_password! your deployment won't work without it"
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
echo ""
} }

1
compose.yml
View File

@ -45,6 +45,7 @@ services:
- DB_NAME - DB_NAME
- DB_PORT - DB_PORT
- DB_USER - DB_USER
- DB_PASS_FILE=/run/secrets/db_password
- DEFAULT_LOCALE - DEFAULT_LOCALE
- DISALLOW_UNAUTHENTICATED_API_ACCESS - DISALLOW_UNAUTHENTICATED_API_ACCESS
- EMAIL_DOMAIN_ALLOWLIST - EMAIL_DOMAIN_ALLOWLIST

3
entrypoint.sh.tmpl
View File

@ -23,9 +23,8 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
export DB_PASS=$(cat /run/secrets/db_password)
# for sidekiq service bundle exec env var threading # for sidekiq service bundle exec env var threading
file_env "DB_PASS"
file_env "OTP_SECRET" file_env "OTP_SECRET"
file_env "SECRET_KEY_BASE" file_env "SECRET_KEY_BASE"
file_env "SMTP_PASSWORD" file_env "SMTP_PASSWORD"