Improve abra.sh and use DB_PASS_FILE
This commit is contained in:
parent
66adadea97
commit
1155b3cc50
136
abra.sh
136
abra.sh
|
@ -2,69 +2,91 @@
|
||||||
|
|
||||||
export ENTRYPOINT_CONF_VERSION=v7
|
export ENTRYPOINT_CONF_VERSION=v7
|
||||||
|
|
||||||
assets() {
|
file_env() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
local var="$1"
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
local fileVar="${var}_FILE"
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
local def="${2:-}"
|
||||||
|
|
||||||
RAILS_ENV=production bundle exec rails assets:precompile
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare -x -g "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
}
|
}
|
||||||
|
|
||||||
setup() {
|
environment() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
# for sidekiq service bundle exec env var threading
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
file_env "OTP_SECRET"
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
file_env "SECRET_KEY_BASE"
|
||||||
|
file_env "DB_PASS"
|
||||||
|
file_env "SMTP_PASSWORD"
|
||||||
|
file_env "VAPID_PRIVATE_KEY"
|
||||||
|
|
||||||
RAILS_ENV=production bundle exec rake db:setup
|
declare -x RAILS_ENV=production
|
||||||
}
|
}
|
||||||
|
|
||||||
admin() {
|
setup_admin() {
|
||||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
## Create an admin user
|
||||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
environment
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
accounts create "$1" --email "$2" --confirmed --role admin
|
||||||
|
|
||||||
RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin
|
|
||||||
}
|
}
|
||||||
|
|
||||||
secrets() {
|
shell() {
|
||||||
docker context use default > /dev/null 2>&1
|
## Run a shell with proper environment
|
||||||
|
environment
|
||||||
echo "Generating secrets for new Hometown deployment..."
|
bash $@
|
||||||
echo ""
|
}
|
||||||
|
|
||||||
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
generate_secrets() {
|
||||||
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
|
||||||
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
## your new instance (and create the secrets on target app).
|
||||||
echo ""
|
docker context use default > /dev/null 2>&1
|
||||||
|
|
||||||
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
echo "Generating secrets for new Hometown deployment..."
|
||||||
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
echo ""
|
||||||
echo "OTP_SECRET = $OTP_SECRET"
|
|
||||||
echo ""
|
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||||
|
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
||||||
docker run \
|
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
||||||
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
echo ""
|
||||||
-e OTP_SECRET="$OTP_SECRET" \
|
|
||||||
--rm tootsuite/mastodon:v3.4.0 \
|
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||||
bundle exec rake mastodon:webpush:generate_vapid_key \
|
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
||||||
> /tmp/key.txt
|
echo "OTP_SECRET = $OTP_SECRET"
|
||||||
|
echo ""
|
||||||
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
|
||||||
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
docker run \
|
||||||
rm -rf /tmp/key.txt
|
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
||||||
|
-e OTP_SECRET="$OTP_SECRET" \
|
||||||
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
--rm tootsuite/mastodon:v3.4.0 \
|
||||||
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
|
bundle exec rake mastodon:webpush:generate_vapid_key \
|
||||||
echo ""
|
> /tmp/key.txt
|
||||||
|
|
||||||
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
|
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
||||||
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
|
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
||||||
echo ""
|
rm -rf /tmp/key.txt
|
||||||
|
|
||||||
abra app secret generate "$APP_NAME" db_password v1
|
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
||||||
echo ""
|
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
|
||||||
|
echo ""
|
||||||
echo "don't forget to insert your smtp_password! your deployment won't work without it"
|
|
||||||
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
|
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
|
||||||
echo ""
|
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
abra app secret generate "$APP_NAME" db_password v1
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "don't forget to insert your smtp_password! your deployment won't work without it"
|
||||||
|
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
|
||||||
|
echo ""
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,6 +45,7 @@ services:
|
||||||
- DB_NAME
|
- DB_NAME
|
||||||
- DB_PORT
|
- DB_PORT
|
||||||
- DB_USER
|
- DB_USER
|
||||||
|
- DB_PASS_FILE=/run/secrets/db_password
|
||||||
- DEFAULT_LOCALE
|
- DEFAULT_LOCALE
|
||||||
- DISALLOW_UNAUTHENTICATED_API_ACCESS
|
- DISALLOW_UNAUTHENTICATED_API_ACCESS
|
||||||
- EMAIL_DOMAIN_ALLOWLIST
|
- EMAIL_DOMAIN_ALLOWLIST
|
||||||
|
|
|
@ -23,9 +23,8 @@ file_env() {
|
||||||
unset "$fileVar"
|
unset "$fileVar"
|
||||||
}
|
}
|
||||||
|
|
||||||
export DB_PASS=$(cat /run/secrets/db_password)
|
|
||||||
|
|
||||||
# for sidekiq service bundle exec env var threading
|
# for sidekiq service bundle exec env var threading
|
||||||
|
file_env "DB_PASS"
|
||||||
file_env "OTP_SECRET"
|
file_env "OTP_SECRET"
|
||||||
file_env "SECRET_KEY_BASE"
|
file_env "SECRET_KEY_BASE"
|
||||||
file_env "SMTP_PASSWORD"
|
file_env "SMTP_PASSWORD"
|
||||||
|
|
Loading…
Reference in New Issue