Improve abra.sh and use DB_PASS_FILE

2024-01-11 21:32:36 -03:00 · 2024-01-11 21:32:36 -03:00 · 1155b3cc50
commit 1155b3cc50
parent 66adadea97
3 changed files with 81 additions and 59 deletions
--- a/abra.sh
+++ b/abra.sh
@ -2,69 +2,91 @@

 export ENTRYPOINT_CONF_VERSION=v7

-assets() {
-  export OTP_SECRET=$(cat /run/secrets/otp_secret)
-  export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-  export DB_PASS=$(cat /run/secrets/db_password)
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"

-  RAILS_ENV=production bundle exec rails assets:precompile
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  declare -x -g "$var"="$val"
+  unset "$fileVar"
 }

-setup() {
-  export OTP_SECRET=$(cat /run/secrets/otp_secret)
-  export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-  export DB_PASS=$(cat /run/secrets/db_password)
+environment() {
+    # for sidekiq service bundle exec env var threading
+    file_env "OTP_SECRET"
+    file_env "SECRET_KEY_BASE"
+    file_env "DB_PASS"
+    file_env "SMTP_PASSWORD"
+    file_env "VAPID_PRIVATE_KEY"

-  RAILS_ENV=production bundle exec rake db:setup
+    declare -x RAILS_ENV=production
 }

-admin() {
-  export OTP_SECRET=$(cat /run/secrets/otp_secret)
-  export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-  export DB_PASS=$(cat /run/secrets/db_password)
-
-  RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin
+setup_admin() {
+    ## Create an admin user
+    environment
+    accounts create "$1" --email "$2" --confirmed --role admin
 }

-secrets() {
-  docker context use default > /dev/null 2>&1
-
-  echo "Generating secrets for new Hometown deployment..."
-  echo ""
-
-  SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
-  abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
-  echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
-  echo ""
-
-  OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
-  abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
-  echo "OTP_SECRET = $OTP_SECRET"
-  echo ""
-
-  docker run \
-    -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
-    -e OTP_SECRET="$OTP_SECRET" \
-    --rm tootsuite/mastodon:v3.4.0 \
-    bundle exec rake mastodon:webpush:generate_vapid_key \
-    > /tmp/key.txt
-
-  VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
-  VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
-  rm -rf /tmp/key.txt
-
-  echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
-  echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
-  echo ""
-
-  abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
-  echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
-  echo ""
-
-  abra app secret generate "$APP_NAME" db_password v1
-  echo ""
-
-  echo "don't forget to insert your smtp_password! your deployment won't work without it"
-  echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
-  echo ""
+shell() {
+    ## Run a shell with proper environment
+    environment
+    bash $@
+}
+
+generate_secrets() {
+    ## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
+    ## your new instance (and create the secrets on target app).
+    docker context use default > /dev/null 2>&1
+
+    echo "Generating secrets for new Hometown deployment..."
+    echo ""
+
+    SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
+    abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
+    echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
+    echo ""
+
+    OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
+    abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
+    echo "OTP_SECRET = $OTP_SECRET"
+    echo ""
+
+    docker run \
+           -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
+           -e OTP_SECRET="$OTP_SECRET" \
+           --rm tootsuite/mastodon:v3.4.0 \
+           bundle exec rake mastodon:webpush:generate_vapid_key \
+           > /tmp/key.txt
+
+    VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
+    VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
+    rm -rf /tmp/key.txt
+
+    echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
+    echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
+    echo ""
+
+    abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
+    echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
+    echo ""
+
+    abra app secret generate "$APP_NAME" db_password v1
+    echo ""
+
+    echo "don't forget to insert your smtp_password! your deployment won't work without it"
+    echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
+    echo ""
 }
--- a/compose.yml
+++ b/compose.yml
@ -45,6 +45,7 @@ services:
      - DB_NAME
      - DB_PORT
      - DB_USER
+      - DB_PASS_FILE=/run/secrets/db_password
      - DEFAULT_LOCALE
      - DISALLOW_UNAUTHENTICATED_API_ACCESS
      - EMAIL_DOMAIN_ALLOWLIST
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -23,9 +23,8 @@ file_env() {
  unset "$fileVar"
 }

-export DB_PASS=$(cat /run/secrets/db_password)
-
 # for sidekiq service bundle exec env var threading
+file_env "DB_PASS"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "SMTP_PASSWORD"