From 7f8d9c0843bdce53eed276d491bf4201fe4d3826 Mon Sep 17 00:00:00 2001
From: Nick Sellen <git@nicksellen.co.uk>
Date: Wed, 17 Jan 2024 18:41:14 +0000
Subject: [PATCH] Add vapid keys configuration

---
 .env.sample   |  5 +++++
 compose.yml   | 11 ++++++++++-
 entrypoint.sh |  1 +
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index 5e88fdb..441a40c 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,6 +5,7 @@ DOMAIN=karrot.example.com
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_SMTP_PASSWORD_VERSION=v1
+SECRET_VAPID_SECRET_KEY_VERSION=v1
 
 # account id for maxmind (for GeoIP)
 #MAXMIND_ACCOUNT_ID=
@@ -15,6 +16,10 @@ SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821
 
 FILE_UPLOAD_MAX_SIZE=10m
 
+# For web push set this, and the vapid private key secret
+# You need to generate a valid vapid keypair
+#VAPID_PUBLIC_KEY=
+
 # postal,smtp,console
 EMAIL_BACKEND=console
 
diff --git a/compose.yml b/compose.yml
index 4ca96d8..eb8e377 100644
--- a/compose.yml
+++ b/compose.yml
@@ -52,6 +52,7 @@ services:
       - secret_key
       - maxmind_license_key
       - smtp_password
+      - vapid_secret_key
     volumes:
       - "shiv_data:/root/.shiv"
       - "geoip_data:/var/lib/GeoIP"
@@ -92,6 +93,8 @@ services:
       - SMTP_USE_SSL
       - SMTP_USE_TLS
       - SMTP_USER
+      - VAPID_PUBLIC_KEY
+      - VAPID_SECRET_KEY_FILE=/run/secrets/vapid_secret_key
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
       interval: 10s
@@ -122,6 +125,7 @@ services:
       - db_password
       - secret_key
       - smtp_password
+      - vapid_secret_key
     environment:
       - DATABASE_CONN_MAX_AGE
       - DATABASE_HOST=db
@@ -152,7 +156,9 @@ services:
       - SMTP_USE_SSL
       - SMTP_USE_TLS
       - SMTP_USER
-  
+      - VAPID_PUBLIC_KEY
+      - VAPID_SECRET_KEY_FILE=/run/secrets/vapid_secret_key
+
   redis:
     image: "redis:6-alpine"
     command: ["redis-server", "--appendonly", "yes"]
@@ -211,6 +217,9 @@ secrets:
   smtp_password:
     external: true
     name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+  vapid_secret_key:
+    external: true
+    name: ${STACK_NAME}_vapid_secret_key_${SECRET_VAPID_SECRET_KEY_VERSION}
 
 volumes:
   shiv_data:
diff --git a/entrypoint.sh b/entrypoint.sh
index 8d3e29a..95261a6 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -27,5 +27,6 @@ file_env() {
 file_env DATABASE_PASSWORD
 file_env SECRET_KEY
 file_env SMTP_PASSWORD
+file_env VAPID_SECRET_KEY
 
 /docker-entrypoint.sh