generated from coop-cloud/example
Benjamin Lyng Jørgensen
c05f3c615a
Some checks failed
continuous-integration/drone/pr Build is failing
150 lines
4.3 KiB
Bash
150 lines
4.3 KiB
Bash
export ENTRYPOINT_CONF_VERSION=v6
|
|
export ENTRYPOINT_STREAMING_CONF_VERSION=v1
|
|
|
|
grep=grep
|
|
if ! $grep -P --version 2>/dev/null 1>/dev/null
|
|
then
|
|
echo "$grep doesn't have -P option, trying ggrep"
|
|
grep=ggrep
|
|
if ! $grep -P --version 2>/dev/null 1>/dev/null
|
|
then
|
|
echo "If you're on a mac try running \`brew install grep\`"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
file_env() {
|
|
local var="$1"
|
|
local fileVar="${var}_FILE"
|
|
local def="${2:-}"
|
|
|
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
|
exit 1
|
|
fi
|
|
|
|
local val="$def"
|
|
if [ "${!var:-}" ]; then
|
|
val="${!var}"
|
|
elif [ "${!fileVar:-}" ]; then
|
|
val="$(< "${!fileVar}")"
|
|
fi
|
|
|
|
declare -x -g "$var"="$val"
|
|
unset "$fileVar"
|
|
}
|
|
|
|
environment() {
|
|
# for sidekiq service bundle exec env var threading
|
|
file_env "DB_PASS"
|
|
file_env "OTP_SECRET"
|
|
file_env "SECRET_KEY_BASE"
|
|
file_env "VAPID_PRIVATE_KEY"
|
|
file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
|
file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
|
file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
|
|
|
declare -x RAILS_ENV=production
|
|
}
|
|
|
|
assets() {
|
|
environment
|
|
|
|
bundle exec rails assets:precompile
|
|
}
|
|
|
|
admin() {
|
|
environment
|
|
|
|
bin/tootctl accounts create "$1" --email "$2" --confirmed --role Owner
|
|
bin/tootctl accounts approve "$1"
|
|
}
|
|
|
|
shell() {
|
|
## Run a shell with proper environment
|
|
environment
|
|
bash $@
|
|
}
|
|
|
|
secrets() {
|
|
set -e
|
|
|
|
docker context use default > /dev/null 2>&1
|
|
|
|
MASTO_VERSION="v4.3.8"
|
|
|
|
echo "Generating secrets for a new Mastodon deployment..."
|
|
echo ""
|
|
|
|
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rails secret)
|
|
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
|
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
|
echo ""
|
|
|
|
OTP_SECRET=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rails secret)
|
|
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
|
echo "OTP_SECRET = $OTP_SECRET"
|
|
echo ""
|
|
|
|
docker run \
|
|
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
|
-e OTP_SECRET="$OTP_SECRET" \
|
|
--rm tootsuite/mastodon:$MASTO_VERSION \
|
|
bundle exec rake mastodon:webpush:generate_vapid_key \
|
|
> /tmp/key.txt
|
|
|
|
VAPID_PRIVATE_KEY=$($grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
|
VAPID_PUBLIC_KEY=$($grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
|
rm -rf /tmp/key.txt
|
|
|
|
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
|
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
|
|
echo ""
|
|
|
|
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
|
|
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
|
|
echo ""
|
|
|
|
abra app secret generate "$APP_NAME" db_password v1
|
|
echo ""
|
|
|
|
echo "don't forget to insert your smtp_password! your deployment won't work without it"
|
|
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
|
|
echo ""
|
|
}
|
|
|
|
secrets_activerecord() {
|
|
set -e
|
|
|
|
docker context use default > /dev/null 2>&1
|
|
|
|
MASTO_VERSION="v4.3.8"
|
|
|
|
echo "Generating activerecord secrets for an updated deployment"
|
|
echo ""
|
|
|
|
docker run \
|
|
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
|
-e OTP_SECRET="$OTP_SECRET" \
|
|
--rm tootsuite/mastodon:$MASTO_VERSION \
|
|
bundle exec rake db:encryption:init \
|
|
> /tmp/activerecord.txt
|
|
|
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
|
abra app secret insert "$APP_NAME" are_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
|
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
|
echo ""
|
|
|
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$($grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
|
|
abra app secret insert "$APP_NAME" are_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
|
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
|
echo ""
|
|
|
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
|
abra app secret insert "$APP_NAME" are_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
|
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
|
echo ""
|
|
|
|
rm -rf /tmp/activerecord.txt
|
|
}
|