env/mastodon/setup

#!/bin/bash
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
info() { echo >&2 "$@" ; }

DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production
source ./env.production
source "../env.smtp" 2>/dev/null

mkdir -p ../data/mastodon/system
chmod 777 ../data/mastodon/system

SECRETS="../data/mastodon/env.secrets"

if [ -r "$SECRETS" ]; then
	docker-compose up -d || die "unable to restart mastodon"
	exit 0
fi

# have to bring it all down before we touch the files
docker-compose down

OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"

# create the secrets file,
# along with some parameters that should be in the environment
mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
WEB_DOMAIN=$MASTODON_HOSTNAME
LOCAL_DOMAIN=$DOMAIN_NAME
OIDC_DISPLAY_NAME=$REALM
OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM
OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback
OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
SECRET_KEY_BASE=$(openssl rand -hex 32)
OTP_SECRET=$(openssl rand -hex 32)
EOF

if [ -n "$SMTP_SERVER" ]; then
	cat <<EOF >> "$SECRETS"
SMTP_SERVER=$SMTP_SERVER
SMTP_PORT=$SMTP_PORT
SMTP_LOGIN=$SMTP_USER
SMTP_PASSWORD=$SMTP_PASSWORD
SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
EOF
fi

info "mastodon: creating push keys"
docker-compose run --rm mastodon \
	rails mastodon:webpush:generate_vapid_key \
	>> "$SECRETS" \
|| die "unable to generate vapid key"

info "mastodon: setting up database"
docker-compose run --rm mastodon \
	rails db:setup \
|| die "unable to login"

source "$SECRETS"

info "mastodon: creating keycloak interface"
../keycloak/client-delete mastodon
../keycloak/client-create <<EOF || die "Unable to create keycloak client"
{
	"clientId": "mastodon",
	"rootUrl": "https://$MASTODON_HOSTNAME/",
	"adminUrl": "https://$MASTODON_HOSTNAME/",
	"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],
	"webOrigins": [ "https://$MASTODON_HOSTNAME" ],
	"clientAuthenticatorType": "client-secret",
	"secret": "$OIDC_CLIENT_SECRET"
}
EOF

docker-compose up -d || die "mastodon: unable to start container"
overhaul the env.production files, add more nginx wrappers, split things into setup scripts 3 years ago			`#!/bin/bash`
			`die() { echo >&2 "ERROR: $@" ; exit 1 ; }`
			`info() { echo >&2 "$@" ; }`

			`DIRNAME="$(dirname $0)"`
			`cd "$DIRNAME"`
			`source ../env.production`
			`source ./env.production`
smtp: config keycloak, mastodon, matrix, and mobilizon 3 years ago			`source "../env.smtp" 2>/dev/null`
overhaul the env.production files, add more nginx wrappers, split things into setup scripts 3 years ago
data: relocate all data volumes to separate directory 3 years ago			`mkdir -p ../data/mastodon/system`
			`chmod 777 ../data/mastodon/system`
mastodon: setup streaming and oicd login 3 years ago
move env.secrets into data/ subdir 3 years ago			`SECRETS="../data/mastodon/env.secrets"`

			`if [ -r "$SECRETS" ]; then`
setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`docker-compose up -d \|\| die "unable to restart mastodon"`
			`exit 0`
			`fi`
mastodon: setup streaming and oicd login 3 years ago
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`# have to bring it all down before we touch the files`
			`docker-compose down`

			`OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"`

setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`# create the secrets file,`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`# along with some parameters that should be in the environment`
move env.secrets into data/ subdir 3 years ago			`mkdir -p "$(dirname "$SECRETS")"`
			`cat <<EOF > "$SECRETS"`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`# DO NOT CHECK IN`
mastodon: split local domain and web domain 3 years ago			`WEB_DOMAIN=$MASTODON_HOSTNAME`
			`LOCAL_DOMAIN=$DOMAIN_NAME`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`OIDC_DISPLAY_NAME=$REALM`
			`OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM`
			`OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback`
			`OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET`
			`SECRET_KEY_BASE=$(openssl rand -hex 32)`
			`OTP_SECRET=$(openssl rand -hex 32)`
			`EOF`
mastodon: setup streaming and oicd login 3 years ago
smtp: config keycloak, mastodon, matrix, and mobilizon 3 years ago			`if [ -n "$SMTP_SERVER" ]; then`
			`cat <<EOF >> "$SECRETS"`
			`SMTP_SERVER=$SMTP_SERVER`
			`SMTP_PORT=$SMTP_PORT`
			`SMTP_LOGIN=$SMTP_USER`
			`SMTP_PASSWORD=$SMTP_PASSWORD`
			`SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME`
			`EOF`
			`fi`

setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`info "mastodon: creating push keys"`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`docker-compose run --rm mastodon \`
setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`rails mastodon:webpush:generate_vapid_key \`
move env.secrets into data/ subdir 3 years ago			`>> "$SECRETS" \`
mastodon: setup streaming and oicd login 3 years ago			`\|\| die "unable to generate vapid key"`

setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`info "mastodon: setting up database"`
			`docker-compose run --rm mastodon \`
			`rails db:setup \`
			`\|\| die "unable to login"`

move env.secrets into data/ subdir 3 years ago			`source "$SECRETS"`
overhaul the env.production files, add more nginx wrappers, split things into setup scripts 3 years ago
setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`info "mastodon: creating keycloak interface"`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`../keycloak/client-delete mastodon`
			`../keycloak/client-create <<EOF \|\| die "Unable to create keycloak client"`
mastodon: oidc almost works 3 years ago			`{`
			`"clientId": "mastodon",`
			`"rootUrl": "https://$MASTODON_HOSTNAME/",`
			`"adminUrl": "https://$MASTODON_HOSTNAME/",`
			`"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],`
			`"webOrigins": [ "https://$MASTODON_HOSTNAME" ],`
			`"clientAuthenticatorType": "client-secret",`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago			`"secret": "$OIDC_CLIENT_SECRET"`
mastodon: oidc almost works 3 years ago			`}`
			`EOF`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 3 years ago
setup: make all the scripts do the right thing and run through a full rebuild 3 years ago			`docker-compose up -d \|\| die "mastodon: unable to start container"`