|
|
|
#!/bin/bash
|
|
|
|
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
|
|
|
|
info() { echo >&2 "$@" ; }
|
|
|
|
|
|
|
|
DIRNAME="$(dirname $0)"
|
|
|
|
cd "$DIRNAME"
|
|
|
|
source ../env.production
|
|
|
|
source ./env.production
|
|
|
|
source "../env.smtp" 2>/dev/null
|
|
|
|
|
|
|
|
mkdir -p ../data/mastodon/system
|
|
|
|
chmod 777 ../data/mastodon/system
|
|
|
|
|
|
|
|
SECRETS="../data/mastodon/env.secrets"
|
|
|
|
|
|
|
|
if [ -r "$SECRETS" ]; then
|
|
|
|
docker-compose up -d || die "unable to restart mastodon"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
# have to bring it all down before we touch the files
|
|
|
|
docker-compose down
|
|
|
|
|
|
|
|
OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"
|
|
|
|
|
|
|
|
# create the secrets file,
|
|
|
|
# along with some parameters that should be in the environment
|
|
|
|
mkdir -p "$(dirname "$SECRETS")"
|
|
|
|
cat <<EOF > "$SECRETS"
|
|
|
|
# DO NOT CHECK IN
|
|
|
|
WEB_DOMAIN=$MASTODON_HOSTNAME
|
|
|
|
LOCAL_DOMAIN=$DOMAIN_NAME
|
|
|
|
OIDC_DISPLAY_NAME=$REALM
|
|
|
|
OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM
|
|
|
|
OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback
|
|
|
|
OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
|
|
|
|
SECRET_KEY_BASE=$(openssl rand -hex 32)
|
|
|
|
OTP_SECRET=$(openssl rand -hex 32)
|
|
|
|
EOF
|
|
|
|
|
|
|
|
if [ -n "$SMTP_SERVER" ]; then
|
|
|
|
cat <<EOF >> "$SECRETS"
|
|
|
|
SMTP_SERVER=$SMTP_SERVER
|
|
|
|
SMTP_PORT=$SMTP_PORT
|
|
|
|
SMTP_LOGIN=$SMTP_USER
|
|
|
|
SMTP_PASSWORD=$SMTP_PASSWORD
|
|
|
|
SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
info "mastodon: creating push keys"
|
|
|
|
docker-compose run --rm mastodon \
|
|
|
|
rails mastodon:webpush:generate_vapid_key \
|
|
|
|
>> "$SECRETS" \
|
|
|
|
|| die "unable to generate vapid key"
|
|
|
|
|
|
|
|
info "mastodon: setting up database"
|
|
|
|
docker-compose run --rm mastodon \
|
|
|
|
rails db:setup \
|
|
|
|
|| die "unable to login"
|
|
|
|
|
|
|
|
source "$SECRETS"
|
|
|
|
|
|
|
|
info "mastodon: creating keycloak interface"
|
|
|
|
../keycloak/client-delete mastodon
|
|
|
|
../keycloak/client-create <<EOF || die "Unable to create keycloak client"
|
|
|
|
{
|
|
|
|
"clientId": "mastodon",
|
|
|
|
"rootUrl": "https://$MASTODON_HOSTNAME/",
|
|
|
|
"adminUrl": "https://$MASTODON_HOSTNAME/",
|
|
|
|
"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],
|
|
|
|
"webOrigins": [ "https://$MASTODON_HOSTNAME" ],
|
|
|
|
"clientAuthenticatorType": "client-secret",
|
|
|
|
"secret": "$OIDC_CLIENT_SECRET"
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
docker-compose up -d || die "mastodon: unable to start container"
|