env/mastodon/setup

#!/bin/bash
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
info() { echo >&2 "$@" ; }

DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production
source ./env.production

mkdir -p data/system
chmod 777 data/system

rm -f env.secrets
cat > env.secrets << EOF
# Fake file to make db:setup happy
SECRET_KEY_BASE=000000
OTP_SECRET=000000
OIDC_CLIENT_SECRET=000000
EOF

# have to bring it all down before we touch the files
docker-compose down

if [ -z "$MASTODON_SKIP_DB_INIT" ]; then
	info "configuring mastodon"
	sudo docker-compose run --rm mastodon \
	  rails db:setup \
	|| die "unable to login"
fi

OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"

# now create the real secrets file,
# along with some parameters that should be in the environment
cat <<EOF > env.secrets
# DO NOT CHECK IN
LOCAL_DOMAIN=$MASTODON_HOSTNAME
OIDC_DISPLAY_NAME=$REALM
OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM
OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback
OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
SECRET_KEY_BASE=$(openssl rand -hex 32)
OTP_SECRET=$(openssl rand -hex 32)
EOF

docker-compose run --rm mastodon \
  rails mastodon:webpush:generate_vapid_key \
  >> env.secrets \
|| die "unable to generate vapid key"


../keycloak/client-delete mastodon
../keycloak/client-create <<EOF || die "Unable to create keycloak client"
{
	"clientId": "mastodon",
	"rootUrl": "https://$MASTODON_HOSTNAME/",
	"adminUrl": "https://$MASTODON_HOSTNAME/",
	"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],
	"webOrigins": [ "https://$MASTODON_HOSTNAME" ],
	"clientAuthenticatorType": "client-secret",
	"secret": "$OIDC_CLIENT_SECRET"
}
EOF

docker-compose up -d
overhaul the env.production files, add more nginx wrappers, split things into setup scripts 2 years ago			`#!/bin/bash`
			`die() { echo >&2 "ERROR: $@" ; exit 1 ; }`
			`info() { echo >&2 "$@" ; }`

			`DIRNAME="$(dirname $0)"`
			`cd "$DIRNAME"`
			`source ../env.production`
			`source ./env.production`

mastodon: setup streaming and oicd login 2 years ago			`mkdir -p data/system`
			`chmod 777 data/system`

			`rm -f env.secrets`
			`cat > env.secrets << EOF`
			`# Fake file to make db:setup happy`
			`SECRET_KEY_BASE=000000`
			`OTP_SECRET=000000`
			`OIDC_CLIENT_SECRET=000000`
			`EOF`

nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`# have to bring it all down before we touch the files`
			`docker-compose down`

mastodon: setup streaming and oicd login 2 years ago			`if [ -z "$MASTODON_SKIP_DB_INIT" ]; then`
			`info "configuring mastodon"`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`sudo docker-compose run --rm mastodon \`
mastodon: setup streaming and oicd login 2 years ago			`rails db:setup \`
			`\|\| die "unable to login"`
			`fi`

nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"`

			`# now create the real secrets file,`
			`# along with some parameters that should be in the environment`
			`cat <<EOF > env.secrets`
			`# DO NOT CHECK IN`
			`LOCAL_DOMAIN=$MASTODON_HOSTNAME`
			`OIDC_DISPLAY_NAME=$REALM`
			`OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM`
			`OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback`
			`OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET`
			`SECRET_KEY_BASE=$(openssl rand -hex 32)`
			`OTP_SECRET=$(openssl rand -hex 32)`
			`EOF`
mastodon: setup streaming and oicd login 2 years ago
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`docker-compose run --rm mastodon \`
mastodon: setup streaming and oicd login 2 years ago			`rails mastodon:webpush:generate_vapid_key \`
			`>> env.secrets \`
			`\|\| die "unable to generate vapid key"`

overhaul the env.production files, add more nginx wrappers, split things into setup scripts 2 years ago
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`../keycloak/client-delete mastodon`
			`../keycloak/client-create <<EOF \|\| die "Unable to create keycloak client"`
mastodon: oidc almost works 2 years ago			`{`
			`"clientId": "mastodon",`
			`"rootUrl": "https://$MASTODON_HOSTNAME/",`
			`"adminUrl": "https://$MASTODON_HOSTNAME/",`
			`"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],`
			`"webOrigins": [ "https://$MASTODON_HOSTNAME" ],`
			`"clientAuthenticatorType": "client-secret",`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago			`"secret": "$OIDC_CLIENT_SECRET"`
mastodon: oidc almost works 2 years ago			`}`
			`EOF`
nginx renewal fixes, oauth mastodon setup, secret restructure, etc 2 years ago
			`docker-compose up -d`