pixelfed: set app key in secrets, bounce the connection after running everything

pixelfed/env.production

@@ -1,9 +1,9 @@
 ## Crypto
-APP_KEY=base64:fjwyqPkDUoYkQNVhkjsPTj5TkO6IaNb3NXmIobJJ5nk=
+# APP_KEY is set env.secrets
 
 ## General Settings
 APP_ENV=production
-APP_DEBUG=true
+APP_DEBUG=false
 
 # domain name specifics are passed in env.secrets
 # APP_NAME="Pixelfed Prod (Testing)"
@@ -38,7 +38,7 @@ ACCOUNT_DELETE_AFTER=false
 MAX_LINKS_PER_POST=0
 
 ## Instance
-# INSTANCE_DESCRIPTION="hackerspace.zone pixelfed test"
+# INSTANCE_DESCRIPTION is set in env.secrets
 INSTANCE_PUBLIC_HASHTAGS=false
 #INSTANCE_CONTACT_EMAIL=
 INSTANCE_PUBLIC_LOCAL_TIMELINE=true
@@ -92,6 +92,7 @@ EXP_REC=false
 EXP_LOOPS=false
 
 ## ActivityPub Federation
+## enable all activity pub interfaces
 ACTIVITY_PUB=true
 AP_REMOTE_FOLLOW=true
 AP_SHAREDINBOX=true
@@ -151,7 +152,7 @@ TRUST_PROXIES="*"
 #PASSPORT_PUBLIC_KEY=
 
 ## OIDC for logins passed in in env.secrets
-# OIDC_CLIENT_ID=pixelfed
-# OIDC_CLIENT_SECRET=F55hjj2FBPnnuW7nD80LjwS9sVYXm4fB
+# OIDC_CLIENT_ID, OIDC_CLIENT_SECRET
+# OIDC provider URL must include realm
 # OIDC_PROVIDER_URL=https://login.hackerspace.zone/realms/hackerspace
 OIDC_PROVIDER_NAME=oidc

pixelfed/setup

@@ -24,6 +24,7 @@ CLIENT_SECRET="$(openssl rand -hex 20)"
 mkdir -p "$(dirname "$SECRETS")"
 cat <<EOF > "$SECRETS"
 # DO NOT CHECK IN
+APP_KEY=
 INSTANCE_DESCRIPTION="${DOMAIN_NAME} pixelfed"
 OIDC_CLIENT_ID=$MODULE
 OIDC_CLIENT_SECRET=${CLIENT_SECRET}
@@ -90,6 +91,10 @@ docker-compose exec -u www-data app php artisan route:cache || die "route:cache"
 docker-compose exec -u www-data app php artisan view:cache || die "view:cache"
 docker-compose exec -u www-data app php artisan config:cache || die "config:cache"
 
+# bounce it to reload all of the state
+docker-compose down || die "unable to bring down"
+docker-compose up -d || die "unable to restart"
+
 #php artisan route:clear
 #php artisan view:clear
 #php artisan config:clear