From b4c33bc74ceea792dc9e85db5593ec5459fe93f4 Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Fri, 13 May 2022 20:57:31 +0000
Subject: [PATCH] pixelfed: set app key in secrets, bounce the connection after
 running everything

---
 pixelfed/env.production | 11 ++++++-----
 pixelfed/setup          |  5 +++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/pixelfed/env.production b/pixelfed/env.production
index d132668..cc2049e 100644
--- a/pixelfed/env.production
+++ b/pixelfed/env.production
@@ -1,9 +1,9 @@
 ## Crypto
-APP_KEY=base64:fjwyqPkDUoYkQNVhkjsPTj5TkO6IaNb3NXmIobJJ5nk=
+# APP_KEY is set env.secrets
 
 ## General Settings
 APP_ENV=production
-APP_DEBUG=true
+APP_DEBUG=false
 
 # domain name specifics are passed in env.secrets
 # APP_NAME="Pixelfed Prod (Testing)"
@@ -38,7 +38,7 @@ ACCOUNT_DELETE_AFTER=false
 MAX_LINKS_PER_POST=0
 
 ## Instance
-# INSTANCE_DESCRIPTION="hackerspace.zone pixelfed test"
+# INSTANCE_DESCRIPTION is set in env.secrets
 INSTANCE_PUBLIC_HASHTAGS=false
 #INSTANCE_CONTACT_EMAIL=
 INSTANCE_PUBLIC_LOCAL_TIMELINE=true
@@ -92,6 +92,7 @@ EXP_REC=false
 EXP_LOOPS=false
 
 ## ActivityPub Federation
+## enable all activity pub interfaces
 ACTIVITY_PUB=true
 AP_REMOTE_FOLLOW=true
 AP_SHAREDINBOX=true
@@ -151,7 +152,7 @@ TRUST_PROXIES="*"
 #PASSPORT_PUBLIC_KEY=
 
 ## OIDC for logins passed in in env.secrets
-# OIDC_CLIENT_ID=pixelfed
-# OIDC_CLIENT_SECRET=F55hjj2FBPnnuW7nD80LjwS9sVYXm4fB
+# OIDC_CLIENT_ID, OIDC_CLIENT_SECRET
+# OIDC provider URL must include realm
 # OIDC_PROVIDER_URL=https://login.hackerspace.zone/realms/hackerspace
 OIDC_PROVIDER_NAME=oidc
diff --git a/pixelfed/setup b/pixelfed/setup
index b8f3e9e..c8ea95b 100755
--- a/pixelfed/setup
+++ b/pixelfed/setup
@@ -24,6 +24,7 @@ CLIENT_SECRET="$(openssl rand -hex 20)"
 mkdir -p "$(dirname "$SECRETS")"
 cat <<EOF > "$SECRETS"
 # DO NOT CHECK IN
+APP_KEY=
 INSTANCE_DESCRIPTION="${DOMAIN_NAME} pixelfed"
 OIDC_CLIENT_ID=$MODULE
 OIDC_CLIENT_SECRET=${CLIENT_SECRET}
@@ -90,6 +91,10 @@ docker-compose exec -u www-data app php artisan route:cache || die "route:cache"
 docker-compose exec -u www-data app php artisan view:cache || die "view:cache"
 docker-compose exec -u www-data app php artisan config:cache || die "config:cache"
 
+# bounce it to reload all of the state
+docker-compose down || die "unable to bring down"
+docker-compose up -d || die "unable to restart"
+
 #php artisan route:clear
 #php artisan view:clear
 #php artisan config:clear