#!/bin/bash die() { echo >&2 "ERROR: $@" ; exit 1 ; } info() { echo >&2 "$@" ; } DIRNAME="$(dirname $0)" cd "$DIRNAME" source ../env.production source ./env.production mkdir -p data/system chmod 777 data/system rm -f env.secrets cat > env.secrets << EOF # Fake file to make db:setup happy SECRET_KEY_BASE=000000 OTP_SECRET=000000 OIDC_CLIENT_SECRET=000000 EOF # have to bring it all down before we touch the files docker-compose down if [ -z "$MASTODON_SKIP_DB_INIT" ]; then info "configuring mastodon" sudo docker-compose run --rm mastodon \ rails db:setup \ || die "unable to login" fi OIDC_CLIENT_SECRET="$(openssl rand -hex 32)" # now create the real secrets file, # along with some parameters that should be in the environment cat < env.secrets # DO NOT CHECK IN LOCAL_DOMAIN=$MASTODON_HOSTNAME OIDC_DISPLAY_NAME=$REALM OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET SECRET_KEY_BASE=$(openssl rand -hex 32) OTP_SECRET=$(openssl rand -hex 32) EOF docker-compose run --rm mastodon \ rails mastodon:webpush:generate_vapid_key \ >> env.secrets \ || die "unable to generate vapid key" ../keycloak/client-delete mastodon ../keycloak/client-create <