docker-compose environment for the entire v.st system
https://v.st/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.5 KiB
64 lines
1.5 KiB
#!/bin/bash
|
|
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
|
|
info() { echo >&2 "$@" ; }
|
|
|
|
DIRNAME="$(dirname $0)"
|
|
cd "$DIRNAME"
|
|
source ../env.production
|
|
source ./env.production
|
|
|
|
mkdir -p data/system
|
|
chmod 777 data/system
|
|
|
|
rm -f env.secrets
|
|
cat > env.secrets << EOF
|
|
# Fake file to make db:setup happy
|
|
SECRET_KEY_BASE=000000
|
|
OTP_SECRET=000000
|
|
OIDC_CLIENT_SECRET=000000
|
|
EOF
|
|
|
|
if [ -z "$MASTODON_SKIP_DB_INIT" ]; then
|
|
info "configuring mastodon"
|
|
sudo docker-compose run web \
|
|
rails db:setup \
|
|
|| die "unable to login"
|
|
fi
|
|
|
|
# now create the real secrets file
|
|
echo > env.secrets "# DO NOT CHECK IN"
|
|
|
|
sudo docker-compose run web \
|
|
rails mastodon:webpush:generate_vapid_key \
|
|
>> env.secrets \
|
|
|| die "unable to generate vapid key"
|
|
|
|
echo "SECRET_KEY_BASE=$(openssl rand -hex 32)" >> env.secrets
|
|
echo "OTP_SECRET=$(openssl rand -hex 32)" >> env.secrets
|
|
|
|
CLIENT_SECRET="$(openssl rand -hex 32)"
|
|
echo "OIDC_CLIENT_SECRET=$CLIENT_SECRET" >> env.secrets
|
|
|
|
# create the keycloak side of the secret
|
|
cd ../keycloak
|
|
source env.production
|
|
|
|
sudo docker-compose exec -T keycloak \
|
|
/opt/keycloak/bin/kcadm.sh \
|
|
create clients \
|
|
--server http://localhost:8080/ \
|
|
--user admin \
|
|
--password "$KEYCLOAK_ADMIN_PASSWORD" \
|
|
--realm master \
|
|
-r "$REALM" \
|
|
-f - <<EOF || die "unable to create client id"
|
|
{
|
|
"clientId": "mastodon",
|
|
"rootUrl": "https://$MASTODON_HOSTNAME/",
|
|
"adminUrl": "https://$MASTODON_HOSTNAME/",
|
|
"redirectUris": [ "https://$MASTODON_HOSTNAME/*" ],
|
|
"webOrigins": [ "https://$MASTODON_HOSTNAME" ],
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "$CLIENT_SECRET"
|
|
}
|
|
EOF
|
|
|