Add komodo/mastodon/gen-secrets.sh

komodo/mastodon/gen-secrets.sh

@@ -0,0 +1,36 @@
+# Run locally (on your machine or a secure host) to create the secrets you must paste into Komodo.
+# This prints secure values for DB, Rails secrets, VAPID guidance and ActiveRecord encryption keys.
+set -e
+
+echo "Generating secrets (openssl)..."
+
+DB_PASSWORD=$(openssl rand -hex 16)
+SECRET_KEY_BASE=$(openssl rand -hex 64)
+OTP_SECRET=$(openssl rand -hex 64)
+
+# ActiveRecord encryption keys:
+# - primary and deterministic keys: 32 bytes (hex) recommended
+# - salt: 16 bytes (hex) recommended
+ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)
+ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)
+ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 16)
+
+echo ""
+echo "Copy these values into your Komodo environment configuration for the Mastodon services:"
+echo ""
+echo "DB_PASSWORD=${DB_PASSWORD}"
+echo "SECRET_KEY_BASE=${SECRET_KEY_BASE}"
+echo "OTP_SECRET=${OTP_SECRET}"
+echo ""
+echo "ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY}"
+echo "ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY}"
+echo "ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT}"
+echo ""
+echo "Next: pull/build images on the host where you run docker-compose, then run the VAPID-generation rake task to get VAPID keys:"
+echo ""
+echo "  docker-compose pull"
+echo "  docker-compose run --rm web bash -lc \"RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key\""
+echo ""
+echo "After running that rake task, copy the printed VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY into Komodo as environment variables."
+echo ""
+echo "Also set SMTP_PASSWORD and any other SMTP fields in Komodo."