# Run locally (on your machine or a secure host) to create the secrets you must paste into Komodo.
# This prints secure values for DB, Rails secrets, VAPID guidance and ActiveRecord encryption keys.
set -e

echo "Generating secrets (openssl)..."

DB_PASSWORD=$(openssl rand -hex 16)
SECRET_KEY_BASE=$(openssl rand -hex 64)
OTP_SECRET=$(openssl rand -hex 64)

# ActiveRecord encryption keys:
# - primary and deterministic keys: 32 bytes (hex) recommended
# - salt: 16 bytes (hex) recommended
ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)
ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)
ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 16)

echo ""
echo "Copy these values into your Komodo environment configuration for the Mastodon services:"
echo ""
echo "DB_PASSWORD=${DB_PASSWORD}"
echo "SECRET_KEY_BASE=${SECRET_KEY_BASE}"
echo "OTP_SECRET=${OTP_SECRET}"
echo ""
echo "ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY}"
echo "ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY}"
echo "ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT}"
echo ""
echo "Next: pull/build images on the host where you run docker-compose, then run the VAPID-generation rake task to get VAPID keys:"
echo ""
echo "  docker-compose pull"
echo "  docker-compose run --rm web bash -lc \"RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key\""
echo ""
echo "After running that rake task, copy the printed VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY into Komodo as environment variables."
echo ""
echo "Also set SMTP_PASSWORD and any other SMTP fields in Komodo."