36 lines
1.7 KiB
Bash
36 lines
1.7 KiB
Bash
# Run locally (on your machine or a secure host) to create the secrets you must paste into Komodo.
|
|
# This prints secure values for DB, Rails secrets, VAPID guidance and ActiveRecord encryption keys.
|
|
set -e
|
|
|
|
echo "Generating secrets (openssl)..."
|
|
|
|
DB_PASSWORD=$(openssl rand -hex 16)
|
|
SECRET_KEY_BASE=$(openssl rand -hex 64)
|
|
OTP_SECRET=$(openssl rand -hex 64)
|
|
|
|
# ActiveRecord encryption keys:
|
|
# - primary and deterministic keys: 32 bytes (hex) recommended
|
|
# - salt: 16 bytes (hex) recommended
|
|
ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)
|
|
ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)
|
|
ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 16)
|
|
|
|
echo ""
|
|
echo "Copy these values into your Komodo environment configuration for the Mastodon services:"
|
|
echo ""
|
|
echo "DB_PASSWORD=${DB_PASSWORD}"
|
|
echo "SECRET_KEY_BASE=${SECRET_KEY_BASE}"
|
|
echo "OTP_SECRET=${OTP_SECRET}"
|
|
echo ""
|
|
echo "ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY}"
|
|
echo "ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY}"
|
|
echo "ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT}"
|
|
echo ""
|
|
echo "Next: pull/build images on the host where you run docker-compose, then run the VAPID-generation rake task to get VAPID keys:"
|
|
echo ""
|
|
echo " docker-compose pull"
|
|
echo " docker-compose run --rm web bash -lc \"RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key\""
|
|
echo ""
|
|
echo "After running that rake task, copy the printed VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY into Komodo as environment variables."
|
|
echo ""
|
|
echo "Also set SMTP_PASSWORD and any other SMTP fields in Komodo." |