Document secret insertion and format

2021-05-28 12:54:02 +02:00 · 2021-05-28 12:54:02 +02:00 · 580fc560c7
commit 580fc560c7
parent 3c8770d5fb
1 changed files with 53 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -3,26 +3,64 @@
 Your self-hosted, globally interconnected microblogging community

 <!-- metadata -->
-* **Category**:
-* **Status**: 
-* **Image**: [`tootsuite/mastodon`](https://hub.docker.com/r/tootsuite/mastodon)
-* **Healthcheck**: 
-* **Backups**: 
-* **Email**: 
-* **Tests**: 
-* **SSO**: 
+
+- **Category**:
+- **Status**:
+- **Image**: [`tootsuite/mastodon`](https://hub.docker.com/r/tootsuite/mastodon)
+- **Healthcheck**:
+- **Backups**:
+- **Email**:
+- **Tests**:
+- **SSO**:
 <!-- endmetadata -->

 ## Basic usage

 1. Set up Docker Swarm and [`abra`]
-2. Deploy [`coop-cloud/traefik`]
-3. `abra app new mastodon`
-4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
-   your Docker swarm box. Install the npm package webpush to create VAPID keys `npm install web-push -g && web-push generate-vapid-keys`. 
-5. `abra app YOURAPPDOMAIN deploy --no-domain-poll`. App will fail for now.
-6. `abra app mastodon run streaming rake db:setup`
-7. Open the configured domain in your browser to finish set-up. To make an admin account `abra app mastodon run web "bin/tootctl accounts create coolusername --email helo@autonomic.zone --confirmed --role admin"`
+1. Deploy [`coop-cloud/traefik`]
+1. `abra app new mastodon`
+1. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
+   your Docker swarm box.
+1. Follow the secrets setup documentation below.
+1. `abra app YOURAPPDOMAIN deploy --no-domain-poll`. App will fail for now.
+1. `abra app mastodon run streaming rake db:setup`
+1. Open the configured domain in your browser to finish set-up. To make an admin account `abra app mastodon run web "bin/tootctl accounts create coolusername --email helo@autonomic.zone --confirmed --role admin"`

 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
+
+## Secrets setup
+
+Because Mastodon expects secrets generated by specific tools, we don't support that in `abra` yet. However, you can run these commands yourself using the underlying Docker CLI. You can then load them in as secrets to the swarm using `abra` though and then they will be picked up on the deployment.
+
+First, generate the `SECRET_KEY_BASE` and `OTP_SECRET` and store them in your local shell environment, you'll need them for subsequent commands.
+
+```
+$ SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
+$ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
+$ printf $SECRET_KEY_BASE | abra app YOURAPPDOMAIN secret insert secret_key_base v1 -
+$ printf $OTP_SECRET | abra app YOURAPPDOMAIN secret insert otp_secret v1 -
+```
+
+Then you need to generate the `VAPID_{PUBLIC/PRIVATE}_KEY` values using the `SECRET_KEY_BASE`/`OTP_SECRET`:
+
+```
+$ docker run \
+  -e SECRET_KEY_BASE=$SECRET_KEY_BASE \
+  -e OTP_SECRET=$OTP_SECRET \
+  --rm tootsuite/mastodon:v3.4.0 \
+  bundle exec rake mastodon:webpush:generate_vapid_key
+```
+
+Once you see the values generated, you can load the `VAPID_PUBLIC_KEY` into your `.env` file and `VAPID_PRIVATE_KEY` into a secret.
+
+```
+$ printf YOURVAPIDPRIVATEKEY | abra app YOURDOMAIN secret insert vapid_private_key v1 -
+```
+
+And finally, to end your whirlwind secrets loading adventure, get the `DB_PASS` and `SMTP_PASSWORD` loaded.
+
+```
+$ abra app YOURAPPDOMAIN secret generate db_password v1
+$ printf YOURSMTPPASSWORD | abra app YOURDOMAIN secret insert smtp_password v1 -
+```