Document secret insertion and format

This commit is contained in:
decentral1se 2021-05-28 12:54:02 +02:00
parent 3c8770d5fb
commit 580fc560c7
Signed by untrusted user who does not match committer: decentral1se
GPG Key ID: 92DAD76BD9567B8A

View File

@ -3,26 +3,64 @@
Your self-hosted, globally interconnected microblogging community
<!-- metadata -->
* **Category**:
* **Status**:
* **Image**: [`tootsuite/mastodon`](https://hub.docker.com/r/tootsuite/mastodon)
* **Healthcheck**:
* **Backups**:
* **Email**:
* **Tests**:
* **SSO**:
- **Category**:
- **Status**:
- **Image**: [`tootsuite/mastodon`](https://hub.docker.com/r/tootsuite/mastodon)
- **Healthcheck**:
- **Backups**:
- **Email**:
- **Tests**:
- **SSO**:
<!-- endmetadata -->
## Basic usage
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new mastodon`
4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
your Docker swarm box. Install the npm package webpush to create VAPID keys `npm install web-push -g && web-push generate-vapid-keys`.
5. `abra app YOURAPPDOMAIN deploy --no-domain-poll`. App will fail for now.
6. `abra app mastodon run streaming rake db:setup`
7. Open the configured domain in your browser to finish set-up. To make an admin account `abra app mastodon run web "bin/tootctl accounts create coolusername --email helo@autonomic.zone --confirmed --role admin"`
1. Deploy [`coop-cloud/traefik`]
1. `abra app new mastodon`
1. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
your Docker swarm box.
1. Follow the secrets setup documentation below.
1. `abra app YOURAPPDOMAIN deploy --no-domain-poll`. App will fail for now.
1. `abra app mastodon run streaming rake db:setup`
1. Open the configured domain in your browser to finish set-up. To make an admin account `abra app mastodon run web "bin/tootctl accounts create coolusername --email helo@autonomic.zone --confirmed --role admin"`
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
## Secrets setup
Because Mastodon expects secrets generated by specific tools, we don't support that in `abra` yet. However, you can run these commands yourself using the underlying Docker CLI. You can then load them in as secrets to the swarm using `abra` though and then they will be picked up on the deployment.
First, generate the `SECRET_KEY_BASE` and `OTP_SECRET` and store them in your local shell environment, you'll need them for subsequent commands.
```
$ SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
$ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
$ printf $SECRET_KEY_BASE | abra app YOURAPPDOMAIN secret insert secret_key_base v1 -
$ printf $OTP_SECRET | abra app YOURAPPDOMAIN secret insert otp_secret v1 -
```
Then you need to generate the `VAPID_{PUBLIC/PRIVATE}_KEY` values using the `SECRET_KEY_BASE`/`OTP_SECRET`:
```
$ docker run \
-e SECRET_KEY_BASE=$SECRET_KEY_BASE \
-e OTP_SECRET=$OTP_SECRET \
--rm tootsuite/mastodon:v3.4.0 \
bundle exec rake mastodon:webpush:generate_vapid_key
```
Once you see the values generated, you can load the `VAPID_PUBLIC_KEY` into your `.env` file and `VAPID_PRIVATE_KEY` into a secret.
```
$ printf YOURVAPIDPRIVATEKEY | abra app YOURDOMAIN secret insert vapid_private_key v1 -
```
And finally, to end your whirlwind secrets loading adventure, get the `DB_PASS` and `SMTP_PASSWORD` loaded.
```
$ abra app YOURAPPDOMAIN secret generate db_password v1
$ printf YOURSMTPPASSWORD | abra app YOURDOMAIN secret insert smtp_password v1 -
```