mirror of
https://github.com/YunoHost-Apps/mastodon_ynh.git
synced 2024-09-03 19:46:02 +02:00
fix key for upgrade
This commit is contained in:
yalh76
parent
652d6f6c67
commit
d1a1e67008
3 changed files with 49 additions and 16 deletions
|
|
@ -36,6 +36,17 @@ LOCAL_DOMAIN=__DOMAIN__
|
|||
SECRET_KEY_BASE=__SECRET_KEY_BASE__
|
||||
OTP_SECRET=__OTP_SECRET__
|
||||
|
||||
# VAPID keys (used for push notifications
|
||||
# You can generate the keys using the following command (first is the private key, second is the public one)
|
||||
# You should only generate this once per instance. If you later decide to change it, all push subscription will
|
||||
# be invalidated, requiring the users to access the website again to resubscribe.
|
||||
#
|
||||
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
|
||||
#
|
||||
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
|
||||
VAPID_PRIVATE_KEY=__VAPID_PRIVATE_KEY__
|
||||
VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__
|
||||
|
||||
# Registrations
|
||||
# Single user mode will disable registrations and redirect frontpage to the first profile
|
||||
# SINGLE_USER_MODE=true
|
||||
|
|
@ -219,13 +230,3 @@ LDAP_UID=uid
|
|||
# http_proxy=http://gateway.local:8118
|
||||
# Access control for hidden service.
|
||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||
|
||||
|
||||
# VAPID keys (used for push notifications
|
||||
# You can generate the keys using the following command (first is the private key, second is the public one)
|
||||
# You should only generate this once per instance. If you later decide to change it, all push subscription will
|
||||
# be invalidated, requiring the users to access the website again to resubscribe.
|
||||
#
|
||||
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
|
||||
#
|
||||
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
|
||||
|
|
|
|||
|
|
@ -181,8 +181,8 @@ ynh_replace_string "__OTP_SECRET__" "$otp_secret" "$final_path/live/.env.product
|
|||
ynh_app_setting_set "$app" otp_secret "$otp_secret"
|
||||
|
||||
ldap_user="${app}ldap"
|
||||
ldap_password=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
yunohost user create username -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0
|
||||
ldap_password=$(head -n32 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c32)
|
||||
yunohost user create $ldap_user -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0
|
||||
ynh_replace_string "__LDAP_USER__" "$ldap_user" "${final_path}/live/.env.production"
|
||||
ynh_replace_string "__LDAP_PASSWORD__" "$ldap_password" "${final_path}/live/.env.production"
|
||||
ynh_app_setting_set "$app" ldap_user "$ldap_user"
|
||||
|
|
@ -202,13 +202,24 @@ pushd "$final_path/live"
|
|||
sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate --quiet
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile --quiet
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key >> "${final_path}/live/.env.production"
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > acc.txt
|
||||
popd
|
||||
|
||||
admin_pass=$( tail -1 $final_path/live/acc.txt | head -1 | cut -c 15- )
|
||||
ynh_secure_remove "$final_path/live/acc.txt"
|
||||
|
||||
vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt")
|
||||
vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt")
|
||||
|
||||
ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "${final_path}/live/.env.production"
|
||||
ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "${final_path}/live/.env.production"
|
||||
|
||||
ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
|
||||
ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
|
||||
|
||||
ynh_secure_remove "$final_path/live/key.txt"
|
||||
|
||||
#=================================================
|
||||
# SETUP CRON JOB FOR REMOVING CACHE
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -36,6 +36,8 @@ secret_key_base=$(ynh_app_setting_get "$app" secret_key_base)
|
|||
otp_secret=$(ynh_app_setting_get "$app" otp_secret)
|
||||
ldap_user=$(ynh_app_setting_get "$app" ldap_user)
|
||||
ldap_password=$(ynh_app_setting_get "$app" ldap_password)
|
||||
vapid_private_key=$(ynh_app_setting_get "$app" vapid_private_key)
|
||||
vapid_public_key=$(ynh_app_setting_get "$app" vapid_public_key)
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
|
|
@ -71,19 +73,28 @@ fi
|
|||
|
||||
# If paperclip_secret doesn't exist, retrieve it or create it
|
||||
if [[ -z "$paperclip_secret" ]]; then
|
||||
paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" test)
|
||||
if [[ -z "$paperclip_secret" ]]; then
|
||||
paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
fi
|
||||
ynh_app_setting_set "$app" paperclip_secret "$paperclip_secret"
|
||||
fi
|
||||
|
||||
# If secret_key_base doesn't exist, retrieve it or create it
|
||||
if [[ -z "$secret_key_base" ]]; then
|
||||
secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" test)
|
||||
if [[ -z "$secret_key_base" ]]; then
|
||||
secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
fi
|
||||
ynh_app_setting_set "$app" secret_key_base "$secret_key_base"
|
||||
fi
|
||||
|
||||
# If otp_secret doesn't exist, retrieve it or create it
|
||||
if [[ -z "$otp_secret" ]]; then
|
||||
otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
otp_secret=$(grep -oP "OTP_SECRET=\K\w+" test)
|
||||
if [[ -z "$otp_secret" ]]; then
|
||||
otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
|
||||
fi
|
||||
ynh_app_setting_set "$app" otp_secret "$otp_secret"
|
||||
fi
|
||||
|
||||
|
|
@ -234,6 +245,16 @@ pushd "$final_path/live"
|
|||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate
|
||||
popd
|
||||
|
||||
# If vapid_private_key doesn't exist, retrieve it or create it
|
||||
if [[ -z "$vapid_private_key" ]]; then
|
||||
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
|
||||
vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt")
|
||||
vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt")
|
||||
ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
|
||||
ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
|
||||
ynh_secure_remove "$final_path/live/key.txt"
|
||||
fi
|
||||
|
||||
# Recalculate and store the checksum of the file for the next upgrade.
|
||||
ynh_store_file_checksum "${final_path}/live/.env.production"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue