install/env_secret_setup.sh at angular21

jbc.lol / wafrn

fork atom

unoffical wafrn mirror wafrn.net

atproto social-network activitypub

fork atom

wafrn / install / env_secret_setup.sh

at angular21 31 lines 1.3 kB view raw

wrap content

Zsolt Sz. Sz. Raven Add optional monitoring support for installation 10mo ago

6ac2ea28

 1#!/bin/bash
 2
 3# run this file from WAFRN root directory, e.g.
 4#
 5# $ ./install/env_secret_setup.sh
 6
 7export JWT_SECRET="$(openssl rand -base64 64 | tr -d '\n')"
 8export POSTGRES_PASSWORD="$(openssl rand -base64 24 | tr '+/' '_-')"
 9export PDS_JWT_SECRET="$(openssl rand --hex 16)"
10export PDS_ADMIN_PASSWORD="$(openssl rand -base64 24 | tr '+/' '_-')"
11export POSTGRES_METRICS_PASSWORD="$(openssl rand -base64 24 | tr '+/' '_-')"
12export PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="$(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)"
13
14VAPID_KEYS="$(docker run -e NPM_CONFIG_UPDATE_NOTIFIER=false packageless/npx:latest --yes web-push generate-vapid-keys --json)"
15
16export WEBPUSH_PRIVATE="$(echo "$VAPID_KEYS" | jq -r .privateKey)"
17export WEBPUSH_PUBLIC="$(echo "$VAPID_KEYS" | jq -r .publicKey)"
18export WEBPUSH_EMAIL="mailto:$ADMIN_EMAIL"
19
20# this might be set earlier
21if [ -z "${ADMIN_PASSWORD}" ]; then
22  export ADMIN_PASSWORD="$(openssl rand -base64 24 | tr '+/' '_-')"
23fi
24
25if [ -z "${GF_SECURITY_ADMIN_PASSWORD}" ]; then
26  export GF_SECURITY_ADMIN_PASSWORD="$(openssl rand -base64 24 | tr '+/' '_-')"
27fi
28
29cp .env.example .env
30
31perl -pi -e 's/^([_A-Z0-9]+)=(.*)$/$1."='"'"'".($ENV{$1}||$2)."'"'"'"/ge' .env