69 lines
2.0 KiB
YAML
69 lines
2.0 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: mastodon-vapid-init
|
|
namespace: {{ .namespace }}
|
|
spec:
|
|
ttlSecondsAfterFinished: 300
|
|
template:
|
|
metadata:
|
|
labels:
|
|
component: vapid-init
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 991
|
|
runAsGroup: 991
|
|
fsGroup: 991
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: vapid-init
|
|
image: {{ .image }}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ALL]
|
|
readOnlyRootFilesystem: false
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
|
|
# Check if VAPID keys already exist in the secret
|
|
if [ -n "$VAPID_PRIVATE_KEY" ] && [ "$VAPID_PRIVATE_KEY" != "null" ] && \
|
|
[ -n "$VAPID_PUBLIC_KEY" ] && [ "$VAPID_PUBLIC_KEY" != "null" ]; then
|
|
echo "VAPID keys already exist in secret, skipping generation"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Generating VAPID keys..."
|
|
bundle exec rake mastodon:webpush:generate_vapid_key > /tmp/vapid_output.txt
|
|
|
|
echo "VAPID keys generated:"
|
|
cat /tmp/vapid_output.txt
|
|
|
|
echo ""
|
|
echo "NOTE: These keys must be manually added to secrets.yaml:"
|
|
echo " apps.mastodon.vapidPrivateKey: <VAPID_PRIVATE_KEY from above>"
|
|
echo " apps.mastodon.vapidPublicKey: <VAPID_PUBLIC_KEY from above>"
|
|
env:
|
|
- name: VAPID_PRIVATE_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mastodon-secrets
|
|
key: vapidPrivateKey
|
|
optional: true
|
|
- name: VAPID_PUBLIC_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mastodon-secrets
|
|
key: vapidPublicKey
|
|
optional: true
|
|
- name: RAILS_ENV
|
|
value: production
|
|
- name: LOCAL_DOMAIN
|
|
value: "{{ .domain }}"
|