This commit is contained in:
doomtube
parent
c20a5e7486
commit
fc0385c8d5
3 changed files with 94 additions and 70 deletions
|
|
@ -164,7 +164,6 @@ write_files:
|
|||
# Message of the day
|
||||
- path: /etc/motd
|
||||
content: |
|
||||
|
||||
+---------------------------------------------------------------+
|
||||
| REALMS APP SERVER |
|
||||
| |
|
||||
|
|
@ -176,12 +175,40 @@ write_files:
|
|||
| |
|
||||
| Commands: |
|
||||
| cd /opt/realms && docker compose logs -f |
|
||||
| cd /opt/realms && docker compose pull && up -d |
|
||||
| cd /opt/realms && docker compose pull && docker compose up -d
|
||||
| |
|
||||
+---------------------------------------------------------------+
|
||||
|
||||
permissions: '0644'
|
||||
|
||||
# Environment file generator script (separate file to avoid YAML parsing issues)
|
||||
- path: /usr/local/bin/generate-env.sh
|
||||
content: |
|
||||
#!/bin/bash
|
||||
set -e
|
||||
ENV_FILE="/opt/realms/.env"
|
||||
if [ -f "$ENV_FILE" ]; then
|
||||
echo ".env already exists, skipping generation"
|
||||
exit 0
|
||||
fi
|
||||
echo "Generating .env with secure random secrets..."
|
||||
DB_PASS=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
JWT_SEC=$(openssl rand -base64 48 | tr -d '/+=' | head -c 48)
|
||||
REDIS_PASS=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
OME_TOKEN=$(openssl rand -hex 32)
|
||||
NAKAMA_KEY=$(openssl rand -hex 16)
|
||||
NAKAMA_PASS=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
|
||||
{
|
||||
echo "DB_PASSWORD=$DB_PASS"
|
||||
echo "JWT_SECRET=$JWT_SEC"
|
||||
echo "REDIS_PASSWORD=$REDIS_PASS"
|
||||
echo "OME_API_TOKEN=$OME_TOKEN"
|
||||
echo "NAKAMA_SERVER_KEY=$NAKAMA_KEY"
|
||||
echo "NAKAMA_CONSOLE_PASSWORD=$NAKAMA_PASS"
|
||||
} > "$ENV_FILE"
|
||||
chmod 600 "$ENV_FILE"
|
||||
echo ".env generated with secure random secrets"
|
||||
permissions: '0755'
|
||||
|
||||
runcmd:
|
||||
# Ensure .ssh directory exists
|
||||
- mkdir -p /root/.ssh && chmod 700 /root/.ssh
|
||||
|
|
@ -226,70 +253,8 @@ runcmd:
|
|||
- mkdir -p /opt/realms
|
||||
- mkdir -p /opt/realms/uploads
|
||||
|
||||
# Generate .env with secure random secrets (only if it doesn't exist)
|
||||
- |
|
||||
ENV_FILE="/opt/realms/.env"
|
||||
if [ ! -f "$ENV_FILE" ]; then
|
||||
echo "Generating .env with secure random secrets..."
|
||||
cat > "$ENV_FILE" << 'ENVEOF'
|
||||
# =============================================================================
|
||||
# Realms Production Environment - Auto-generated on first deploy
|
||||
# =============================================================================
|
||||
|
||||
# Database
|
||||
DB_PASSWORD=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
|
||||
# JWT Secret for authentication
|
||||
JWT_SECRET=$(openssl rand -base64 48 | tr -d '/+=' | head -c 48)
|
||||
|
||||
# Redis
|
||||
REDIS_PASSWORD=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
|
||||
# OvenMediaEngine API Token
|
||||
OME_API_TOKEN=$(openssl rand -hex 32)
|
||||
|
||||
# Nakama Game Server
|
||||
NAKAMA_SERVER_KEY=$(openssl rand -hex 16)
|
||||
NAKAMA_CONSOLE_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
|
||||
ENVEOF
|
||||
|
||||
# Generate actual random values by evaluating the file
|
||||
# Read template and generate real values
|
||||
DB_PASS=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
JWT_SEC=$(openssl rand -base64 48 | tr -d '/+=' | head -c 48)
|
||||
REDIS_PASS=$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)
|
||||
OME_TOKEN=$(openssl rand -hex 32)
|
||||
NAKAMA_KEY=$(openssl rand -hex 16)
|
||||
NAKAMA_PASS=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
|
||||
|
||||
cat > "$ENV_FILE" << ENVEOF
|
||||
# =============================================================================
|
||||
# Realms Production Environment - Auto-generated on first deploy
|
||||
# Generated: $(date -Iseconds)
|
||||
# =============================================================================
|
||||
|
||||
# Database
|
||||
DB_PASSWORD=$DB_PASS
|
||||
|
||||
# JWT Secret for authentication
|
||||
JWT_SECRET=$JWT_SEC
|
||||
|
||||
# Redis
|
||||
REDIS_PASSWORD=$REDIS_PASS
|
||||
|
||||
# OvenMediaEngine API Token
|
||||
OME_API_TOKEN=$OME_TOKEN
|
||||
|
||||
# Nakama Game Server
|
||||
NAKAMA_SERVER_KEY=$NAKAMA_KEY
|
||||
NAKAMA_CONSOLE_PASSWORD=$NAKAMA_PASS
|
||||
ENVEOF
|
||||
|
||||
chmod 600 "$ENV_FILE"
|
||||
echo ".env generated with secure random secrets"
|
||||
else
|
||||
echo ".env already exists, skipping generation"
|
||||
fi
|
||||
# Generate .env with secure random secrets (script defined in write_files)
|
||||
- /usr/local/bin/generate-env.sh
|
||||
|
||||
# Enable unattended upgrades
|
||||
- systemctl enable unattended-upgrades
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue