-
Notifications
You must be signed in to change notification settings - Fork 44
Expand file tree
/
Copy pathoffline-secrets.sh
More file actions
executable file
·79 lines (69 loc) · 2.32 KB
/
offline-secrets.sh
File metadata and controls
executable file
·79 lines (69 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env bash
set -eu
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
ANSIBLE_DIR="$( cd "$SCRIPT_DIR/../ansible" && pwd )"
VALUES_DIR="$(cd "$SCRIPT_DIR/../values" && pwd)"
ZAUTH_CONTAINER="${ZAUTH_CONTAINER:-quay.io/wire/zauth:latest}"
zrest="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 64)"
minio_access_key="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20)"
minio_secret_key="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 42)"
zauth="$(sudo docker run $ZAUTH_CONTAINER -m gen-keypair -i 1)"
zauth_public=$(echo "$zauth" | awk 'NR==1{ print $2}')
zauth_private=$(echo "$zauth" | awk 'NR==2{ print $2}')
if [[ ! -f $VALUES_DIR/wire-server/secrets.yaml ]]; then
echo "Writing $VALUES_DIR/wire-server/secrets.yaml"
cat <<EOF > $VALUES_DIR/wire-server/secrets.yaml
brig:
secrets:
smtpPassword: dummyPassword
zAuth:
publicKeys: "$zauth_public"
privateKeys: "$zauth_private"
turn:
secret: "$zrest"
awsKeyId: dummykey
awsSecretKey: dummysecret
# These are only necessary if you wish to support sign up via SMS/calls
# And require accounts at twilio.com / nexmo.com
setTwilio: |-
sid: "dummy"
token: "dummy"
setNexmo: |-
key: "dummy"
secret: "dummy"
# Uncomment and update value to connect to the SFT servers that require it
# sftTokenSecret: dummysecret
cargohold:
secrets:
awsKeyId: "$minio_access_key"
awsSecretKey: "$minio_secret_key"
galley:
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
gundeck:
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
nginz:
secrets:
zAuth:
publicKeys: "$zauth_public"
# only necessary in test environments (env="staging"). See charts/nginz/README.md
basicAuth: "<username>:<htpasswd-hashed-password>"
team-settings:
secrets:
# NOTE: This setting doesn't have to be changed for offline deploys as the team-settings
# container is pre-seeded
# It is just the empty "{}" json hashmap
configJson: "e30K"
EOF
fi
if [[ ! -f $ANSIBLE_DIR/inventory/offline/group_vars/all/secrets.yaml ]]; then
echo "Writing $ANSIBLE_DIR/inventory/offline/group_vars/all/secrets.yaml"
cat << EOT > $ANSIBLE_DIR/inventory/offline/group_vars/all/secrets.yaml
restund_zrest_secret: "$zrest"
minio_access_key: "$minio_access_key"
minio_secret_key: "$minio_secret_key"
EOT
fi