diff --git a/docs/assets/images/screenshots/help_text.svg b/docs/assets/images/screenshots/help_text.svg
index 6b800cd8d..9361ac938 100644
--- a/docs/assets/images/screenshots/help_text.svg
+++ b/docs/assets/images/screenshots/help_text.svg
@@ -19,131 +19,131 @@
font-weight: 700;
}
- .terminal-2112459453-matrix {
+ .terminal-2374144702-matrix {
font-family: Fira Code, monospace;
font-size: 20px;
line-height: 24.4px;
font-variant-east-asian: full-width;
}
- .terminal-2112459453-title {
+ .terminal-2374144702-title {
font-size: 18px;
font-weight: bold;
font-family: arial;
}
- .terminal-2112459453-r1 { fill: #c5c8c6 }
-.terminal-2112459453-r2 { fill: #5f87ff }
-.terminal-2112459453-r3 { fill: #5f87af;font-style: italic; }
-.terminal-2112459453-r4 { fill: #5f87af }
-.terminal-2112459453-r5 { fill: #8787ff }
-.terminal-2112459453-r6 { fill: #afafff }
-.terminal-2112459453-r7 { fill: #87afff }
-.terminal-2112459453-r8 { fill: #afafff;font-weight: bold }
-.terminal-2112459453-r9 { fill: #868887 }
-.terminal-2112459453-r10 { fill: #6179a9 }
-.terminal-2112459453-r11 { fill: #6161a9 }
-.terminal-2112459453-r12 { fill: #7979a9;font-weight: bold }
-.terminal-2112459453-r13 { fill: #4961a9 }
+ .terminal-2374144702-r1 { fill: #c5c8c6 }
+.terminal-2374144702-r2 { fill: #5f87ff }
+.terminal-2374144702-r3 { fill: #5f87af;font-style: italic; }
+.terminal-2374144702-r4 { fill: #5f87af }
+.terminal-2374144702-r5 { fill: #8787ff }
+.terminal-2374144702-r6 { fill: #afafff }
+.terminal-2374144702-r7 { fill: #87afff }
+.terminal-2374144702-r8 { fill: #afafff;font-weight: bold }
+.terminal-2374144702-r9 { fill: #868887 }
+.terminal-2374144702-r10 { fill: #6179a9 }
+.terminal-2374144702-r11 { fill: #6161a9 }
+.terminal-2374144702-r12 { fill: #7979a9;font-weight: bold }
+.terminal-2374144702-r13 { fill: #4961a9 }
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
- term
+ term
-
+
-
- ๐งธsmol k8s lab
-
-Install slim Kubernetes distros + plus all your apps via Argo CD.
-
-Usage:smol-k8s-lab[OPTIONS]
-
-โญโ ส แตแดฅแตส Options โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
-โโ
-โ-c--config CONFIG_FILEFull path and name of the YAML config file to parse. โ
-โDefaults to $XDG_CONFIG_HOME/smol-k8s-lab/config.yamlโ
-โโ
-โ-D--delete CLUSTER_NAMEDelete an existing cluster by name. โ
-โโ
-โ-i--interactiveโ๏ธ Interactively configures smol-k8s-labโ
-โโ
-โ-v--versionPrint the version of smol-k8s-lab (v5.17.1) โ
-โโ
-โ-f--final_cmdRun command immediately after smol-k8s-lab before main cli phaseโ
-โโ
-โ-h--helpShow this message and exit. โ
-โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โฅ docs: https://small-hack.github.io/smol-k8s-labโโฏ
+
+ ๐งธsmol k8s lab
+
+Install slim Kubernetes distros + plus all your apps via Argo CD.
+
+Usage:smol-k8s-lab[OPTIONS]
+
+โญโ ส แตแดฅแตส Options โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
+โโ
+โ-c--config CONFIG_FILEFull path and name of the YAML config file to parse. โ
+โDefaults to $XDG_CONFIG_HOME/smol-k8s-lab/config.yamlโ
+โโ
+โ-D--delete CLUSTER_NAMEDelete an existing cluster by name. โ
+โโ
+โ-i--interactiveโ๏ธ Interactively configures smol-k8s-labโ
+โโ
+โ-v--versionPrint the version of smol-k8s-lab (v5.17.2) โ
+โโ
+โ-f--final_cmdRun command immediately after smol-k8s-lab before main cli phaseโ
+โโ
+โ-h--helpShow this message and exit. โ
+โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โฅ docs: https://small-hack.github.io/smol-k8s-labโโฏ
diff --git a/docs/k8s_apps/mastodon.md b/docs/k8s_apps/mastodon.md
index bf7ef010f..b7edc4025 100644
--- a/docs/k8s_apps/mastodon.md
+++ b/docs/k8s_apps/mastodon.md
@@ -3,7 +3,7 @@
We are mostly stable for running Mastodon on Kubernetes. Check out our [Mastodon Argo CD ApplicationSet](https://github.com/small-hack/argocd-apps/tree/main/mastodon/small-hack):
-
+
This is the networking view in Argo CD:
@@ -53,7 +53,7 @@ apps:
description: |
[link=https://joinmastodon.org/]Mastodon[/link] is an open source self hosted social media network.
- smol-k8s-lab supports initializing mastodon, by setting up your hostname, SMTP credentials, redis credentials, postgresql credentials, and an admin user credentials. We pass all credentials as secrets in the namespace and optionally save them to Bitwarden.
+ smol-k8s-lab supports initializing mastodon, by setting up your hostname, SMTP credentials, valkey credentials, postgresql credentials, and an admin user credentials. We pass all credentials as secrets in the namespace and optionally save them to Bitwarden.
smol-k8s-lab also creates a local s3 endpoint and as well as S3 bucket and credentials if you enable set mastodon.argo.secret_keys.s3_provider to "minio" or "seaweedfs". Both seaweedfs and minio require you to specify a remote s3 endpoint, bucket, region, and accessID/secretKey so that we can make sure you have remote backups.
@@ -102,9 +102,9 @@ apps:
access_key_id:
value_from:
env: MASTODON_S3_BACKUP_ACCESS_ID
- restic_repo_password:
- value_from:
- env: MASTODON_RESTIC_REPO_PASSWORD
+ restic_repo_password:
+ value_from:
+ env: MASTODON_RESTIC_REPO_PASSWORD
argo:
# secrets keys to make available to Argo CD ApplicationSets
secret_keys:
@@ -119,6 +119,10 @@ apps:
# local s3 endpoint for postgresql backups, backed up constantly
s3_endpoint: ""
s3_region: eu-west-1
+ # size of valkey pvc storage settings
+ valkey_storage: 3Gi
+ valkey_storage_class: local-path
+ valkey_access_mode: ReadWriteOnce
# git repo to install the Argo CD app from
repo: https://github.com/small-hack/argocd-apps
# path in the argo repo to point to. Trailing slash very important!
diff --git a/pyproject.toml b/pyproject.toml
index dbeec9575..87d9cfc54 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "smol_k8s_lab"
-version = "5.17.1"
+version = "5.17.2"
description = "CLI and TUI to quickly install slimmer Kubernetes distros and then manage apps declaratively using Argo CD"
authors = ["Jesse Hitch ",
"Max Roby "]
diff --git a/smol_k8s_lab/config/default_config.yaml b/smol_k8s_lab/config/default_config.yaml
index a8cd57d38..383dfd746 100644
--- a/smol_k8s_lab/config/default_config.yaml
+++ b/smol_k8s_lab/config/default_config.yaml
@@ -784,7 +784,7 @@ apps:
description: |
[link=https://joinmastodon.org/]Mastodon[/link] is an open source self hosted social media network.
- smol-k8s-lab supports initializing mastodon, by setting up your hostname, SMTP credentials, redis credentials, postgresql credentials, and an admin user credentials. We pass all credentials as secrets in the namespace and optionally save them to Bitwarden.
+ smol-k8s-lab supports initializing mastodon, by setting up your hostname, SMTP credentials, valkey credentials, postgresql credentials, and an admin user credentials. We pass all credentials as secrets in the namespace and optionally save them to Bitwarden.
smol-k8s-lab also creates a local s3 endpoint and as well as S3 bucket and credentials if you enable set mastodon.argo.secret_keys.s3_provider to "minio" or "seaweedfs". Both seaweedfs and minio require you to specify a remote s3 endpoint, bucket, region, and accessID/secretKey so that we can make sure you have remote backups.
@@ -834,9 +834,9 @@ apps:
access_key_id:
value_from:
env: MASTODON_S3_BACKUP_ACCESS_ID
- restic_repo_password:
- value_from:
- env: MASTODON_RESTIC_REPO_PASSWORD
+ restic_repo_password:
+ value_from:
+ env: MASTODON_RESTIC_REPO_PASSWORD
argo:
# secrets keys to make available to Argo CD ApplicationSets
secret_keys:
@@ -851,6 +851,10 @@ apps:
# local s3 endpoint for postgresql backups, backed up constantly
s3_endpoint: ""
s3_region: eu-west-1
+ # size of valkey pvc storage
+ valkey_storage: 3Gi
+ valkey_storage_class: local-path
+ valkey_access_mode: ReadWriteOnce
# git repo to install the Argo CD app from
repo: https://github.com/small-hack/argocd-apps
# path in the argo repo to point to. Trailing slash very important!
@@ -1195,7 +1199,7 @@ apps:
description: |
[link=https://nextcloud.com/]Nextcloud Hub[/link] is the industry-leading, fully open-source, on-premises content collaboration platform. Teams access, share and edit their documents, chat and participate in video calls and manage their mail and calendar and projects across mobile, desktop and web interfaces
- smol-k8s-lab supports initialization by setting up your admin username, password, and SMTP username and password, as well as your redis and postgresql credentials.
+ smol-k8s-lab supports initialization by setting up your admin username, password, and SMTP username and password, as well as your redis (or valkey) and postgresql credentials.
To avoid providing sensitive values everytime you run smol-k8s-lab, consider exporting the following environment variables before running smol-k8s-lab:
- NEXTCLOUD_SMTP_PASSWORD
diff --git a/smol_k8s_lab/k8s_apps/social/mastodon.py b/smol_k8s_lab/k8s_apps/social/mastodon.py
index 914ee89a7..9435206e3 100644
--- a/smol_k8s_lab/k8s_apps/social/mastodon.py
+++ b/smol_k8s_lab/k8s_apps/social/mastodon.py
@@ -1,7 +1,7 @@
# internal libraries
from smol_k8s_lab.bitwarden.bw_cli import BwCLI, create_custom_field
from smol_k8s_lab.k8s_apps.operators.minio import create_minio_alias, BetterMinio
-from smol_k8s_lab.k8s_apps.social.mastodon_rake import generate_rake_secrets
+from smol_k8s_lab.k8s_apps.social.mastodon_secrets import generate_mastodon_secrets
from smol_k8s_lab.k8s_tools.argocd_util import ArgoCD
from smol_k8s_lab.k8s_tools.restores import restore_seaweedfs, restore_cnpg_cluster
from smol_k8s_lab.utils.passwords import create_password
@@ -81,7 +81,7 @@ def configure_mastodon(argocd: ArgoCD,
mail_pass = extract_secret(init_values.get('smtp_password'))
# main mastodon rake secrets
- rake_secrets = generate_rake_secrets()
+ rake_secrets = generate_mastodon_secrets()
# configure s3 credentials
s3_access_id = 'mastodon'
@@ -125,10 +125,10 @@ def configure_mastodon(argocd: ArgoCD,
{"password": mastodon_pgsql_password,
'postrgesPassword': mastodon_pgsql_password})
- # redis creds k8s secret
- mastodon_redis_password = create_password()
- argocd.k8s.create_secret('mastodon-redis-credentials', 'mastodon',
- {"password": mastodon_redis_password})
+ # valkey creds k8s secret
+ mastodon_valkey_password = create_password()
+ argocd.k8s.create_secret('mastodon-valkey-credentials', 'mastodon',
+ {"password": mastodon_valkey_password})
# mastodon rake secrets
argocd.k8s.create_secret('mastodon-server-secrets', 'mastodon',
@@ -226,8 +226,8 @@ def refresh_bweso(argocd: ArgoCD,
f"mastodon-elasticsearch-credentials-{mastodon_hostname}", False
)[0]['id']
- redis_id = bitwarden.get_item(
- f"mastodon-redis-credentials-{mastodon_hostname}", False
+ valkey_id = bitwarden.get_item(
+ f"mastodon-valkey-credentials-{mastodon_hostname}", False
)[0]['id']
smtp_id = bitwarden.get_item(
@@ -258,7 +258,7 @@ def refresh_bweso(argocd: ArgoCD,
argocd.update_appset_secret(
{'mastodon_smtp_credentials_bitwarden_id': smtp_id,
'mastodon_postgres_credentials_bitwarden_id': db_id,
- 'mastodon_redis_bitwarden_id': redis_id,
+ 'mastodon_valkey_bitwarden_id': valkey_id,
'mastodon_s3_admin_credentials_bitwarden_id': s3_admin_id,
'mastodon_s3_postgres_credentials_bitwarden_id': s3_db_id,
'mastodon_s3_mastodon_credentials_bitwarden_id': s3_id,
@@ -353,13 +353,13 @@ def setup_bitwarden_items(argocd: ArgoCD,
fields=[postrges_pass_obj]
)
- # Redis credentials
- mastodon_redis_password = bitwarden.generate()
- redis_id = bitwarden.create_login(
- name='mastodon-redis-credentials',
+ # valkey credentials
+ mastodon_valkey_password = bitwarden.generate()
+ valkey_id = bitwarden.create_login(
+ name='mastodon-valkey-credentials',
item_url=mastodon_hostname,
user='mastodon',
- password=mastodon_redis_password
+ password=mastodon_valkey_password
)
# SMTP credentials
@@ -400,6 +400,18 @@ def setup_bitwarden_items(argocd: ArgoCD,
"VAPID_PRIVATE_KEY",
rake_secrets['VAPID_PRIVATE_KEY']
)
+ active_record_encryption_deterministic_obj = create_custom_field(
+ "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY",
+ rake_secrets['ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY']
+ )
+ active_record_encryption_derivation_obj = create_custom_field(
+ "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT",
+ rake_secrets['ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT']
+ )
+ active_record_encryption_primary_obj = create_custom_field(
+ "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY",
+ rake_secrets['ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY']
+ )
secrets_id = bitwarden.create_login(
name='mastodon-server-secrets',
@@ -410,7 +422,10 @@ def setup_bitwarden_items(argocd: ArgoCD,
secret_key_base_obj,
otp_secret_obj,
vapid_priv_key_obj,
- vapid_pub_key_obj
+ vapid_pub_key_obj,
+ active_record_encryption_primary_obj,
+ active_record_encryption_derivation_obj,
+ active_record_encryption_deterministic_obj
]
)
@@ -419,7 +434,7 @@ def setup_bitwarden_items(argocd: ArgoCD,
argocd.update_appset_secret(
{'mastodon_smtp_credentials_bitwarden_id': smtp_id,
'mastodon_postgres_credentials_bitwarden_id': db_id,
- 'mastodon_redis_bitwarden_id': redis_id,
+ 'mastodon_valkey_bitwarden_id': valkey_id,
'mastodon_s3_admin_credentials_bitwarden_id': s3_admin_id,
'mastodon_s3_postgres_credentials_bitwarden_id': s3_db_id,
'mastodon_s3_mastodon_credentials_bitwarden_id': s3_id,
diff --git a/smol_k8s_lab/k8s_apps/social/mastodon_rake.py b/smol_k8s_lab/k8s_apps/social/mastodon_secrets.py
similarity index 63%
rename from smol_k8s_lab/k8s_apps/social/mastodon_rake.py
rename to smol_k8s_lab/k8s_apps/social/mastodon_secrets.py
index 2533e02f1..8d76ce2fc 100755
--- a/smol_k8s_lab/k8s_apps/social/mastodon_rake.py
+++ b/smol_k8s_lab/k8s_apps/social/mastodon_secrets.py
@@ -1,11 +1,11 @@
#!/usr/bin/env python
-"""
+"""
This is just for generating mastodon rake secrets and testing on the cli
"""
from smol_k8s_lab.utils.run.subproc import subproc
-def generate_rake_secrets() -> None:
+def generate_mastodon_secrets() -> None:
"""
These are required for mastodon:
https://docs.joinmastodon.org/admin/config/#secrets
@@ -21,11 +21,20 @@ def generate_rake_secrets() -> None:
VAPID_PUBLIC_KEY Generate with rake mastodon:webpush:generate_vapid_key.
Changing it will break push notifications.
+
+ these are all generated with rails db:encryption:init
+ ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
+ ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
+ ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
"""
final_dict = {"SECRET_KEY_BASE": "",
"OTP_SECRET": "",
"VAPID_PRIVATE_KEY": "",
- "VAPID_PUBLIC_KEY": ""}
+ "VAPID_PUBLIC_KEY": "",
+ "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY": "",
+ "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT": "",
+ "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY": ""
+ }
# we use docker to generate all of these
base_cmd = "docker run docker.io/tootsuite/mastodon:latest rake"
@@ -42,6 +51,13 @@ def generate_rake_secrets() -> None:
final_dict['VAPID_PRIVATE_KEY'] = vapid_keys[0].split("=")[1]
final_dict['VAPID_PUBLIC_KEY'] = vapid_keys[1].split("=")[1]
+ db_crypt_cmd = "docker run docker.io/tootsuite/mastodon:latest rails db:encryption:init"
+ crypt_env = subproc([db_crypt_cmd]).split('\n')
+ print(crypt_env)
+ final_dict['ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY'] = crypt_env[2].split("=")[1]
+ final_dict['ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT'] = crypt_env[3].split("=")[1]
+ final_dict['ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY'] = crypt_env[4].split("=")[1]
+
return final_dict
if __name__ == '__main__':