#!/bin/bash set -e echo "==========================================" echo " MASTODON ALL-IN-ONE - Initialisation" echo "==========================================" export RBENV_ROOT=/usr/local/rbenv export PATH="/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH" # --------------------------------------------------------------------------- # 0. Permissions # --------------------------------------------------------------------------- echo "[0/8] Correction des permissions sur /data..." mkdir -p /data/postgresql /data/redis /data/mastodon/public/system /data/mastodon/tmp chown -R postgres:postgres /data/postgresql 2>/dev/null || true chmod 700 /data/postgresql 2>/dev/null || true chown -R redis:redis /data/redis chown -R mastodon:mastodon /data/mastodon mkdir -p /var/run/postgresql /var/log/postgresql chown postgres:postgres /var/run/postgresql /var/log/postgresql echo " Permissions OK" # --------------------------------------------------------------------------- # 1. Nettoyage crash PostgreSQL # --------------------------------------------------------------------------- if [ -f /data/postgresql/postmaster.pid ]; then echo "[1/8] Nettoyage postmaster.pid residuel..." rm -f /data/postgresql/postmaster.pid fi # --------------------------------------------------------------------------- # 2. Vérification / réinitialisation PostgreSQL # --------------------------------------------------------------------------- NEED_INIT=false if [ ! -f /data/postgresql/PG_VERSION ]; then echo "[2/8] Premier demarrage detecte." NEED_INIT=true fi if [ -f /data/postgresql/.force_reinit ]; then echo "[2/8] Reinitialisation forcee demandee." rm -rf /data/postgresql/* rm -f /data/postgresql/.force_reinit NEED_INIT=true fi if [ "$NEED_INIT" = "false" ]; then for critical in pg_notify pg_wal pg_commit_ts pg_dynshmem pg_logical pg_replslot pg_serial pg_snapshots pg_stat pg_stat_tmp pg_subtrans pg_tblspc pg_twophase global base; do if [ ! -d "/data/postgresql/$critical" ]; then echo "[2/8] CORRUPTION DETECTEE : repertoire '$critical' manquant." echo " Suppression et reinitialisation de PostgreSQL..." rm -rf /data/postgresql/* NEED_INIT=true break fi done fi if [ "$NEED_INIT" = "true" ]; then echo " Initialisation de PostgreSQL..." su - postgres -c "/usr/lib/postgresql/15/bin/initdb -D /data/postgresql --locale=C --encoding=UTF8" echo "unix_socket_directories = '/var/run/postgresql'" >> /data/postgresql/postgresql.conf mkdir -p /var/run/postgresql chown postgres:postgres /var/run/postgresql su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /data/postgresql -l /var/log/postgresql/init.log start" sleep 3 RETRIES=0 until su - postgres -c "psql -c '\\q'" >/dev/null 2>&1; do RETRIES=$((RETRIES+1)) if [ $RETRIES -gt 30 ]; then echo " ERREUR : PostgreSQL ne demarre pas apres 30s." su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /data/postgresql stop" || true exit 1 fi echo " Attente de PostgreSQL... ($RETRIES/30)" sleep 1 done su - postgres -c "psql -c \"CREATE USER mastodon WITH PASSWORD 'mastodon';\"" su - postgres -c "psql -c \"CREATE DATABASE mastodon_production OWNER mastodon ENCODING 'UTF8' TEMPLATE template0;\"" su - postgres -c "psql -c \"CREATE EXTENSION pg_trgm;\" mastodon_production" su - postgres -c "psql -c \"CREATE EXTENSION unaccent;\" mastodon_production" su - postgres -c "psql -c \"CREATE EXTENSION pgcrypto;\" mastodon_production" su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /data/postgresql stop" echo " PostgreSQL initialise." else echo "[2/8] PostgreSQL deja initialise et sain." fi # --------------------------------------------------------------------------- # 3. Permissions PG finales # --------------------------------------------------------------------------- echo "[3/8] Verification des permissions PostgreSQL..." chown -R postgres:postgres /data/postgresql 2>/dev/null || true chmod 700 /data/postgresql 2>/dev/null || true mkdir -p /var/run/postgresql chown postgres:postgres /var/run/postgresql echo " OK" # --------------------------------------------------------------------------- # 4. Secrets & .env.production # --------------------------------------------------------------------------- echo "[4/8] Configuration de Mastodon (.env.production)..." LOCAL_DOMAIN="${MASTODON_LOCAL_DOMAIN:-__CHANGE_ME__}" ADMIN_EMAIL="${MASTODON_ADMIN_EMAIL:-__CHANGE_ME__}" ADMIN_PASSWORD="${MASTODON_ADMIN_PASSWORD:-__CHANGE_ME__}" if [ -z "$SECRET_KEY_BASE" ]; then SECRET_KEY_BASE=$(openssl rand -hex 64) echo " SECRET_KEY_BASE genere." fi if [ -z "$OTP_SECRET" ]; then OTP_SECRET=$(openssl rand -hex 64) echo " OTP_SECRET genere." fi if [ -z "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY" ]; then ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32) echo " ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY genere." fi if [ -z "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY" ]; then ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32) echo " ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY genere." fi if [ -z "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT" ]; then ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 32) echo " ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT genere." fi if [ -z "$VAPID_PRIVATE_KEY" ] || [ -z "$VAPID_PUBLIC_KEY" ]; then echo " Generation des cles VAPID..." VAPID_JSON=$(su - mastodon -c 'cd /opt/mastodon && export PATH="/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH" && bundle exec ruby -e "require \"webpush\"; v = WebPush.generate_key; puts({public: v.public_key, private: v.private_key}.to_json)"' 2>/dev/null || echo "") if [ -n "$VAPID_JSON" ]; then VAPID_PUBLIC_KEY=$(echo "$VAPID_JSON" | ruby -rjson -e 'puts JSON.parse(STDIN.read)["public"]') VAPID_PRIVATE_KEY=$(echo "$VAPID_JSON" | ruby -rjson -e 'puts JSON.parse(STDIN.read)["private"]') fi fi cat > /opt/mastodon/.env.production </dev/null 2>&1; do RETRIES=$((RETRIES+1)) if [ $RETRIES -gt 30 ]; then echo " ERREUR : PostgreSQL ne demarre pas apres 30s." su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /data/postgresql stop" || true exit 1 fi echo " Attente de PostgreSQL... ($RETRIES/30)" sleep 1 done echo " PostgreSQL pret." # --------------------------------------------------------------------------- # 7. Base de données Mastodon + compte admin # --------------------------------------------------------------------------- echo "[7/8] Verification de la base de données Mastodon..." DB_EXISTS=$(su - postgres -c "psql -tAc \"SELECT 1 FROM pg_database WHERE datname='mastodon_production';\"" || echo "") if [ "$DB_EXISTS" = "1" ]; then TABLE_EXISTS=$(su - postgres -c "psql -tAc \"SELECT to_regclass('public.accounts');\" mastodon_production" || echo "") if [ -z "$TABLE_EXISTS" ]; then echo " DB existe mais est vide. Setup initial..." su - mastodon -c 'cd /opt/mastodon && export PATH="/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH" && export RAILS_ENV=production && bundle exec rails db:schema:load db:seed' else echo " DB existante. Migration..." su - mastodon -c 'cd /opt/mastodon && export PATH="/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH" && export RAILS_ENV=production && bundle exec rails db:migrate' fi else echo " Creation de la base..." su - postgres -c "psql -c \"CREATE DATABASE mastodon_production OWNER mastodon ENCODING 'UTF8' TEMPLATE template0;\"" su - postgres -c "psql -c \"CREATE EXTENSION pg_trgm;\" mastodon_production" su - postgres -c "psql -c \"CREATE EXTENSION unaccent;\" mastodon_production" su - postgres -c "psql -c \"CREATE EXTENSION pgcrypto;\" mastodon_production" su - mastodon -c 'cd /opt/mastodon && export PATH="/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH" && export RAILS_ENV=production && bundle exec rails db:schema:load db:seed' fi # Création du compte admin if [ -n "$ADMIN_EMAIL" ] && [ "$ADMIN_EMAIL" != "__CHANGE_ME__" ] && \ [ -n "$ADMIN_PASSWORD" ] && [ "$ADMIN_PASSWORD" != "__CHANGE_ME__" ]; then echo " Creation du compte admin..." su - mastodon -c "cd /opt/mastodon && export PATH='/usr/local/rbenv/shims:/usr/local/rbenv/bin:$PATH' && export RAILS_ENV=production && bundle exec tootctl accounts create admin --email '$ADMIN_EMAIL' --password '$ADMIN_PASSWORD' --confirmed --role Owner" || true fi echo " DB OK." # --------------------------------------------------------------------------- # 8. Arret propre de PostgreSQL avant Supervisor # --------------------------------------------------------------------------- echo "[8/8] Arret de PostgreSQL temporaire..." su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /data/postgresql stop" echo " PostgreSQL arrete." # --------------------------------------------------------------------------- # 9. Vérification finale # --------------------------------------------------------------------------- echo "[9/9] Verification des variables critiques..." MISSING=0 if [ "$LOCAL_DOMAIN" = "__CHANGE_ME__" ]; then echo " ⚠️ MASTODON_LOCAL_DOMAIN non configure !" MISSING=1 fi if [ "$ADMIN_EMAIL" = "__CHANGE_ME__" ]; then echo " ⚠️ MASTODON_ADMIN_EMAIL non configure !" MISSING=1 fi if [ "$ADMIN_PASSWORD" = "__CHANGE_ME__" ]; then echo " ⚠️ MASTODON_ADMIN_PASSWORD non configure !" MISSING=1 fi if [ $MISSING -eq 1 ]; then echo "" echo " ⚠️ DES VARIABLES SONT MANQUANTES." echo " Va dans Settings → Variables d'environnement de ton Space HF." echo "" fi # --------------------------------------------------------------------------- # 10. Lancement Supervisor # --------------------------------------------------------------------------- echo "==========================================" echo " Lancement de Supervisor..." exec supervisord -c /etc/supervisor/conf.d/supervisord.conf