feat: Smarter configuration script, add secrets env file, and improve docs (#248)

* feat: Add a smarter configurator with secrets env file This commit was made without the use of generative AI. Signed-off-by: Jacob Schlecht <dadadah@echoha.us> * fix: rename compose.override.yml on overwrite This commit was made without the use of generative AI. Signed-off-by: Jacob Schlecht <dadadah@echoha.us> * docs: Update readme to instruct on secrets.env, and add more bookmarks This commit was made without the use of generative AI. Signed-off-by: Jacob Schlecht <dadadah@echoha.us> * docs: Update readme to be a bit more brief, remove some notices. This commit was made without the use of generative AI. Signed-off-by: Jacob Schlecht <dadadah@echoha.us> --------- Signed-off-by: Jacob Schlecht <dadadah@echoha.us>
2026-03-19 17:25:17 -05:00 · 2026-03-01 11:09:41 -07:00
parent 0efbeb4f12
commit ccb3ef79e0
4 changed files with 217 additions and 66 deletions
--- a/secrets.env.example
+++ b/secrets.env.example
@@ -0,0 +1,45 @@
+# DO NOT EDIT secrets.env.example - copy it to secrets.env then edit it as
+# instructed.
+#
+# This file is for storing secrets for your Stoat instance safely. To use the
+# secrets file, copy secrets.env.example to secrets.env with the command:
+# cp secrets.env.example secrets.env
+# 
+# Secrets must be stored in .env format, and will never be overwritten by the
+# generate_config.sh script. The generate_config.sh script will first check
+# secrets.env for secrets, and if a secret exists it will use that secret. If
+# it does not exist, it will generate a new one and write it to secrets.env. If
+# generate_config.sh creates new secrets, they will be added to the end of the
+# file.
+#
+# You should only need to modify secrets.env manually once, then after that
+# generate_config.sh will manage it. If you need to add a secret, uncomment the
+# line the secret is on by removing the # and the space before the name of the
+# secret and paste the secret after the equals sign, with single quote marks
+# surrounding the secret. Example secrets are provided to demonstrate.
+#
+# This is an example secret
+VALID_SECRET_EXAMPLE='example_secret'
+#
+# This is also an example secret
+VALID_SECRET_EXAMPLE_2='This is an example secret'
+#
+# Pushd VAPID private key is the value stored in the [pushd.vapid] section of
+# Revolt.toml for the private_key line.
+# PUSHD_VAPID_PRIVATEKEY=
+#
+# Pushd VAPID public key is the value stored in the [pushd.vapid] section of
+# Revolt.toml for the public_key line.
+# PUSHD_VAPID_PUBLICKEY=
+#
+# Files encryption key is the value stored in the [files] section of
+# Revolt.toml for the encryption_key line.
+# FILES_ENCRYPTION_KEY=
+#
+# Livekit worldwide key is the value stored in the
+# [api.livekit.nodes.worldwide] section of Revolt.toml for the key line.
+# LIVEKIT_WORLDWIDE_KEY=
+#
+# Livekit worldwide secret is the value stored in the
+# [api.livekit.nodes.worldwide] section of Revolt.toml for the secret line.
+# LIVEKIT_WORLDWIDE_SECRET=