From 090ac1eec8f60cf400db7f59f0240ec5e100a43f Mon Sep 17 00:00:00 2001
From: girst <tobi@isticktoit.net>
Date: Fri, 15 Oct 2021 05:23:16 +0200
Subject: [PATCH] makefile: automatically generate hmac secrets for config.ini

---
 INSTALL.md | 16 +++++++---------
 Makefile   |  5 ++++-
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index 4d7887a..9eed224 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -8,17 +8,15 @@ Execute `sudo make install`. This will do the following:
 - install the software in `/opt/yt/app`
 - copy config files to `/etc/yt`
 
-You are then expected to edit `/etc/yt/config.ini`:
+You are then expected to edit `/etc/yt/config.ini` and set `[webhooks]` ->
+`public_uri` to the domain (and port) you're running this on. Feel free to
+change the `welcome_message` or disable unneeded `modules`.
 
-- generate a `[frontend] secret_key`
-- optionally disable some modules (like `proxy` or `reddit`) in `[frontend] modules`
-- set `[webhooks] public_uri` and `[webhooks] hmac_key`
+By default, the web frontend will run unencrypted on port 8080; this can be
+changed in `/etc/yt/gunicorn-frontend-config.py`. Alternatively, run it from
+behind a reverse-proxy.
 
-You might also want to look into `/etc/yt/gunicorn-frontend-config.py` to set
-port and/or https config, as well as configure log files. By default, the
-frontend will run on port 8080.
-
-Finally, run `sudo make finish` to enable the systemd units and start
+Finally, run `sudo make finish` to enable and start the systemd units and start
 populating the guest feed.
 
 A user `admin` is created, with the password `admin`. You should change that!
diff --git a/Makefile b/Makefile
index f04e11b..8f36ef5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: all install config
+.PHONY: all install finish
 
 all:
 	@echo 'issue "sudo make install" to install subscriptionfeed'
@@ -18,6 +18,9 @@ install:
 	sqlite3 /opt/yt/subscriptions.sqlite < config/guest.sql
 	# admin user with default password -- must be changed on first login!
 	./config/create-admin.sh /opt/yt/subscriptions.sqlite
+	# automatically generate hmac secret keys for config.ini:
+	sed -i -e '/^secret_key/s@$$@'"`head -c32 /dev/urandom | base64`"'@' -e '/^hmac_key/s@x$$@'"`tr -dc '[:print:]' </dev/urandom|tr -d @ | head -c 32`"'@' /etc/yt/config.ini
+	#
 	@echo '###################################################################'
 	@echo '# installation finished!                                          #'
 	@echo '# edit /etc/yt/config.ini and /etc/yt/gunicorn-frontend-config.py #'
-- 
2.39.3