diff --git a/.gitignore b/.gitignore
index 599b52b9e..6ae21e914 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,8 @@ erl_crash.dump
# variables.
/config/*.secret.exs
/config/generated_config.exs
+/config/*.env
+
# Database setup file, some may forget to delete it
/config/setup_db.psql
diff --git a/docs/administration/CLI_tasks/release_environments.md b/docs/administration/CLI_tasks/release_environments.md
new file mode 100644
index 000000000..36ab43864
--- /dev/null
+++ b/docs/administration/CLI_tasks/release_environments.md
@@ -0,0 +1,9 @@
+# Generate release environment file
+
+```sh tab="OTP"
+ ./bin/pleroma_ctl release_env gen
+```
+
+```sh tab="From Source"
+mix pleroma.release_env gen
+```
diff --git a/docs/installation/otp_en.md b/docs/installation/otp_en.md
index e4f822d1c..338dfa7d0 100644
--- a/docs/installation/otp_en.md
+++ b/docs/installation/otp_en.md
@@ -121,6 +121,9 @@ chown -R pleroma /etc/pleroma
# Run the config generator
su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
+# Run the environment file generator.
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl release_env gen"
+
# Create the postgres database
su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
@@ -131,7 +134,7 @@ su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
# Start the instance to verify that everything is working as expected
-su pleroma -s $SHELL -lc "./bin/pleroma daemon"
+su pleroma -s $SHELL -lc "export $(cat /opt/pleroma/config/pleroma.env); ./bin/pleroma daemon"
# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
sleep 20 && curl http://localhost:4000/api/v1/instance
@@ -200,6 +203,7 @@ rc-update add pleroma
# Copy the service into a proper directory
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
+
# Start pleroma and enable it on boot
systemctl start pleroma
systemctl enable pleroma
@@ -275,4 +279,3 @@ This will create an account withe the username of 'joeuser' with the email addre
## Questions
Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.
-
diff --git a/installation/init.d/pleroma b/installation/init.d/pleroma
index 384536f7e..e908cda1b 100755
--- a/installation/init.d/pleroma
+++ b/installation/init.d/pleroma
@@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
directory=/opt/pleroma
healthcheck_delay=60
healthcheck_timer=30
+export $(cat /opt/pleroma/config/pleroma.env)
: ${pleroma_port:-4000}
diff --git a/installation/pleroma.service b/installation/pleroma.service
index 5dcbc1387..ee00a3b7a 100644
--- a/installation/pleroma.service
+++ b/installation/pleroma.service
@@ -17,6 +17,8 @@ Environment="MIX_ENV=prod"
Environment="HOME=/var/lib/pleroma"
; Path to the folder containing the Pleroma installation.
WorkingDirectory=/opt/pleroma
+; Path to the environment file. the file contains RELEASE_COOKIE and etc
+EnvironmentFile=/opt/pleroma/config/pleroma.env
; Path to the Mix binary.
ExecStart=/usr/bin/mix phx.server
diff --git a/lib/mix/tasks/pleroma/release_env.ex b/lib/mix/tasks/pleroma/release_env.ex
new file mode 100644
index 000000000..9da74ffcf
--- /dev/null
+++ b/lib/mix/tasks/pleroma/release_env.ex
@@ -0,0 +1,76 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Mix.Tasks.Pleroma.ReleaseEnv do
+ use Mix.Task
+ import Mix.Pleroma
+
+ @shortdoc "Generate Pleroma environment file."
+ @moduledoc File.read!("docs/administration/CLI_tasks/release_environments.md")
+
+ def run(["gen" | rest]) do
+ {options, [], []} =
+ OptionParser.parse(
+ rest,
+ strict: [
+ force: :boolean,
+ path: :string
+ ],
+ aliases: [
+ p: :path,
+ f: :force
+ ]
+ )
+
+ file_path =
+ get_option(
+ options,
+ :path,
+ "Environment file path",
+ "./config/pleroma.env"
+ )
+
+ env_path = Path.expand(file_path)
+
+ proceed? =
+ if File.exists?(env_path) do
+ get_option(
+ options,
+ :force,
+ "Environment file already exists. Do you want to overwrite the #{env_path} file? (y/n)",
+ "n"
+ ) === "y"
+ else
+ true
+ end
+
+ if proceed? do
+ case do_generate(env_path) do
+ {:error, reason} ->
+ shell_error(
+ File.Error.message(%{action: "write to file", reason: reason, path: env_path})
+ )
+
+ _ ->
+ shell_info("\nThe file generated: #{env_path}.\n")
+
+ shell_info("""
+ WARNING: before start pleroma app please make sure to make the file read-only and non-modifiable.
+ Example:
+ chmod 0444 #{file_path}
+ chattr +i #{file_path}
+ """)
+ end
+ else
+ shell_info("\nThe file is exist. #{env_path}.\n")
+ end
+ end
+
+ def do_generate(path) do
+ content = "RELEASE_COOKIE=#{Base.encode32(:crypto.strong_rand_bytes(32))}"
+
+ File.mkdir_p!(Path.dirname(path))
+ File.write(path, content)
+ end
+end
diff --git a/test/tasks/release_env_test.exs b/test/tasks/release_env_test.exs
new file mode 100644
index 000000000..519f1eba9
--- /dev/null
+++ b/test/tasks/release_env_test.exs
@@ -0,0 +1,30 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Mix.Tasks.Pleroma.ReleaseEnvTest do
+ use ExUnit.Case
+ import ExUnit.CaptureIO, only: [capture_io: 1]
+
+ @path "config/pleroma.test.env"
+
+ def do_clean do
+ if File.exists?(@path) do
+ File.rm_rf(@path)
+ end
+ end
+
+ setup do
+ do_clean()
+ on_exit(fn -> do_clean() end)
+ :ok
+ end
+
+ test "generate pleroma.env" do
+ assert capture_io(fn ->
+ Mix.Tasks.Pleroma.ReleaseEnv.run(["gen", "--path", @path, "--force"])
+ end) =~ "The file generated"
+
+ assert File.read!(@path) =~ "RELEASE_COOKIE="
+ end
+end