Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-08-04 20:55:19 +02:00
Code Issues Releases Activity

Base for docker secrets

Browse source 
Note: this currently fails at compile time
This commit is contained in:
LukeVader-IV 2025-07-14 22:46:29 +02:00
parent 537790c750
commit 3039306953
No known key found for this signature in database
GPG key ID: 096E7629E34E4E51
3 changed files with 56 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

11
backend/entrypoint.sh
View file

@ -16,12 +16,14 @@ check_postgres() {
local db_host local db_host
local db_user local db_user
local db_name local db_name
local db_pass #local db_pass
db_host=$(get_env PGHOST) db_host=$(get_env PGHOST)
db_user=$(get_env PGUSER POSTGRES_USER) db_user=$(get_env PGUSER POSTGRES_USER)
db_name=$(get_env PGDATABASE POSTGRES_DB) db_name=$(get_env PGDATABASE POSTGRES_DB)
db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD) #db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD)
db_pass=$(< /run/secrets/POSTGRES_PASSWORD)
# NOTE: password should be handled with more care
PGPASSWORD="$db_pass" psql -h "$db_host" -U "$db_user" -d "$db_name" -c '\q' >/dev/null 2>&1 PGPASSWORD="$db_pass" psql -h "$db_host" -U "$db_user" -d "$db_name" -c '\q' >/dev/null 2>&1
} }
@ -42,7 +44,8 @@ done
python manage.py migrate python manage.py migrate
# Create superuser if environment variables are set and there are no users present at all. # Create superuser if environment variables are set and there are no users present at all.
if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -n "$DJANGO_ADMIN_PASSWORD" ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then # NOTE: unsure if this checks if a password actually exists
if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -f /run/secrets/DJANGO-ADMIN-PASSWORD ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then
echo "Creating superuser..." echo "Creating superuser..."
python manage.py shell << EOF python manage.py shell << EOF
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
@ -56,7 +59,7 @@ if not User.objects.filter(username='$DJANGO_ADMIN_USERNAME').exists():
superuser = User.objects.create_superuser( superuser = User.objects.create_superuser(
username='$DJANGO_ADMIN_USERNAME', username='$DJANGO_ADMIN_USERNAME',
email='$DJANGO_ADMIN_EMAIL', email='$DJANGO_ADMIN_EMAIL',
password='$DJANGO_ADMIN_PASSWORD' password='$(cat /run/secrets/DJANGO-ADMIN-PASSWORD)'
) )
print("Superuser created successfully.") print("Superuser created successfully.")

18
backend/server/main/settings.py
View file

@ -24,7 +24,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(__file__))
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = getenv('SECRET_KEY') with open('/run/secret/DJANGO-ADMIN-PASSWORD') as fp:
v = fp.read()
SECRET_KEY = v.decode('base64')
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = getenv('DEBUG', 'true').lower() == 'true' DEBUG = getenv('DEBUG', 'true').lower() == 'true'
@ -112,12 +114,16 @@ def env(*keys, default=None):
return value return value
return default return default
with open('/run/secrets/POSTGRES_PASSWORD') as fp:
v = fp.read()
POSTGRES_PASSWORD = v.decode('base64')
DATABASES = { DATABASES = {
'default': { 'default': {
'ENGINE': 'django.contrib.gis.db.backends.postgis', 'ENGINE': 'django.contrib.gis.db.backends.postgis',
'NAME': env('PGDATABASE', 'POSTGRES_DB'), 'NAME': env('PGDATABASE', 'POSTGRES_DB'),
'USER': env('PGUSER', 'POSTGRES_USER'), 'USER': env('PGUSER', 'POSTGRES_USER'),
'PASSWORD': env('PGPASSWORD', 'POSTGRES_PASSWORD'), 'PASSWORD': POSTGRES_PASSWORD,
'HOST': env('PGHOST', default='localhost'), 'HOST': env('PGHOST', default='localhost'),
'PORT': int(env('PGPORT', default='5432')), 'PORT': int(env('PGPORT', default='5432')),
'OPTIONS': { 'OPTIONS': {
@ -126,6 +132,8 @@ DATABASES = {
} }
} }
POSTGRES_PASSWORD = ""
# Internationalization # Internationalization
# https://docs.djangoproject.com/en/1.7/topics/i18n/ # https://docs.djangoproject.com/en/1.7/topics/i18n/
@ -259,7 +267,7 @@ else:
EMAIL_PORT = getenv('EMAIL_PORT', 587) EMAIL_PORT = getenv('EMAIL_PORT', 587)
EMAIL_USE_SSL = getenv('EMAIL_USE_SSL', 'false').lower() == 'true' EMAIL_USE_SSL = getenv('EMAIL_USE_SSL', 'false').lower() == 'true'
EMAIL_HOST_USER = getenv('EMAIL_HOST_USER') EMAIL_HOST_USER = getenv('EMAIL_HOST_USER')
EMAIL_HOST_PASSWORD = getenv('EMAIL_HOST_PASSWORD') EMAIL_HOST_PASSWORD = '$(< /run/secrets/EMAIL-HOST-PASSWORD)'
DEFAULT_FROM_EMAIL = getenv('DEFAULT_FROM_EMAIL') DEFAULT_FROM_EMAIL = getenv('DEFAULT_FROM_EMAIL')
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' # EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
@ -327,4 +335,6 @@ LOGGING = {
# https://github.com/dr5hn/countries-states-cities-database/tags # https://github.com/dr5hn/countries-states-cities-database/tags
COUNTRY_REGION_JSON_VERSION = 'v2.6' COUNTRY_REGION_JSON_VERSION = 'v2.6'
GOOGLE_MAPS_API_KEY = getenv('GOOGLE_MAPS_API_KEY', '') with open('/run/secrets/GMAPS_API_KEY') as fp:
v = fp.read()
GOOGLE_MAPS_API_KEY = v.decode('base64')

42
docker-compose.yml
View file

@ -8,7 +8,6 @@ services:
- PUBLIC_SERVER_URL=http://server:8000 # PLEASE DON'T CHANGE :) - Should be the service name of the backend with port 8000, even if you change the port in the backend service. Only change if you are using a custom more complex setup. - PUBLIC_SERVER_URL=http://server:8000 # PLEASE DON'T CHANGE :) - Should be the service name of the backend with port 8000, even if you change the port in the backend service. Only change if you are using a custom more complex setup.
- ORIGIN=${FRONTENT_URL:-http://localhost:8015} - ORIGIN=${FRONTENT_URL:-http://localhost:8015}
- BODY_SIZE_LIMIT=${BODY_SIZE_LIMIT:-Infinity} - BODY_SIZE_LIMIT=${BODY_SIZE_LIMIT:-Infinity}
#- FRONTEND_PORT=${FRONTEND_PORT=:-8015}
ports: ports:
- "${FRONTEND_PORT:-8015}:3000" - "${FRONTEND_PORT:-8015}:3000"
depends_on: depends_on:
@ -21,31 +20,50 @@ services:
environment: environment:
- POSTGRES_DB=${POSTGRES_DB:-database} - POSTGRES_DB=${POSTGRES_DB:-database}
- POSTGRES_USER=${POSTGRES_USER:-adventure} - POSTGRES_USER=${POSTGRES_USER:-adventure}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123} #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
- POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
secrets:
- POSTGRES_PASSWORD
volumes: volumes:
- postgres_data:/var/lib/postgresql/data/ - postgres_data:/var/lib/postgresql/data/
server: server:
#build: ./backend/ #build: ./backend/
#image: ghcr.io/seanmorley15/adventurelog-backend:latest image: ghcr.io/seanmorley15/adventurelog-backend:latest
image: 9f0471e8d7f872adf81dc41c9296f99fbadac01edb26e
container_name: adventurelog-backend container_name: adventurelog-backend
restart: unless-stopped restart: unless-stopped
environment: environment:
- PGHOST=db - PGHOST=db
- POSTGRES_DB=${POSTGRES_DB:-database} - POSTGRES_DB=${POSTGRES_DB:-database}
- POSTGRES_USER=${POSTGRES_USER:-adventure} - POSTGRES_USER=${POSTGRES_USER:-adventure}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123} #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
- SECRET_KEY=${SECRET_KEY:-changeme123} - SECRET_KEY=${SECRET_KEY:-changeme123}
- DJANGO_ADMIN_USERNAME=${DJANGO_ADMIN_USERNAME:-admin} - DJANGO_ADMIN_USERNAME=${DJANGO_ADMIN_USERNAME:-admin}
- DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin} #- DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin}
- DJANGO_ADMIN_EMAIL=${DJANGO_ADMIN_EMAIL:-admin@example.com} - DJANGO_ADMIN_EMAIL=${DJANGO_ADMIN_EMAIL:-admin@example.com}
- PUBLIC_URL=${BACKEND_URL:-http://localhost:8016} - PUBLIC_URL=${BACKEND_URL:-http://localhost:8016}
- CSRF_TRUSTED_ORIGINS=${FRONTEND_URL:-http://localhost:8015},${BACKEND_URL:-http://localhost:8016} - CSRF_TRUSTED_ORIGINS=${FRONTEND_URL:-http://localhost:8015},${BACKEND_URL:-http://localhost:8016}
- DEBUG=False - DEBUG=False
- FRONTEND_URL=${FRONTEND_URL:-http://localhost:8015} # Used for email generation. This should be the url of the frontend - FRONTEND_URL=${FRONTEND_URL:-http://localhost:8015} # Used for email generation. This should be the url of the frontend
- BACKEND_PORT=${BACKEND_PORT:-8016} - BACKEND_PORT=${BACKEND_PORT:-8016}
- DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-False}
- DISABLE_REGISTRATION_MESSAGE=${DISABLE_REGISTRATION_MESSAGE}
- EMAIL_BACKEND=${EMAIL_BACKEND:-console}
- EMAIL_HOST=${EMAIL_HOST}
- EMAIL_USE_TLS=${EMAIL_USE_TLS}
- EMAIL_PORT=${EMAIL_PORT}
- EMAIL_USE_SSL=${EMAIL_USE_SSL}
- EMAIL_HOST_USER=${EMAIL_HOST_USER}
#- EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
- DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}
#- GOOGLE_MAPS_API_KEY=${GOOGLE_MAPS_API_KEY}
- PUBLIC_UMAMI_SRC=${PUBLIC_UMAMI_SRC}
- PUBLIC_UMAMI_WEBSITE_ID=${PUBLIC_UMAMI_WEBSITE_ID}
secrets:
- DJANGO-ADMIN-PASSWORD
- POSTGRES_PASSWORD
- EMAIL-HOST-PASSWORD
- GMAPS-API-KEY
ports: ports:
- "${BACKEND_PORT:-8016}:80" - "${BACKEND_PORT:-8016}:80"
depends_on: depends_on:
@ -53,6 +71,16 @@ services:
volumes: volumes:
- adventurelog_media:/code/media/ - adventurelog_media:/code/media/
secrets:
GMAPS-API-KEY:
file: gmaps-api-key.txt
EMAIL-HOST-PASSWORD:
file: email-host-password.txt
DJANGO-ADMIN-PASSWORD:
file: django-admin-password.txt
POSTGRES_PASSWORD:
file: postgres-password.txt
volumes: volumes:
postgres_data: postgres_data:
adventurelog_media: adventurelog_media: