mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-08-05 05:05:17 +02:00
Base for docker secrets
Note: this currently fails at compile time
This commit is contained in:
LukeVader-IV
parent
537790c750
commit
3039306953
3 changed files with 56 additions and 15 deletions
|
|
@ -16,12 +16,14 @@ check_postgres() {
|
|||
local db_host
|
||||
local db_user
|
||||
local db_name
|
||||
local db_pass
|
||||
#local db_pass
|
||||
|
||||
db_host=$(get_env PGHOST)
|
||||
db_user=$(get_env PGUSER POSTGRES_USER)
|
||||
db_name=$(get_env PGDATABASE POSTGRES_DB)
|
||||
db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD)
|
||||
#db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD)
|
||||
db_pass=$(< /run/secrets/POSTGRES_PASSWORD)
|
||||
# NOTE: password should be handled with more care
|
||||
|
||||
PGPASSWORD="$db_pass" psql -h "$db_host" -U "$db_user" -d "$db_name" -c '\q' >/dev/null 2>&1
|
||||
}
|
||||
|
|
@ -42,7 +44,8 @@ done
|
|||
python manage.py migrate
|
||||
|
||||
# Create superuser if environment variables are set and there are no users present at all.
|
||||
if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -n "$DJANGO_ADMIN_PASSWORD" ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then
|
||||
# NOTE: unsure if this checks if a password actually exists
|
||||
if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -f /run/secrets/DJANGO-ADMIN-PASSWORD ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then
|
||||
echo "Creating superuser..."
|
||||
python manage.py shell << EOF
|
||||
from django.contrib.auth import get_user_model
|
||||
|
|
@ -56,7 +59,7 @@ if not User.objects.filter(username='$DJANGO_ADMIN_USERNAME').exists():
|
|||
superuser = User.objects.create_superuser(
|
||||
username='$DJANGO_ADMIN_USERNAME',
|
||||
email='$DJANGO_ADMIN_EMAIL',
|
||||
password='$DJANGO_ADMIN_PASSWORD'
|
||||
password='$(cat /run/secrets/DJANGO-ADMIN-PASSWORD)'
|
||||
)
|
||||
print("Superuser created successfully.")
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(__file__))
|
|||
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
|
||||
|
||||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY = getenv('SECRET_KEY')
|
||||
with open('/run/secret/DJANGO-ADMIN-PASSWORD') as fp:
|
||||
v = fp.read()
|
||||
SECRET_KEY = v.decode('base64')
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = getenv('DEBUG', 'true').lower() == 'true'
|
||||
|
|
@ -112,12 +114,16 @@ def env(*keys, default=None):
|
|||
return value
|
||||
return default
|
||||
|
||||
with open('/run/secrets/POSTGRES_PASSWORD') as fp:
|
||||
v = fp.read()
|
||||
POSTGRES_PASSWORD = v.decode('base64')
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.contrib.gis.db.backends.postgis',
|
||||
'NAME': env('PGDATABASE', 'POSTGRES_DB'),
|
||||
'USER': env('PGUSER', 'POSTGRES_USER'),
|
||||
'PASSWORD': env('PGPASSWORD', 'POSTGRES_PASSWORD'),
|
||||
'PASSWORD': POSTGRES_PASSWORD,
|
||||
'HOST': env('PGHOST', default='localhost'),
|
||||
'PORT': int(env('PGPORT', default='5432')),
|
||||
'OPTIONS': {
|
||||
|
|
@ -126,6 +132,8 @@ DATABASES = {
|
|||
}
|
||||
}
|
||||
|
||||
POSTGRES_PASSWORD = ""
|
||||
|
||||
# Internationalization
|
||||
# https://docs.djangoproject.com/en/1.7/topics/i18n/
|
||||
|
||||
|
|
@ -259,7 +267,7 @@ else:
|
|||
EMAIL_PORT = getenv('EMAIL_PORT', 587)
|
||||
EMAIL_USE_SSL = getenv('EMAIL_USE_SSL', 'false').lower() == 'true'
|
||||
EMAIL_HOST_USER = getenv('EMAIL_HOST_USER')
|
||||
EMAIL_HOST_PASSWORD = getenv('EMAIL_HOST_PASSWORD')
|
||||
EMAIL_HOST_PASSWORD = '$(< /run/secrets/EMAIL-HOST-PASSWORD)'
|
||||
DEFAULT_FROM_EMAIL = getenv('DEFAULT_FROM_EMAIL')
|
||||
|
||||
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
||||
|
|
@ -327,4 +335,6 @@ LOGGING = {
|
|||
# https://github.com/dr5hn/countries-states-cities-database/tags
|
||||
COUNTRY_REGION_JSON_VERSION = 'v2.6'
|
||||
|
||||
GOOGLE_MAPS_API_KEY = getenv('GOOGLE_MAPS_API_KEY', '')
|
||||
with open('/run/secrets/GMAPS_API_KEY') as fp:
|
||||
v = fp.read()
|
||||
GOOGLE_MAPS_API_KEY = v.decode('base64')
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ services:
|
|||
- PUBLIC_SERVER_URL=http://server:8000 # PLEASE DON'T CHANGE :) - Should be the service name of the backend with port 8000, even if you change the port in the backend service. Only change if you are using a custom more complex setup.
|
||||
- ORIGIN=${FRONTENT_URL:-http://localhost:8015}
|
||||
- BODY_SIZE_LIMIT=${BODY_SIZE_LIMIT:-Infinity}
|
||||
#- FRONTEND_PORT=${FRONTEND_PORT=:-8015}
|
||||
ports:
|
||||
- "${FRONTEND_PORT:-8015}:3000"
|
||||
depends_on:
|
||||
|
|
@ -21,31 +20,50 @@ services:
|
|||
environment:
|
||||
- POSTGRES_DB=${POSTGRES_DB:-database}
|
||||
- POSTGRES_USER=${POSTGRES_USER:-adventure}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
|
||||
#- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
|
||||
secrets:
|
||||
- POSTGRES_PASSWORD
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data/
|
||||
|
||||
server:
|
||||
#build: ./backend/
|
||||
#image: ghcr.io/seanmorley15/adventurelog-backend:latest
|
||||
image: 9f0471e8d7f872adf81dc41c9296f99fbadac01edb26e
|
||||
image: ghcr.io/seanmorley15/adventurelog-backend:latest
|
||||
container_name: adventurelog-backend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PGHOST=db
|
||||
- POSTGRES_DB=${POSTGRES_DB:-database}
|
||||
- POSTGRES_USER=${POSTGRES_USER:-adventure}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
|
||||
#- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
|
||||
- SECRET_KEY=${SECRET_KEY:-changeme123}
|
||||
- DJANGO_ADMIN_USERNAME=${DJANGO_ADMIN_USERNAME:-admin}
|
||||
- DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin}
|
||||
#- DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin}
|
||||
- DJANGO_ADMIN_EMAIL=${DJANGO_ADMIN_EMAIL:-admin@example.com}
|
||||
- PUBLIC_URL=${BACKEND_URL:-http://localhost:8016}
|
||||
- CSRF_TRUSTED_ORIGINS=${FRONTEND_URL:-http://localhost:8015},${BACKEND_URL:-http://localhost:8016}
|
||||
- DEBUG=False
|
||||
- FRONTEND_URL=${FRONTEND_URL:-http://localhost:8015} # Used for email generation. This should be the url of the frontend
|
||||
- BACKEND_PORT=${BACKEND_PORT:-8016}
|
||||
|
||||
- DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-False}
|
||||
- DISABLE_REGISTRATION_MESSAGE=${DISABLE_REGISTRATION_MESSAGE}
|
||||
- EMAIL_BACKEND=${EMAIL_BACKEND:-console}
|
||||
- EMAIL_HOST=${EMAIL_HOST}
|
||||
- EMAIL_USE_TLS=${EMAIL_USE_TLS}
|
||||
- EMAIL_PORT=${EMAIL_PORT}
|
||||
- EMAIL_USE_SSL=${EMAIL_USE_SSL}
|
||||
- EMAIL_HOST_USER=${EMAIL_HOST_USER}
|
||||
#- EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
|
||||
- DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}
|
||||
#- GOOGLE_MAPS_API_KEY=${GOOGLE_MAPS_API_KEY}
|
||||
- PUBLIC_UMAMI_SRC=${PUBLIC_UMAMI_SRC}
|
||||
- PUBLIC_UMAMI_WEBSITE_ID=${PUBLIC_UMAMI_WEBSITE_ID}
|
||||
secrets:
|
||||
- DJANGO-ADMIN-PASSWORD
|
||||
- POSTGRES_PASSWORD
|
||||
- EMAIL-HOST-PASSWORD
|
||||
- GMAPS-API-KEY
|
||||
ports:
|
||||
- "${BACKEND_PORT:-8016}:80"
|
||||
depends_on:
|
||||
|
|
@ -53,6 +71,16 @@ services:
|
|||
volumes:
|
||||
- adventurelog_media:/code/media/
|
||||
|
||||
secrets:
|
||||
GMAPS-API-KEY:
|
||||
file: gmaps-api-key.txt
|
||||
EMAIL-HOST-PASSWORD:
|
||||
file: email-host-password.txt
|
||||
DJANGO-ADMIN-PASSWORD:
|
||||
file: django-admin-password.txt
|
||||
POSTGRES_PASSWORD:
|
||||
file: postgres-password.txt
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
adventurelog_media:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue