From f8e9ab2482d9c7f26bb6b959404ad2f065cf1b41 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Fri, 9 Jul 2021 23:27:41 +0200
Subject: [PATCH 01/10] Initial attempt at Docker

---
 .drone.yml         | 14 ++++++++++++++
 Dockerfile         | 26 ++++++++++++++++++++++++++
 docker-compose.yml | 26 ++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 .drone.yml
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..a487bc8
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,14 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: latest
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..9b7af19
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,26 @@
+FROM python:3.8-alpine
+
+RUN apk add gettext git gcc python3-dev musl-dev \
+    libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
+    --virtual .build-dependencies
+
+RUN mkdir /code
+WORKDIR /code
+COPY Pipfile Pipfile.lock /code/
+
+RUN pip install pipenv setuptools wheel cppy
+
+RUN pipenv install --system --deploy --verbose
+
+RUN apk del .build-dependencies \
+ && rm -rf /var/cache/apk/* /tmp/*
+
+RUN apk add --no-cache libpq libstdc++ libjpeg
+
+COPY . /code/
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /code
+
+EXPOSE 5000
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ac5946e
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,26 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/code"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+  db:
+    image: "postgres:9.6.5"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres:
-- 
2.40.1


From 5cd512603964cb49f696ac28f7af50466e68d66d Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Sat, 10 Jul 2021 14:23:33 +0200
Subject: [PATCH 02/10] Multi-stage build oh my!

---
 Dockerfile         | 28 +++++++++++++++++-----------
 docker-compose.yml |  2 +-
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9b7af19..0bfea76 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,26 +1,32 @@
-FROM python:3.8-alpine
+FROM python:3.8-alpine as build
 
 RUN apk add gettext git gcc python3-dev musl-dev \
     libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
     --virtual .build-dependencies
 
-RUN mkdir /code
-WORKDIR /code
-COPY Pipfile Pipfile.lock /code/
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
 
-RUN pip install pipenv setuptools wheel cppy
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
 
-RUN pipenv install --system --deploy --verbose
-
-RUN apk del .build-dependencies \
- && rm -rf /var/cache/apk/* /tmp/*
+FROM python:3.8-alpine
 
 RUN apk add --no-cache libpq libstdc++ libjpeg
 
-COPY . /code/
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
 
 CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
 
-VOLUME /code
+VOLUME /app/code
 
 EXPOSE 5000
diff --git a/docker-compose.yml b/docker-compose.yml
index ac5946e..11b546b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     image: 3wordchant/capsul-flask:latest
     build: .
     volumes:
-      - "./:/code"
+      - "./:/app/code"
     depends_on:
       - db
     ports:
-- 
2.40.1


From e4180b83061ab9afb034b056a0649ae0c6eb5479 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Sun, 11 Jul 2021 12:36:10 +0200
Subject: [PATCH 03/10] Use Flask server in development

---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 11b546b..ad93bde 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,9 @@ services:
       - "5000:5000"
     environment:
       - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
   db:
     image: "postgres:9.6.5"
     volumes:
-- 
2.40.1


From e295b4420c762269814986f106e5c9a528223dfb Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Wed, 14 Jul 2021 00:35:26 +0200
Subject: [PATCH 04/10] Docker updates for libvirtd

---
 Dockerfile         | 2 +-
 docker-compose.yml | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0bfea76..62e0e7d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,7 +17,7 @@ RUN pipenv install --deploy --verbose
 
 FROM python:3.8-alpine
 
-RUN apk add --no-cache libpq libstdc++ libjpeg
+RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client cloud-utils
 
 COPY . /app/code/
 WORKDIR /app/code
diff --git a/docker-compose.yml b/docker-compose.yml
index ad93bde..cd91ab5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,15 +7,24 @@ services:
     build: .
     volumes:
       - "./:/app/code"
+      - "../tank:/tank"
+      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
     depends_on:
       - db
     ports:
       - "5000:5000"
     environment:
       - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
     # The image uses gunicorn by default, let's override it with Flask's
     # built-in development server
     command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+    devices:
+      - "/dev/kvm:/dev/kvm"
   db:
     image: "postgres:9.6.5"
     volumes:
-- 
2.40.1


From 5367822747f9da57d187cd5741b3d29345ecca74 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Mon, 19 Jul 2021 00:24:22 +0200
Subject: [PATCH 05/10] Load secrets from files if _FILE vars are set

---
 capsulflask/__init__.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/capsulflask/__init__.py b/capsulflask/__init__.py
index 55643bb..8a7d091 100644
--- a/capsulflask/__init__.py
+++ b/capsulflask/__init__.py
@@ -26,8 +26,24 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_PUBLISHABLE_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE", False)
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(
-- 
2.40.1


From c378c2b287b59ebaa81705dfbe99468b20ed4f2a Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Mon, 19 Jul 2021 01:17:18 +0200
Subject: [PATCH 06/10] STRIPE_SECRET_KEY not STRIPE_PUBLISHABLE_KEY

---
 capsulflask/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/capsulflask/__init__.py b/capsulflask/__init__.py
index 8a7d091..1d074c2 100644
--- a/capsulflask/__init__.py
+++ b/capsulflask/__init__.py
@@ -30,7 +30,7 @@ class StdoutMockFlaskMail:
 load_dotenv(find_dotenv())
 
 for var_name in [
-  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_PUBLISHABLE_KEY",
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
   "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
 ]:
   var = os.environ.get(f"{var_name}_FILE", False)
-- 
2.40.1


From 308ac05fe66ddaeac4e4725cd7711b976981a6f3 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Tue, 20 Jul 2021 01:52:17 +0200
Subject: [PATCH 07/10] Add openssh-cient to Dockerfile for ssh-keyscan

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 62e0e7d..4d74449 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,7 +17,8 @@ RUN pipenv install --deploy --verbose
 
 FROM python:3.8-alpine
 
-RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client cloud-utils
+RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \
+    cloud-utils openssh-client
 
 COPY . /app/code/
 WORKDIR /app/code
-- 
2.40.1


From 67149f437a25a90a28af511604a5cc670e16ae8d Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Tue, 20 Jul 2021 23:48:23 +0200
Subject: [PATCH 08/10] Changes from @decentral1se code review

---
 Dockerfile              | 25 ++++++++++++++++++++-----
 capsulflask/__init__.py |  2 +-
 docker-compose.yml      |  2 +-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4d74449..e148126 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,17 @@
 FROM python:3.8-alpine as build
 
-RUN apk add gettext git gcc python3-dev musl-dev \
-    libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
-    --virtual .build-dependencies
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
 
 RUN mkdir -p /app/{code,venv}
 WORKDIR /app/code
@@ -17,8 +26,14 @@ RUN pipenv install --deploy --verbose
 
 FROM python:3.8-alpine
 
-RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \
-    cloud-utils openssh-client
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
 
 COPY . /app/code/
 WORKDIR /app/code
diff --git a/capsulflask/__init__.py b/capsulflask/__init__.py
index 1d074c2..2f15aa7 100644
--- a/capsulflask/__init__.py
+++ b/capsulflask/__init__.py
@@ -33,7 +33,7 @@ for var_name in [
   "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
   "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
 ]:
-  var = os.environ.get(f"{var_name}_FILE", False)
+  var = os.environ.get(f"{var_name}_FILE")
   if not var:
     continue
 
diff --git a/docker-compose.yml b/docker-compose.yml
index cd91ab5..d11c257 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,7 +26,7 @@ services:
     devices:
       - "/dev/kvm:/dev/kvm"
   db:
-    image: "postgres:9.6.5"
+    image: "postgres:9.6.5-alpine"
     volumes:
       - "postgres:/var/lib/postgresql/data"
     environment:
-- 
2.40.1


From 13646e64da2fe8f49a8a84040e69a7365e791ded Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Wed, 21 Jul 2021 11:38:01 +0200
Subject: [PATCH 09/10] Make docker-compose file less demanding

---
 docker-compose.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d11c257..8a62470 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,7 @@ services:
     volumes:
       - "./:/app/code"
       - "../tank:/tank"
-      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+      # - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
     depends_on:
       - db
     ports:
@@ -23,8 +23,6 @@ services:
     # The image uses gunicorn by default, let's override it with Flask's
     # built-in development server
     command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
-    devices:
-      - "/dev/kvm:/dev/kvm"
   db:
     image: "postgres:9.6.5-alpine"
     volumes:
-- 
2.40.1


From 982556a2c50c887d51c567ad665c376d3eb334a5 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.cyberia@doesthisthing.work>
Date: Thu, 22 Jul 2021 00:28:33 +0200
Subject: [PATCH 10/10] Tag with current branch, instead of `latest`

---
 .drone.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index a487bc8..88fa8ac 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -10,5 +10,4 @@ steps:
       password:
         from_secret: docker_reg_passwd_3wc
       repo: 3wordchant/capsul-flask
-      tags: latest
-
+      tags: ${DRONE_COMMIT_BRANCH}
-- 
2.40.1