capsul-flask/docs/configuration.md
3wc 0574d58a7c
All checks were successful
continuous-integration/drone/push Build is passing
Tidying; add .env.sample
2021-08-16 02:28:28 +02:00

2.6 KiB
Raw Blame History

Configuring Capsul-Flask

Create a .env file to set up the application configuration:

cp .env.sample .env
nano .env

You can enter any environment variables referenced in __init__.py to this file.

For example you may enter your SMTP credentials like this:

MAIL_USERNAME=forest@nullhex.com
MAIL_DEFAULT_SENDER=forest@nullhex.com
MAIL_PASSWORD=**************

Example configuration from capsul.org (production):

#LOG_LEVEL=DEBUG

BASE_URL="https://capsul.org"

# hub url is used by the SPOKE_MODE to contact the hub. Since this server is the hub,
# this is fine. In fact it runs into problems (routing related?) when I set it to capsul.org.
# similarly the baikal "spoke" (set up in the hosts table in the db) has "http://localhost:5000" as the https_url
HUB_URL="http://localhost:5000"

HUB_MODE_ENABLED="t"
SPOKE_MODE_ENABLED="t"
HUB_MODEL="capsul-flask"
SPOKE_MODEL="shell-scripts"
SPOKE_HOST_ID="baikal"
SPOKE_HOST_TOKEN="<redacted>"
HUB_TOKEN="<redacted>"

# smtp.. see https://flask-mail.readthedocs.io/en/latest/#configuring-flask-mail
MAIL_SERVER="smtp.nullhex.com"

# MAIL_USE_SSL means SMTP with STARTTLS
MAIL_USE_SSL=true

# MAIL_USE_TLS means SMTP wrapped in TLS
MAIL_USE_TLS=false

MAIL_PORT="465"
MAIL_USERNAME="capsul@nullhex.com"
MAIL_PASSWORD="<redacted>"
MAIL_DEFAULT_SENDER="capsul@nullhex.com"

# stripe
STRIPE_SECRET_KEY="sk_live_<redacted>"
STRIPE_PUBLISHABLE_KEY="pk_live_tGDHY7kBwqC71b4F0N7LZdGl00GZOw0iNJ"

# internal
SECRET_KEY="<redacted>"
POSTGRES_CONNECTION_PARAMETERS="sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=postgres.cyberia.club port=5432 ...<redacted>"


# btcpay server
BTCPAY_URL="https://beeteeceepae2.cyberia.club"
BTCPAY_PRIVATE_KEY='-----BEGIN EC PRIVATE KEY-----\n<redacted>\n-----END EC PRIVATE KEY-----'

Configuration-type-stuff that lives in the database

  • hosts table:
    • id (corresponds to SPOKE_HOST_ID in the config)
    • https_url
    • token (corresponds to SPOKE_HOST_TOKEN in the config)
  • os_images table:
    • id
    • template_image_file_name
    • description
    • deprecated
  • vm_sizes table:
    • id
    • dollars_per_month
    • memory_mb
    • vcpus
    • bandwidth_gb_per_month

Loading variables from files (docker secrets)

To support Docker Secrets, you can also load secret values from files for example, to load MAIL_PASSWORD from /run/secrets/mail_password, set

MAIL_PASSWORD_FILE=/run/secrets/mail_password