From 5d761fdbc4c78130ad833abfd6841b3d3a51bcd9 Mon Sep 17 00:00:00 2001 From: Livvy Mackintosh Date: Sun, 21 May 2017 01:52:01 +0200 Subject: [PATCH] Detach environment variables from docker-compose.yml --- bin/mixin-secrets | 14 ++++++- docker-compose.yml | 77 +++++++++++++++++++++++++++++++++++++ docker-compose.yml.template | 73 ----------------------------------- environment.template | 71 ++++++++++++++++++++++++++++++++++ 4 files changed, 160 insertions(+), 75 deletions(-) create mode 100644 docker-compose.yml delete mode 100644 docker-compose.yml.template create mode 100644 environment.template diff --git a/bin/mixin-secrets b/bin/mixin-secrets index 4b2e639..aae1d87 100755 --- a/bin/mixin-secrets +++ b/bin/mixin-secrets @@ -6,7 +6,8 @@ # Olivia Mackintosh THISDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) -TEMPLATE=${THISDIR}/../docker-compose.yml.template +TEMPLATE=${THISDIR}/../environment.template +TARGET=${THISDIR}/../environment if [ -z "$DATABASE_PASSWORD" ]; then echo "Error: Please set \$DATABASE_PASSWORD" @@ -18,4 +19,13 @@ if [ -z "$SMTP_PASSWORD" ]; then exit 1 fi -envsubst < $TEMPLATE | cat - +if [ -z "$SECRET_KEY" ]; then + echo "Error: Please set \$SECRET_KEY" + exit 1 +fi + +# Make sure only root can access and then +# sub in the environment variables. +sudo chown root:root $TARGET +sudo chmod 660 $TARGET +envsubst < $TEMPLATE | sudo tee $TARGET diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..592dec6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,77 @@ +version: "3" +services: + map: + build: . + links: + - db:db + - cache:cache + volumes: + - /containers/map/static:/app/static + - /containers/map/gunicorn.sock:/app/gunicorn.sock + env_file: + - ./environment + command: /bin/sh -c "python3 manage.py migrate && python3 manage.py collectstatic --noinput && gunicorn --bind 0.0.0.0:8000 ojusomap.wsgi" + + db: + image: mdillon/postgis:9.6-alpine + volumes: + - /containers/db:/var/lib/postgresql/data + - ./support/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + ports: + - "127.0.0.1:5432:5432" + env_file: + - ./environment + + web: + image: nginx:alpine + volumes: + - ./support/nginx/nginx.template:/etc/nginx/conf.d/nginx.template + - ./support/nginx/directives:/etc/nginx/directives + - /containers/tls/acme:/web/acme + - /containers/tls/certs:/web/certs + - /var/discourse/shared/standalone/nginx.http.sock:/web/run/discourse.sock + - /containers/map/gunicorn.sock:/web/run/gunicorn.sock + - /containers/map/static:/web/static + - weblate-data:/web/weblate/data:ro + ports: + - "80:80" + - "443:443" + links: + - forum:forum + - map:map + - weblate:weblate + env_file: + - ./environment + command: /bin/sh -c "cat /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" + + forum: + image: local_discourse/app + restart: always + hostname: discourse + env_file: + - ./environment + volumes: + - /var/discourse/shared/standalone:/shared + - /var/discourse/shared/standalone/log/var-log:/var/log + command: /sbin/boot + + weblate: + image: weblate/weblate + links: + - db:database + - cache + volumes: + - weblate-data:/app/data + env_file: + - ./environment + environment: + - "POSTGRES_USER=weblate" + - "POSTGRES_DATABASE=weblate" + restart: always + + cache: + image: memcached:1.4 + restart: always + +volumes: + weblate-data: diff --git a/docker-compose.yml.template b/docker-compose.yml.template deleted file mode 100644 index dc763f1..0000000 --- a/docker-compose.yml.template +++ /dev/null @@ -1,73 +0,0 @@ -map: - build: . - links: - - db:db - volumes: - - /containers/map/static:/app/static - - /containers/map/gunicorn.sock:/app/gunicorn.sock - environment: - - "DEBUG=0" - - "ALLOWED_HOSTS=map.ojuso.org" - - "DATABASE_HOST=db" - - "DATABASE_NAME=postgres" - - "DATABASE_PASSWORD=${DATABASE_PASSWORD}" - - "EMAIL_HOST=mail.gandi.net" - - "EMAIL_HOST_USER=admin@ojuso.org" - - "EMAIL_HOST_PASSWORD=${SMTP_PASSWORD}" - - "EMAIL_PORT=587" - - "EMAIL_USE_TLS=1" - - "SERVER_EMAIL=Ojuso Platform Notification " - command: /bin/sh -c "python3 manage.py migrate && python3 manage.py collectstatic --noinput && gunicorn --bind 0.0.0.0:8000 ojusomap.wsgi" - -db: - image: mdillon/postgis:9.6-alpine - volumes: - - /containers/db:/var/lib/postgresql/data - environment: - - "POSTGRES_PASSWORD=${DATABASE_PASSWORD}" - -web: - image: nginx:alpine - volumes: - - ./support/nginx/nginx.template:/etc/nginx/conf.d/nginx.template - - ./support/nginx/directives:/etc/nginx/directives - - /containers/tls/acme:/web/acme - - /containers/tls/certs:/web/certs - - /var/discourse/shared/standalone/nginx.http.sock:/web/run/discourse.sock - - /containers/map/gunicorn.sock:/web/run/gunicorn.sock - - /containers/map/static:/web/static - ports: - - "80:80" - - "443:443" - links: - - forum:forum - - map:map - environment: - - "NGINX_ROOT=/web/static/" - command: /bin/sh -c "cat /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" - -forum: - image: local_discourse/app - restart: always - hostname: discourse - environment: - - "DISCOURSE_DB_SOCKET=/var/run/postgresql" - - "DISCOURSE_DEVELOPER_EMAILS=admin@ojuso.org" - - "DISCOURSE_HOSTNAME=forum.ojuso.org" - - "DISCOURSE_SMTP_ADDRESS=mail.gandi.net" - - "DISCOURSE_SMTP_PASSWORD=${SMTP_PASSWORD}" - - "DISCOURSE_SMTP_PORT=587" - - "DISCOURSE_SMTP_USER_NAME=admin@ojuso.org" - - "DOCKER_HOST_IP=172.17.0.1" - - "LANG=en_US.UTF-8" - - "RAILS_ENV=production" - - "RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000" - - "RUBY_GC_HEAP_INIT_SLOTS=400000" - - "RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5" - - "RUBY_GLOBAL_METHOD_CACHE_SIZE=131072" - - "UNICORN_SIDEKIQS=1" - - "UNICORN_WORKERS=4" - volumes: - - /var/discourse/shared/standalone:/shared - - /var/discourse/shared/standalone/log/var-log:/var/log - command: /sbin/boot diff --git a/environment.template b/environment.template new file mode 100644 index 0000000..38d44a2 --- /dev/null +++ b/environment.template @@ -0,0 +1,71 @@ +# Django Configuration +DEBUG=0 +ALLOWED_HOSTS=map.ojuso.org +DATABASE_HOST=db +DATABASE_NAME=postgres +DATABASE_PASSWORD=${DATABASE_PASSWORD} +EMAIL_HOST=mail.gandi.net +EMAIL_HOST_USER=admin@ojuso.org +EMAIL_HOST_PASSWORD=${SMTP_PASSWORD} +EMAIL_PORT=587 +EMAIL_USE_TLS=1 +SECRET_KEY=${SECRET_KEY} +SERVER_EMAIL=Ojuso Platform Notification + +# Postgres Database Setup +POSTGRES_USER=postgres +POSTGRES_PASSWORD=${DATABASE_PASSWORD} + +# Discourse Configuration +DISCOURSE_DB_SOCKET=/var/run/postgresql +DISCOURSE_DEVELOPER_EMAILS=admin@ojuso.org +DISCOURSE_HOSTNAME=forum.ojuso.org +DISCOURSE_SMTP_ADDRESS=mail.gandi.net +DISCOURSE_SMTP_PASSWORD=${SMTP_PASSWORD} +DISCOURSE_SMTP_PORT=587 +DISCOURSE_SMTP_USER_NAME=admin@ojuso.org +DOCKER_HOST_IP=172.17.0.1 +LANG=en_US.UTF-8 +RAILS_ENV=production +RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000 +RUBY_GC_HEAP_INIT_SLOTS=400000 +RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5 +RUBY_GLOBAL_METHOD_CACHE_SIZE=131072 +UNICORN_SIDEKIQS=1 +UNICORN_WORKERS=4 + +# Weblate setup +WEBLATE_DEBUG=1 +WEBLATE_LOGLEVEL=DEBUG +WEBLATE_SITE_TITLE=Ojuso Weblate +WEBLATE_ADMIN_NAME=Weblate Admin +WEBLATE_ADMIN_EMAIL=noreply@ojuso.org +WEBLATE_ADMIN_PASSWORD= +WEBLATE_SERVER_EMAIL=noreply@ojuso.org +WEBLATE_DEFAULT_FROM_EMAIL=noreply@ojuso.org +WEBLATE_ALLOWED_HOSTS=* +WEBLATE_REGISTRATION_OPEN=1 + +# Extra +#WEBLATE_TIME_ZONE= +#WEBLATE_MT_GOOGLE_KEY= +#WEBLATE_SOCIAL_AUTH_GITHUB_KEY= +#WEBLATE_SOCIAL_AUTH_GITHUB_SECRET= +#WEBLATE_SOCIAL_AUTH_BITBUCKET_KEY= +#WEBLATE_SOCIAL_AUTH_BITBUCKET_SECRET= +#WEBLATE_SOCIAL_AUTH_FACEBOOK_KEY= +#WEBLATE_SOCIAL_AUTH_FACEBOOK_SECRET= +#WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY= +#WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET= + +#WEBLATE_OFFLOAD_INDEXING=1 +#WEBLATE_GOOGLE_ANALYTICS_ID= +#WEBLATE_ENABLE_HTTPS=1 +#WEBLATE_REQUIRE_LOGIN=1 + +# Mail server, the server has to listen on port 587 and understand TLS +WEBLATE_EMAIL_HOST=mail.gandi.net +# Do NOT use quotes here +WEBLATE_EMAIL_USER=admin@ojuso.org +# Do NOT use quotes here +WEBLATE_EMAIL_PASSWORD=${SMTP_PASSWORD}