Detach environment variables from docker-compose.yml

bin/mixin-secrets

@@ -6,7 +6,8 @@
 # Olivia Mackintosh <livvy@base.nu>
 
 THISDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-TEMPLATE=${THISDIR}/../docker-compose.yml.template
+TEMPLATE=${THISDIR}/../environment.template
+TARGET=${THISDIR}/../environment
 
 if [ -z "$DATABASE_PASSWORD" ]; then
     echo "Error: Please set \$DATABASE_PASSWORD"
@@ -18,4 +19,13 @@ if [ -z "$SMTP_PASSWORD" ]; then
     exit 1
 fi
 
-envsubst < $TEMPLATE | cat -
+if [ -z "$SECRET_KEY" ]; then
+    echo "Error: Please set \$SECRET_KEY"
+    exit 1
+fi
+
+# Make sure only root can access and then
+# sub in the environment variables.
+sudo chown root:root $TARGET
+sudo chmod 660       $TARGET
+envsubst < $TEMPLATE | sudo tee $TARGET

docker-compose.yml

@@ -0,0 +1,77 @@
+version: "3"
+services:
+  map:
+    build: .
+    links:
+      - db:db
+      - cache:cache
+    volumes:
+      - /containers/map/static:/app/static
+      - /containers/map/gunicorn.sock:/app/gunicorn.sock
+    env_file:
+      - ./environment
+    command: /bin/sh -c "python3 manage.py migrate && python3 manage.py collectstatic --noinput && gunicorn --bind 0.0.0.0:8000 ojusomap.wsgi"
+  
+  db:
+    image: mdillon/postgis:9.6-alpine
+    volumes:
+      - /containers/db:/var/lib/postgresql/data
+      - ./support/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
+    ports:
+      - "127.0.0.1:5432:5432"
+    env_file:
+      - ./environment
+      
+  web:
+    image: nginx:alpine
+    volumes:
+      - ./support/nginx/nginx.template:/etc/nginx/conf.d/nginx.template
+      - ./support/nginx/directives:/etc/nginx/directives
+      - /containers/tls/acme:/web/acme
+      - /containers/tls/certs:/web/certs
+      - /var/discourse/shared/standalone/nginx.http.sock:/web/run/discourse.sock
+      - /containers/map/gunicorn.sock:/web/run/gunicorn.sock
+      - /containers/map/static:/web/static
+      - weblate-data:/web/weblate/data:ro
+    ports:
+      - "80:80"
+      - "443:443"
+    links:
+      - forum:forum
+      - map:map
+      - weblate:weblate
+    env_file:
+      - ./environment
+    command: /bin/sh -c "cat /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
+  
+  forum:
+    image: local_discourse/app
+    restart: always
+    hostname: discourse
+    env_file:
+      - ./environment
+    volumes:
+      - /var/discourse/shared/standalone:/shared
+      - /var/discourse/shared/standalone/log/var-log:/var/log
+    command: /sbin/boot
+  
+  weblate:
+    image: weblate/weblate
+    links:
+      - db:database
+      - cache
+    volumes:
+      - weblate-data:/app/data
+    env_file:
+      - ./environment
+    environment:
+      - "POSTGRES_USER=weblate"
+      - "POSTGRES_DATABASE=weblate"
+    restart: always
+  
+  cache:
+    image: memcached:1.4
+    restart: always
+
+volumes:
+  weblate-data:

docker-compose.yml.template

@@ -1,73 +0,0 @@
-map:
-  build: .
-  links:
-    - db:db
-  volumes:
-    - /containers/map/static:/app/static
-    - /containers/map/gunicorn.sock:/app/gunicorn.sock
-  environment:
-   - "DEBUG=0"
-   - "ALLOWED_HOSTS=map.ojuso.org"
-   - "DATABASE_HOST=db"
-   - "DATABASE_NAME=postgres"
-   - "DATABASE_PASSWORD=${DATABASE_PASSWORD}"
-   - "EMAIL_HOST=mail.gandi.net"
-   - "EMAIL_HOST_USER=admin@ojuso.org"
-   - "EMAIL_HOST_PASSWORD=${SMTP_PASSWORD}"
-   - "EMAIL_PORT=587"
-   - "EMAIL_USE_TLS=1"
-   - "SERVER_EMAIL=Ojuso Platform Notification <admin@ojuso.org>" 
-  command: /bin/sh -c "python3 manage.py migrate && python3 manage.py collectstatic --noinput && gunicorn --bind 0.0.0.0:8000 ojusomap.wsgi"
-
-db:
-  image: mdillon/postgis:9.6-alpine
-  volumes:
-   - /containers/db:/var/lib/postgresql/data
-  environment:
-   - "POSTGRES_PASSWORD=${DATABASE_PASSWORD}"
-
-web:
-  image: nginx:alpine
-  volumes:
-   - ./support/nginx/nginx.template:/etc/nginx/conf.d/nginx.template
-   - ./support/nginx/directives:/etc/nginx/directives
-   - /containers/tls/acme:/web/acme
-   - /containers/tls/certs:/web/certs
-   - /var/discourse/shared/standalone/nginx.http.sock:/web/run/discourse.sock
-   - /containers/map/gunicorn.sock:/web/run/gunicorn.sock
-   - /containers/map/static:/web/static
-  ports:
-   - "80:80"
-   - "443:443"
-  links:
-   - forum:forum
-   - map:map
-  environment:
-   - "NGINX_ROOT=/web/static/"
-  command: /bin/sh -c "cat /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
-
-forum:
-  image: local_discourse/app
-  restart: always
-  hostname: discourse
-  environment:
-    - "DISCOURSE_DB_SOCKET=/var/run/postgresql"
-    - "DISCOURSE_DEVELOPER_EMAILS=admin@ojuso.org"
-    - "DISCOURSE_HOSTNAME=forum.ojuso.org"
-    - "DISCOURSE_SMTP_ADDRESS=mail.gandi.net"
-    - "DISCOURSE_SMTP_PASSWORD=${SMTP_PASSWORD}"
-    - "DISCOURSE_SMTP_PORT=587"
-    - "DISCOURSE_SMTP_USER_NAME=admin@ojuso.org"
-    - "DOCKER_HOST_IP=172.17.0.1"
-    - "LANG=en_US.UTF-8"
-    - "RAILS_ENV=production"
-    - "RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000"
-    - "RUBY_GC_HEAP_INIT_SLOTS=400000"
-    - "RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5"
-    - "RUBY_GLOBAL_METHOD_CACHE_SIZE=131072"
-    - "UNICORN_SIDEKIQS=1"
-    - "UNICORN_WORKERS=4"
-  volumes:
-    - /var/discourse/shared/standalone:/shared
-    - /var/discourse/shared/standalone/log/var-log:/var/log
-  command: /sbin/boot

environment.template

@@ -0,0 +1,71 @@
+# Django Configuration
+DEBUG=0
+ALLOWED_HOSTS=map.ojuso.org
+DATABASE_HOST=db
+DATABASE_NAME=postgres
+DATABASE_PASSWORD=${DATABASE_PASSWORD}
+EMAIL_HOST=mail.gandi.net
+EMAIL_HOST_USER=admin@ojuso.org
+EMAIL_HOST_PASSWORD=${SMTP_PASSWORD}
+EMAIL_PORT=587
+EMAIL_USE_TLS=1
+SECRET_KEY=${SECRET_KEY}
+SERVER_EMAIL=Ojuso Platform Notification <admin@ojuso.org>
+
+# Postgres Database Setup
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+
+# Discourse Configuration
+DISCOURSE_DB_SOCKET=/var/run/postgresql
+DISCOURSE_DEVELOPER_EMAILS=admin@ojuso.org
+DISCOURSE_HOSTNAME=forum.ojuso.org
+DISCOURSE_SMTP_ADDRESS=mail.gandi.net
+DISCOURSE_SMTP_PASSWORD=${SMTP_PASSWORD}
+DISCOURSE_SMTP_PORT=587
+DISCOURSE_SMTP_USER_NAME=admin@ojuso.org
+DOCKER_HOST_IP=172.17.0.1
+LANG=en_US.UTF-8
+RAILS_ENV=production
+RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000
+RUBY_GC_HEAP_INIT_SLOTS=400000
+RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5
+RUBY_GLOBAL_METHOD_CACHE_SIZE=131072
+UNICORN_SIDEKIQS=1
+UNICORN_WORKERS=4
+
+# Weblate setup
+WEBLATE_DEBUG=1
+WEBLATE_LOGLEVEL=DEBUG
+WEBLATE_SITE_TITLE=Ojuso Weblate
+WEBLATE_ADMIN_NAME=Weblate Admin
+WEBLATE_ADMIN_EMAIL=noreply@ojuso.org
+WEBLATE_ADMIN_PASSWORD=
+WEBLATE_SERVER_EMAIL=noreply@ojuso.org
+WEBLATE_DEFAULT_FROM_EMAIL=noreply@ojuso.org
+WEBLATE_ALLOWED_HOSTS=*
+WEBLATE_REGISTRATION_OPEN=1
+
+# Extra
+#WEBLATE_TIME_ZONE=
+#WEBLATE_MT_GOOGLE_KEY=
+#WEBLATE_SOCIAL_AUTH_GITHUB_KEY=
+#WEBLATE_SOCIAL_AUTH_GITHUB_SECRET=
+#WEBLATE_SOCIAL_AUTH_BITBUCKET_KEY=
+#WEBLATE_SOCIAL_AUTH_BITBUCKET_SECRET=
+#WEBLATE_SOCIAL_AUTH_FACEBOOK_KEY=
+#WEBLATE_SOCIAL_AUTH_FACEBOOK_SECRET=
+#WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=
+#WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=
+
+#WEBLATE_OFFLOAD_INDEXING=1
+#WEBLATE_GOOGLE_ANALYTICS_ID=
+#WEBLATE_ENABLE_HTTPS=1
+#WEBLATE_REQUIRE_LOGIN=1
+
+# Mail server, the server has to listen on port 587 and understand TLS
+WEBLATE_EMAIL_HOST=mail.gandi.net
+# Do NOT use quotes here
+WEBLATE_EMAIL_USER=admin@ojuso.org
+# Do NOT use quotes here
+WEBLATE_EMAIL_PASSWORD=${SMTP_PASSWORD}