Split settings between local and prod
This commit is contained in:
parent
c597cd5f2c
commit
606047fe0d
8 changed files with 291 additions and 167 deletions
|
@ -1,165 +0,0 @@
|
||||||
"""
|
|
||||||
Django settings for annuaire project.
|
|
||||||
|
|
||||||
Generated by 'django-admin startproject' using Django 2.2b1.
|
|
||||||
|
|
||||||
For more information on this file, see
|
|
||||||
https://docs.djangoproject.com/en/dev/topics/settings/
|
|
||||||
|
|
||||||
For the full list of settings and their values, see
|
|
||||||
https://docs.djangoproject.com/en/dev/ref/settings/
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
from django.urls import reverse_lazy
|
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
||||||
|
|
||||||
|
|
||||||
# Quick-start development settings - unsuitable for production
|
|
||||||
# See https://docs.djangoproject.com/en/dev/howto/deployment/checklist/
|
|
||||||
|
|
||||||
# SECURITY WARNING: keep the secret key used in production secret!
|
|
||||||
SECRET_KEY = "84=n(@@wl(04oc$(-+3surgrlf&uq3=m)=(hpg$immi1h69s)p"
|
|
||||||
|
|
||||||
# À bouger dans un ficher secret quand il sera créé ?
|
|
||||||
LDAP = {
|
|
||||||
"SPI": {
|
|
||||||
"PROTOCOL": "ldaps",
|
|
||||||
"URL": "ldap.spi.ens.fr",
|
|
||||||
"PORT": 636,
|
|
||||||
},
|
|
||||||
"CRI": {
|
|
||||||
"PROTOCOL": "ldap",
|
|
||||||
"URL": "annuaire.ens.fr",
|
|
||||||
"PORT": 389,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
ANNUAIRE = {
|
|
||||||
"PROTOCOL": "http",
|
|
||||||
"URL": "annuaireweb.ens.fr",
|
|
||||||
"PORT": 80,
|
|
||||||
}
|
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
|
||||||
DEBUG = True
|
|
||||||
|
|
||||||
ALLOWED_HOSTS = []
|
|
||||||
|
|
||||||
# Application definition
|
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
|
||||||
"django.contrib.admin",
|
|
||||||
"django.contrib.auth",
|
|
||||||
"django.contrib.contenttypes",
|
|
||||||
"django.contrib.sessions",
|
|
||||||
"django.contrib.messages",
|
|
||||||
"django.contrib.staticfiles",
|
|
||||||
"authens",
|
|
||||||
"fiches",
|
|
||||||
]
|
|
||||||
|
|
||||||
MIDDLEWARE = [
|
|
||||||
"django.middleware.security.SecurityMiddleware",
|
|
||||||
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
||||||
"django.middleware.locale.LocaleMiddleware",
|
|
||||||
"django.middleware.common.CommonMiddleware",
|
|
||||||
"django.middleware.csrf.CsrfViewMiddleware",
|
|
||||||
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
||||||
"django.contrib.messages.middleware.MessageMiddleware",
|
|
||||||
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
||||||
]
|
|
||||||
|
|
||||||
ROOT_URLCONF = "annuaire.urls"
|
|
||||||
|
|
||||||
TEMPLATES = [
|
|
||||||
{
|
|
||||||
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
|
||||||
"DIRS": [],
|
|
||||||
"APP_DIRS": True,
|
|
||||||
"OPTIONS": {
|
|
||||||
"context_processors": [
|
|
||||||
"django.template.context_processors.debug",
|
|
||||||
"django.template.context_processors.request",
|
|
||||||
"django.contrib.auth.context_processors.auth",
|
|
||||||
"django.contrib.messages.context_processors.messages",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
AUTHENTICATION_BACKENDS = (
|
|
||||||
"django.contrib.auth.backends.ModelBackend",
|
|
||||||
"fiches.backends.BackendFiches",
|
|
||||||
)
|
|
||||||
|
|
||||||
WSGI_APPLICATION = "annuaire.wsgi.application"
|
|
||||||
|
|
||||||
|
|
||||||
# Database
|
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#databases
|
|
||||||
|
|
||||||
DATABASES = {
|
|
||||||
"default": {
|
|
||||||
"ENGINE": "django.db.backends.sqlite3",
|
|
||||||
"NAME": os.path.join(BASE_DIR, "db.sqlite3"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Password validation
|
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators
|
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = [
|
|
||||||
{
|
|
||||||
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
# Internationalization
|
|
||||||
# https://docs.djangoproject.com/en/dev/topics/i18n/
|
|
||||||
|
|
||||||
LANGUAGE_CODE = "fr-fr"
|
|
||||||
|
|
||||||
LANGUAGES = [
|
|
||||||
("fr", "Français"),
|
|
||||||
("en", "English"),
|
|
||||||
]
|
|
||||||
|
|
||||||
LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
|
|
||||||
|
|
||||||
TIME_ZONE = "UTC"
|
|
||||||
|
|
||||||
USE_I18N = True
|
|
||||||
|
|
||||||
USE_L10N = False
|
|
||||||
|
|
||||||
USE_TZ = True
|
|
||||||
|
|
||||||
|
|
||||||
# Static files (CSS, JavaScript, Images)
|
|
||||||
# https://docs.djangoproject.com/en/dev/howto/static-files/
|
|
||||||
|
|
||||||
STATIC_URL = "/static/"
|
|
||||||
|
|
||||||
MEDIA_ROOT = os.path.join(BASE_DIR, "media")
|
|
||||||
|
|
||||||
MEDIA_URL = "/media/"
|
|
||||||
|
|
||||||
LOGIN_URL = reverse_lazy("authens:login")
|
|
||||||
LOGOUT_REDIRECT_URL = reverse_lazy("home")
|
|
||||||
AUTHENS_USE_OLDCAS = False
|
|
||||||
|
|
||||||
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
|
|
1
annuaire/settings/.gitignore
vendored
Normal file
1
annuaire/settings/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
secret.py
|
0
annuaire/settings/__init__.py
Normal file
0
annuaire/settings/__init__.py
Normal file
130
annuaire/settings/common.py
Normal file
130
annuaire/settings/common.py
Normal file
|
@ -0,0 +1,130 @@
|
||||||
|
"""
|
||||||
|
Settings communs entre setups de dev et de production.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Secrets
|
||||||
|
# ---
|
||||||
|
|
||||||
|
try:
|
||||||
|
from . import secret
|
||||||
|
except ImportError:
|
||||||
|
raise ImportError(
|
||||||
|
"The secret.py file is missing.\n"
|
||||||
|
"For a development environment, simply copy secret_example.py"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def import_secret(name):
|
||||||
|
"""
|
||||||
|
Shorthand for importing a value from the secret module and raising an
|
||||||
|
informative exception if a secret is missing.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
return getattr(secret, name)
|
||||||
|
except AttributeError:
|
||||||
|
raise RuntimeError("Secret missing: {}".format(name))
|
||||||
|
|
||||||
|
|
||||||
|
SECRET_KEY = import_secret("SECRET_KEY")
|
||||||
|
ADMINS = import_secret("ADMINS")
|
||||||
|
SERVER_EMAIL = import_secret("SERVER_EMAIL")
|
||||||
|
EMAIL_HOST = import_secret("EMAIL_HOST")
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Défauts Django
|
||||||
|
# ---
|
||||||
|
|
||||||
|
DEBUG = False # False by default feels safer
|
||||||
|
TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"
|
||||||
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
||||||
|
|
||||||
|
INSTALLED_APPS = [
|
||||||
|
"django.contrib.admin",
|
||||||
|
"django.contrib.auth",
|
||||||
|
"django.contrib.contenttypes",
|
||||||
|
"django.contrib.sessions",
|
||||||
|
"django.contrib.messages",
|
||||||
|
"django.contrib.staticfiles",
|
||||||
|
"django_cas_ng",
|
||||||
|
"fiches",
|
||||||
|
]
|
||||||
|
|
||||||
|
MIDDLEWARE = [
|
||||||
|
"django.middleware.security.SecurityMiddleware",
|
||||||
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
||||||
|
"django.middleware.common.CommonMiddleware",
|
||||||
|
"django.middleware.csrf.CsrfViewMiddleware",
|
||||||
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
||||||
|
"django.contrib.messages.middleware.MessageMiddleware",
|
||||||
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
||||||
|
]
|
||||||
|
|
||||||
|
ROOT_URLCONF = "annuaire.urls"
|
||||||
|
|
||||||
|
TEMPLATES = [
|
||||||
|
{
|
||||||
|
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
||||||
|
"DIRS": [],
|
||||||
|
"APP_DIRS": True,
|
||||||
|
"OPTIONS": {
|
||||||
|
"context_processors": [
|
||||||
|
"django.template.context_processors.debug",
|
||||||
|
"django.template.context_processors.request",
|
||||||
|
"django.contrib.auth.context_processors.auth",
|
||||||
|
"django.contrib.messages.context_processors.messages",
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
AUTHENTICATION_BACKENDS = (
|
||||||
|
"django.contrib.auth.backends.ModelBackend",
|
||||||
|
"django_cas_ng.backends.CASBackend",
|
||||||
|
)
|
||||||
|
|
||||||
|
WSGI_APPLICATION = "annuaire.wsgi.application"
|
||||||
|
|
||||||
|
# Internationalization
|
||||||
|
# https://docs.djangoproject.com/en/dev/topics/i18n/
|
||||||
|
|
||||||
|
LANGUAGE_CODE = "fr-fr"
|
||||||
|
TIME_ZONE = "UTC"
|
||||||
|
USE_I18N = True
|
||||||
|
USE_L10N = True
|
||||||
|
USE_TZ = True
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Settings CAS
|
||||||
|
# ---
|
||||||
|
|
||||||
|
CAS_SERVER_URL = "https://cas.eleves.ens.fr/"
|
||||||
|
CAS_VERSION = "2"
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# LDAP et annuaire ENS
|
||||||
|
# ---
|
||||||
|
|
||||||
|
# Est-ce vraiment nécessaire de les garder secrets ?
|
||||||
|
LDAP = {
|
||||||
|
"SPI": {
|
||||||
|
"PROTOCOL": "ldaps",
|
||||||
|
"URL": "ldap.spi.ens.fr",
|
||||||
|
"PORT": 636,
|
||||||
|
},
|
||||||
|
"CRI": {
|
||||||
|
"PROTOCOL": "ldap",
|
||||||
|
"URL": "annuaire.ens.fr",
|
||||||
|
"PORT": 389,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
ANNUAIRE = {
|
||||||
|
"PROTOCOL": "http",
|
||||||
|
"URL": "annuaireweb.ens.fr",
|
||||||
|
"PORT": 80,
|
||||||
|
}
|
62
annuaire/settings/local.py
Normal file
62
annuaire/settings/local.py
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
"""
|
||||||
|
Settings pour le dev local de l'annuaire (hors vagrant).
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from .common import * # NOQA
|
||||||
|
from .common import BASE_DIR, INSTALLED_APPS, MIDDLEWARE, TESTING
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Tweaks for debug/local development
|
||||||
|
# ---
|
||||||
|
|
||||||
|
ALLOWED_HOSTS = []
|
||||||
|
|
||||||
|
DEBUG = True
|
||||||
|
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
|
||||||
|
|
||||||
|
STATIC_URL = "/static/"
|
||||||
|
MEDIA_URL = "/media/"
|
||||||
|
MEDIA_ROOT = os.path.join(BASE_DIR, "media")
|
||||||
|
|
||||||
|
DATABASES = {
|
||||||
|
"default": {
|
||||||
|
"ENGINE": "django.db.backends.sqlite3",
|
||||||
|
"NAME": os.path.join(BASE_DIR, "db.sqlite3"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Use the default cache backend for local development
|
||||||
|
CACHES = {"default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}}
|
||||||
|
|
||||||
|
# Pas besoin de sécurité en local
|
||||||
|
AUTH_PASSWORD_VALIDATORS = []
|
||||||
|
PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"]
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Debug tool bar
|
||||||
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
def show_toolbar(request):
|
||||||
|
"""
|
||||||
|
On active la debug-toolbar en mode développement local sauf :
|
||||||
|
- dans l'admin où ça ne sert pas à grand chose;
|
||||||
|
- si la variable d'environnement DJANGO_NO_DDT est à 1 → ça permet de la désactiver
|
||||||
|
sans modifier ce fichier en exécutant `export DJANGO_NO_DDT=1` dans le terminal
|
||||||
|
qui lance `./manage.py runserver`.
|
||||||
|
|
||||||
|
Autre side effect de cette fonction : on ne fait pas la vérification de INTERNAL_IPS
|
||||||
|
que ferait la debug-toolbar par défaut, ce qui la fait fonctionner aussi à
|
||||||
|
l'intérieur de Vagrant (comportement non testé depuis un moment…)
|
||||||
|
"""
|
||||||
|
env_no_ddt = bool(os.environ.get("DJANGO_NO_DDT", None))
|
||||||
|
return DEBUG and not env_no_ddt and not request.path.startswith("/admin/")
|
||||||
|
|
||||||
|
|
||||||
|
if not TESTING:
|
||||||
|
INSTALLED_APPS += ["debug_toolbar"]
|
||||||
|
MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware"] + MIDDLEWARE
|
||||||
|
DEBUG_TOOLBAR_CONFIG = {"SHOW_TOOLBAR_CALLBACK": show_toolbar}
|
81
annuaire/settings/prod.py
Normal file
81
annuaire/settings/prod.py
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
"""
|
||||||
|
Settings pour la mise en production de l'annuaire.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from .common import * # NOQA
|
||||||
|
from .common import (
|
||||||
|
BASE_DIR,
|
||||||
|
import_secret,
|
||||||
|
)
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Prod-specific secrets
|
||||||
|
# ---
|
||||||
|
|
||||||
|
REDIS_PASSWD = import_secret("REDIS_PASSWD")
|
||||||
|
REDIS_DB = import_secret("REDIS_DB")
|
||||||
|
REDIS_HOST = import_secret("REDIS_HOST")
|
||||||
|
REDIS_PORT = import_secret("REDIS_PORT")
|
||||||
|
|
||||||
|
DBNAME = import_secret("DBNAME")
|
||||||
|
DBUSER = import_secret("DBUSER")
|
||||||
|
DBPASSWD = import_secret("DBPASSWD")
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# À modifier possiblement lors de la mise en production
|
||||||
|
# ---
|
||||||
|
|
||||||
|
ALLOWED_HOSTS = ["annuaire.eleves.ens.fr", "www.annuaire.eleves.ens.fr"]
|
||||||
|
|
||||||
|
STATIC_ROOT = os.path.join(
|
||||||
|
os.path.dirname(os.path.dirname(BASE_DIR)), "public", "annuaire", "static"
|
||||||
|
)
|
||||||
|
|
||||||
|
STATIC_URL = "/static/"
|
||||||
|
MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), "media")
|
||||||
|
MEDIA_URL = "/media/"
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Cache settings
|
||||||
|
# ---
|
||||||
|
|
||||||
|
CACHES = {
|
||||||
|
"default": {
|
||||||
|
"BACKEND": "redis_cache.RedisCache",
|
||||||
|
"LOCATION": "redis://:{passwd}@{host}:{port}/{db}".format(
|
||||||
|
passwd=REDIS_PASSWD, host=REDIS_HOST, port=REDIS_PORT, db=REDIS_DB
|
||||||
|
),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# Prod database settings
|
||||||
|
# ---
|
||||||
|
|
||||||
|
DATABASES = {
|
||||||
|
"default": {
|
||||||
|
"ENGINE": "django.db.backends.postgresql_psycopg2",
|
||||||
|
"NAME": DBNAME,
|
||||||
|
"USER": DBUSER,
|
||||||
|
"PASSWORD": DBPASSWD,
|
||||||
|
"HOST": os.environ.get("DBHOST", "localhost"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
AUTH_PASSWORD_VALIDATORS = [
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", # noqa
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
||||||
|
},
|
||||||
|
]
|
15
annuaire/settings/secret_example.py
Normal file
15
annuaire/settings/secret_example.py
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
SECRET_KEY = "$=kp$3e=xh)*4h8(_g#lprlmve_vs9_xv9hlgse%+uk9nhc==x"
|
||||||
|
ADMINS = None
|
||||||
|
SERVER_EMAIL = "root@localhost"
|
||||||
|
EMAIL_HOST = None
|
||||||
|
|
||||||
|
|
||||||
|
# Ne pas modifier si on utilise vagrant !
|
||||||
|
DBUSER = "annuaire"
|
||||||
|
DBNAME = "annuaire"
|
||||||
|
DBPASSWD = "O1LxCADDA6Px5SiKvifjvdp3DSjfbp"
|
||||||
|
|
||||||
|
REDIS_PASSWD = "dummy"
|
||||||
|
REDIS_PORT = 6379
|
||||||
|
REDIS_DB = 0
|
||||||
|
REDIS_HOST = "127.0.0.1"
|
|
@ -5,7 +5,7 @@ import sys
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'annuaire.settings')
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "annuaire.settings.local")
|
||||||
try:
|
try:
|
||||||
from django.core.management import execute_from_command_line
|
from django.core.management import execute_from_command_line
|
||||||
except ImportError as exc:
|
except ImportError as exc:
|
||||||
|
@ -17,5 +17,5 @@ def main():
|
||||||
execute_from_command_line(sys.argv)
|
execute_from_command_line(sys.argv)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
|
Loading…
Reference in a new issue