thubrecht/poulpe
1
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Split the settings in two files, secrets system

Browse source
This commit is contained in:
Martin Pépin 2017-05-16 19:52:59 +01:00
parent e64c3d0b37
commit e28b73a2ec
6 changed files with 131 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
evenementiel/settings/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
secret.py

122
evenementiel/settings_dev.py → evenementiel/settings/common.py
View file

@ -1,36 +1,45 @@
# -*- coding: utf-8 -*-
""" """
Django settings for evenementiel project. Django common settings for GestionÉvénementiel
Generated by 'django-admin startproject' using Django 1.9.9. Everything which is supposed to be identical between the production server and
the local development server should be here.
For more information on this file, see We also load the secrets in this file.
https://docs.djangoproject.com/en/1.9/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.9/ref/settings/
""" """
import os import os
from django.core.urlresolvers import reverse_lazy from . import secret
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production def import_secret(name):
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ """
Shorthand for importing a value from the secret module and raising an
# SECURITY WARNING: keep the secret key used in production secret! informative exception if a secret is missing.
SECRET_KEY = '0@=@$0*2x)x=$6qzf*1a(07she(33zr9vi0+=(yd%3i=i9gp+_' """
CREATE_USER_KEY = 'lolilol' # Do not use this one on prod !! try:
return getattr(secret, name)
# SECURITY WARNING: don't run with debug turned on in production! except AttributeError:
DEBUG = True raise RuntimeError("Secret missing: {}".format(name))
ALLOWED_HOSTS = []
# Application definition SECRET_KEY = import_secret("SECRET_KEY")
ADMINS = import_secret("ADMINS")
DBNAME = import_secret("DBNAME")
DBUSER = import_secret("DBUSER")
DBPASSWD = import_secret("DBPASSWD")
REDIS_PASSWD = import_secret("REDIS_PASSWD")
REDIS_DB = import_secret("REDIS_DB")
REDIS_HOST = import_secret("REDIS_HOST")
REDIS_PORT = import_secret("REDIS_PORT")
BASE_DIR = os.path.dirname(
os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
)
INSTALLED_APPS = [ INSTALLED_APPS = [
'equipment.apps.EquipmentConfig', 'equipment.apps.EquipmentConfig',
@ -45,12 +54,10 @@ INSTALLED_APPS = [
'django.contrib.staticfiles', 'django.contrib.staticfiles',
'channels', 'channels',
'bootstrapform', 'bootstrapform',
'debug_toolbar',
'widget_tweaks', 'widget_tweaks',
] ]
MIDDLEWARE_CLASSES = [ MIDDLEWARE_CLASSES = [
'debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
@ -63,8 +70,11 @@ MIDDLEWARE_CLASSES = [
ROOT_URLCONF = 'evenementiel.urls' ROOT_URLCONF = 'evenementiel.urls'
LOGIN_REDIRECT_URL = reverse_lazy('shared:home') STATIC_URL = "/static/"
LOGOUT_REDIRECT_URL = reverse_lazy('shared:home') MEDIA_URL = "/media/"
LOGIN_REDIRECT_URL = 'shared:home'
LOGOUT_REDIRECT_URL = 'shared:home'
TEMPLATES = [ TEMPLATES = [
{ {
@ -83,19 +93,6 @@ TEMPLATES = [
}, },
] ]
CHANNEL_LAYERS = {
"default": {
"BACKEND": "asgi_redis.RedisChannelLayer",
"CONFIG": {
"hosts": [(
"redis://:{passwd}@{host}:{port}/{db}"
.format(passwd="dummy", host="localhost", port=6379, db=0)
)],
},
"ROUTING": "evenementiel.routing.channel_routing",
}
}
DATABASES = { DATABASES = {
'default': { 'default': {
'ENGINE': 'django.db.backends.postgresql', 'ENGINE': 'django.db.backends.postgresql',
@ -107,13 +104,22 @@ DATABASES = {
} }
} }
STATIC_ROOT = "/srv/GE/static/" CHANNEL_LAYERS = {
MEDIA_ROOT = "/srv/GE/media/" "default": {
"BACKEND": "asgi_redis.RedisChannelLayer",
"CONFIG": {
"hosts": [(
"redis://:{passwd}@{host}:{port}/{db}"
.format(passwd=REDIS_PASSWD, host=REDIS_HOST,
port=REDIS_PORT, db=REDIS_DB)
)],
},
"ROUTING": "evenementiel.routing.channel_routing",
}
}
# Password validation # Password validation
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [ AUTH_PASSWORD_VALIDATORS = [
{'NAME': 'django.contrib.auth.password_validation' {'NAME': 'django.contrib.auth.password_validation'
'.UserAttributeSimilarityValidator'}, '.UserAttributeSimilarityValidator'},
@ -124,9 +130,8 @@ AUTH_PASSWORD_VALIDATORS = [
'.NumericPasswordValidator'}, '.NumericPasswordValidator'},
] ]
# Internationalization # Internationalization
# https://docs.djangoproject.com/en/1.9/topics/i18n/ # https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us' LANGUAGE_CODE = 'en-us'
@ -137,28 +142,3 @@ USE_I18N = True
USE_L10N = True USE_L10N = True
USE_TZ = True USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_URL = '/static/'
def show_toolbar(request):
"""
On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
machine physique n'est pas forcément connue, et peut difficilement être
mise dans les INTERNAL_IPS.
"""
if not DEBUG:
return False
if request.is_ajax():
return False
return True
DEBUG_TOOLBAR_CONFIG = {
'SHOW_TOOLBAR_CALLBACK': show_toolbar,
}

44
evenementiel/settings/dev.py Normal file
View file

@ -0,0 +1,44 @@
"""
Django development settings for GestionÉvénementiel
The settings that are not listed here are imported from .common
"""
from .common import * # NOQA
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
DEBUG = True
# Add some debugging tools
INSTALLED_APPS += ["debug_toolbar", "debug_panel"] # NOQA
MIDDLEWARE_CLASSES = (
["debug_panel.middleware.DebugPanelMiddleware"]
+ MIDDLEWARE_CLASSES # NOQA
)
# ---
# Nginx static/media config
# ---
STATIC_ROOT = "/srv/GE/static/"
MEDIA_ROOT = "/srv/GE/media/"
# ---
# Debug tool bar
# ---
def show_toolbar(request):
"""
On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
machine physique n'est pas forcément connue, et peut difficilement être
mise dans les INTERNAL_IPS.
"""
return DEBUG # True
DEBUG_TOOLBAR_CONFIG = {
'SHOW_TOOLBAR_CALLBACK': show_toolbar,
}

13
evenementiel/settings/secret_example.py Normal file
View file

@ -0,0 +1,13 @@
SECRET_KEY = 'dummy_key3i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
ADMINS = None
# Postgres
DBNAME = "{{DBNAME}}"
DBUSER = "{{DBUSER}}"
DBPASSWD = "{{DBPASSWD}}"
# Redis
REDIS_PASSWD = "{{REDIS_PASSWD}}"
REDIS_PORT = 6379
REDIS_DB = 0
REDIS_HOST = "127.0.0.1"

29
provisioning/bootstrap.sh
View file

@ -10,7 +10,18 @@ DBPASSWD="4KZt3nGPLVeWSvtBZPsd9jdssdJMds78"
REDIS_PASSWD="dummy" REDIS_PASSWD="dummy"
# It is used in quite a few places # It is used in quite a few places
SETTINGS="evenementiel.settings_dev" SETTINGS="evenementiel.settings.dev"
# Fills a "templated file" with the information specified in the variables above
# e.g. every occurrence of {{DBUSER}} in the file will be replaced by the value
# of the variable $DBUSER
function fill_template {
sed "s/{{DBUSER}}/$DBUSER/" -i $1
sed "s/{{DBNAME}}/$DBNAME/" -i $1
sed "s/{{DBPASSWD}}/$DBPASSWD/" -i $1
sed "s/{{REDIS_PASSWD}}/$REDIS_PASSWD/" -i $1
sed "s/{{SETTINGS}}/$SETTINGS/" -i $1
}
# --- # ---
# Installs the dependencies # Installs the dependencies
@ -56,10 +67,7 @@ service nginx restart
for service in {daphne,worker}.service for service in {daphne,worker}.service
do do
cp /vagrant/provisioning/$service /etc/systemd/system/$service cp /vagrant/provisioning/$service /etc/systemd/system/$service
sed "s/{{DBUSER}}/$DBUSER/" -i /etc/systemd/system/$service fill_template /etc/systemd/system/$service
sed "s/{{DBNAME}}/$DBNAME/" -i /etc/systemd/system/$service
sed "s/{{DBPASSWD}}/$DBPASSWD/" -i /etc/systemd/system/$service
sed "s/{{SETTINGS}}/$SETTINGS/" -i /etc/systemd/system/$service
systemctl enable $service systemctl enable $service
systemctl start $service systemctl start $service
done done
@ -79,6 +87,14 @@ redis-cli -a $REDIS_PASSWD CONFIG REWRITE
# Prepare Django # Prepare Django
# --- # ---
cd /vagrant
# Setup the secrets
sudo -H -u vagrant cp evenementiel/settings/secret_example.py \
evenementiel/settings/secret.py
fill_template evenementiel/settings/secret.py
# Run the usual django admin commands
function venv_python { function venv_python {
sudo -H -u vagrant DJANGO_SETTINGS_MODULE=$SETTINGS \ sudo -H -u vagrant DJANGO_SETTINGS_MODULE=$SETTINGS \
DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD \ DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD \
@ -86,12 +102,9 @@ function venv_python {
$@ $@
} }
cd /vagrant
venv_python manage.py collectstatic --noinput venv_python manage.py collectstatic --noinput
venv_python manage.py migrate venv_python manage.py migrate
unset venv_python
# --- # ---
# Setup a friendly environment for the user # Setup a friendly environment for the user

1
requirements-devel.txt
View file

@ -1,3 +1,4 @@
-r requirements.txt -r requirements.txt
django-debug-toolbar django-debug-toolbar
django-debug-panel
ipython ipython