Split the settings in two files, secrets system

This commit is contained in:
Martin Pépin 2017-05-16 19:52:59 +01:00
parent e64c3d0b37
commit e28b73a2ec
6 changed files with 131 additions and 79 deletions

1
evenementiel/settings/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
secret.py

View file

@ -1,36 +1,45 @@
# -*- coding: utf-8 -*-
"""
Django settings for evenementiel project.
Django common settings for GestionÉvénementiel
Generated by 'django-admin startproject' using Django 1.9.9.
Everything which is supposed to be identical between the production server and
the local development server should be here.
For more information on this file, see
https://docs.djangoproject.com/en/1.9/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.9/ref/settings/
We also load the secrets in this file.
"""
import os
from django.core.urlresolvers import reverse_lazy
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
from . import secret
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '0@=@$0*2x)x=$6qzf*1a(07she(33zr9vi0+=(yd%3i=i9gp+_'
CREATE_USER_KEY = 'lolilol' # Do not use this one on prod !!
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = []
def import_secret(name):
"""
Shorthand for importing a value from the secret module and raising an
informative exception if a secret is missing.
"""
try:
return getattr(secret, name)
except AttributeError:
raise RuntimeError("Secret missing: {}".format(name))
# Application definition
SECRET_KEY = import_secret("SECRET_KEY")
ADMINS = import_secret("ADMINS")
DBNAME = import_secret("DBNAME")
DBUSER = import_secret("DBUSER")
DBPASSWD = import_secret("DBPASSWD")
REDIS_PASSWD = import_secret("REDIS_PASSWD")
REDIS_DB = import_secret("REDIS_DB")
REDIS_HOST = import_secret("REDIS_HOST")
REDIS_PORT = import_secret("REDIS_PORT")
BASE_DIR = os.path.dirname(
os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
)
INSTALLED_APPS = [
'equipment.apps.EquipmentConfig',
@ -45,12 +54,10 @@ INSTALLED_APPS = [
'django.contrib.staticfiles',
'channels',
'bootstrapform',
'debug_toolbar',
'widget_tweaks',
]
MIDDLEWARE_CLASSES = [
'debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
@ -63,8 +70,11 @@ MIDDLEWARE_CLASSES = [
ROOT_URLCONF = 'evenementiel.urls'
LOGIN_REDIRECT_URL = reverse_lazy('shared:home')
LOGOUT_REDIRECT_URL = reverse_lazy('shared:home')
STATIC_URL = "/static/"
MEDIA_URL = "/media/"
LOGIN_REDIRECT_URL = 'shared:home'
LOGOUT_REDIRECT_URL = 'shared:home'
TEMPLATES = [
{
@ -83,19 +93,6 @@ TEMPLATES = [
},
]
CHANNEL_LAYERS = {
"default": {
"BACKEND": "asgi_redis.RedisChannelLayer",
"CONFIG": {
"hosts": [(
"redis://:{passwd}@{host}:{port}/{db}"
.format(passwd="dummy", host="localhost", port=6379, db=0)
)],
},
"ROUTING": "evenementiel.routing.channel_routing",
}
}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
@ -107,13 +104,22 @@ DATABASES = {
}
}
STATIC_ROOT = "/srv/GE/static/"
MEDIA_ROOT = "/srv/GE/media/"
CHANNEL_LAYERS = {
"default": {
"BACKEND": "asgi_redis.RedisChannelLayer",
"CONFIG": {
"hosts": [(
"redis://:{passwd}@{host}:{port}/{db}"
.format(passwd=REDIS_PASSWD, host=REDIS_HOST,
port=REDIS_PORT, db=REDIS_DB)
)],
},
"ROUTING": "evenementiel.routing.channel_routing",
}
}
# Password validation
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{'NAME': 'django.contrib.auth.password_validation'
'.UserAttributeSimilarityValidator'},
@ -124,9 +130,8 @@ AUTH_PASSWORD_VALIDATORS = [
'.NumericPasswordValidator'},
]
# Internationalization
# https://docs.djangoproject.com/en/1.9/topics/i18n/
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
@ -137,28 +142,3 @@ USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_URL = '/static/'
def show_toolbar(request):
"""
On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
machine physique n'est pas forcément connue, et peut difficilement être
mise dans les INTERNAL_IPS.
"""
if not DEBUG:
return False
if request.is_ajax():
return False
return True
DEBUG_TOOLBAR_CONFIG = {
'SHOW_TOOLBAR_CALLBACK': show_toolbar,
}

View file

@ -0,0 +1,44 @@
"""
Django development settings for GestionÉvénementiel
The settings that are not listed here are imported from .common
"""
from .common import * # NOQA
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
DEBUG = True
# Add some debugging tools
INSTALLED_APPS += ["debug_toolbar", "debug_panel"] # NOQA
MIDDLEWARE_CLASSES = (
["debug_panel.middleware.DebugPanelMiddleware"]
+ MIDDLEWARE_CLASSES # NOQA
)
# ---
# Nginx static/media config
# ---
STATIC_ROOT = "/srv/GE/static/"
MEDIA_ROOT = "/srv/GE/media/"
# ---
# Debug tool bar
# ---
def show_toolbar(request):
"""
On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
machine physique n'est pas forcément connue, et peut difficilement être
mise dans les INTERNAL_IPS.
"""
return DEBUG # True
DEBUG_TOOLBAR_CONFIG = {
'SHOW_TOOLBAR_CALLBACK': show_toolbar,
}

View file

@ -0,0 +1,13 @@
SECRET_KEY = 'dummy_key3i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
ADMINS = None
# Postgres
DBNAME = "{{DBNAME}}"
DBUSER = "{{DBUSER}}"
DBPASSWD = "{{DBPASSWD}}"
# Redis
REDIS_PASSWD = "{{REDIS_PASSWD}}"
REDIS_PORT = 6379
REDIS_DB = 0
REDIS_HOST = "127.0.0.1"

View file

@ -10,7 +10,18 @@ DBPASSWD="4KZt3nGPLVeWSvtBZPsd9jdssdJMds78"
REDIS_PASSWD="dummy"
# It is used in quite a few places
SETTINGS="evenementiel.settings_dev"
SETTINGS="evenementiel.settings.dev"
# Fills a "templated file" with the information specified in the variables above
# e.g. every occurrence of {{DBUSER}} in the file will be replaced by the value
# of the variable $DBUSER
function fill_template {
sed "s/{{DBUSER}}/$DBUSER/" -i $1
sed "s/{{DBNAME}}/$DBNAME/" -i $1
sed "s/{{DBPASSWD}}/$DBPASSWD/" -i $1
sed "s/{{REDIS_PASSWD}}/$REDIS_PASSWD/" -i $1
sed "s/{{SETTINGS}}/$SETTINGS/" -i $1
}
# ---
# Installs the dependencies
@ -56,10 +67,7 @@ service nginx restart
for service in {daphne,worker}.service
do
cp /vagrant/provisioning/$service /etc/systemd/system/$service
sed "s/{{DBUSER}}/$DBUSER/" -i /etc/systemd/system/$service
sed "s/{{DBNAME}}/$DBNAME/" -i /etc/systemd/system/$service
sed "s/{{DBPASSWD}}/$DBPASSWD/" -i /etc/systemd/system/$service
sed "s/{{SETTINGS}}/$SETTINGS/" -i /etc/systemd/system/$service
fill_template /etc/systemd/system/$service
systemctl enable $service
systemctl start $service
done
@ -79,6 +87,14 @@ redis-cli -a $REDIS_PASSWD CONFIG REWRITE
# Prepare Django
# ---
cd /vagrant
# Setup the secrets
sudo -H -u vagrant cp evenementiel/settings/secret_example.py \
evenementiel/settings/secret.py
fill_template evenementiel/settings/secret.py
# Run the usual django admin commands
function venv_python {
sudo -H -u vagrant DJANGO_SETTINGS_MODULE=$SETTINGS \
DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD \
@ -86,12 +102,9 @@ function venv_python {
$@
}
cd /vagrant
venv_python manage.py collectstatic --noinput
venv_python manage.py migrate
unset venv_python
# ---
# Setup a friendly environment for the user

View file

@ -1,3 +1,4 @@
-r requirements.txt
django-debug-toolbar
django-debug-panel
ipython