12-factorize application a little

snikket_web can now be fully configured via the environment alone, no extra files needed. It is still supported to inject a python file to generate environment variables though, which may be useful for generating and reloading a secret key.
2021-01-17 11:00:42 +01:00
parent fadbdaf204
commit e0cfcc6aaa
12 changed files with 115 additions and 98 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -45,8 +45,8 @@ RUN set -eu; \
    rm -rf /root/.cache; \
    apt-get clean ; rm -rf /var/lib/apt/lists

-COPY web_config.production.py /opt/snikket-web-portal/.local/web_config.py
-ENV SNIKKET_WEB_CONFIG "/opt/snikket-web-portal/.local/web_config.py"
+COPY docker/env.py /etc/snikket-web-portal/env.py
+ENV SNIKKET_WEB_PYENV=/etc/snikket-web-portal/env.py

 ADD docker/entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
--- a/docker/env.py
+++ b/docker/env.py
@@ -0,0 +1,25 @@
+import os
+import secrets
+import sys
+
+_secret_key_path = "/etc/snikket-web-portal/secret_key"
+
+if "SNIKKET_WEB_SECRET_KEY" in os.environ:
+    print("Using SNIKKET_WEB_SECRET_KEY from environment")
+else:
+    try:
+        with open(_secret_key_path, "r") as f:
+            SNIKKET_WEB_SECRET_KEY = f.read()
+        print("Restored SNIKKET_WEB_SECRET_KEY from", _secret_key_path)
+    except FileNotFoundError:
+        print("Generating SNIKKET_WEB_SECRET_KEY ...")
+        SNIKKET_WEB_SECRET_KEY = secrets.token_urlsafe(nbytes=32)
+        old_mask = os.umask(0o077)
+        with open(_secret_key_path, "x") as f:
+            f.write(SNIKKET_WEB_SECRET_KEY)
+        os.umask(old_mask)
+        print("SNIKKET_WEB_SECRET_KEY persisted to", _secret_key_path)
+
+# Ensure that the above output is printed, even if nothing else is.
+sys.stdout.flush()
+sys.stderr.flush()