12-factorize application a little

snikket_web can now be fully configured via the environment alone,
no extra files needed. It is still supported to inject a python
file to generate environment variables though, which may be
useful for generating and reloading a secret key.

docker/env.py

@@ -0,0 +1,25 @@
+import os
+import secrets
+import sys
+
+_secret_key_path = "/etc/snikket-web-portal/secret_key"
+
+if "SNIKKET_WEB_SECRET_KEY" in os.environ:
+    print("Using SNIKKET_WEB_SECRET_KEY from environment")
+else:
+    try:
+        with open(_secret_key_path, "r") as f:
+            SNIKKET_WEB_SECRET_KEY = f.read()
+        print("Restored SNIKKET_WEB_SECRET_KEY from", _secret_key_path)
+    except FileNotFoundError:
+        print("Generating SNIKKET_WEB_SECRET_KEY ...")
+        SNIKKET_WEB_SECRET_KEY = secrets.token_urlsafe(nbytes=32)
+        old_mask = os.umask(0o077)
+        with open(_secret_key_path, "x") as f:
+            f.write(SNIKKET_WEB_SECRET_KEY)
+        os.umask(old_mask)
+        print("SNIKKET_WEB_SECRET_KEY persisted to", _secret_key_path)
+
+# Ensure that the above output is printed, even if nothing else is.
+sys.stdout.flush()
+sys.stderr.flush()