From 80193114909a3f6ca1eda9a47b6330ef249a8ee5 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Fri, 18 Nov 2022 17:24:43 -0700
Subject: Deployment re-jiggling

---
 takahe/settings/base.py        | 51 ++++------------------------
 takahe/settings/development.py |  6 ++++
 takahe/settings/production.py  | 75 ++++++++++++++++++++++++++++++++++++++----
 3 files changed, 81 insertions(+), 51 deletions(-)

(limited to 'takahe')

diff --git a/takahe/settings/base.py b/takahe/settings/base.py
index d2e30c3..719e03b 100644
--- a/takahe/settings/base.py
+++ b/takahe/settings/base.py
@@ -1,5 +1,4 @@
 import os
-import sys
 from pathlib import Path
 from typing import Optional
 
@@ -23,6 +22,7 @@ INSTALLED_APPS = [
 
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
+    "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
@@ -109,49 +109,10 @@ STATICFILES_DIRS = [
     BASE_DIR / "static",
 ]
 
+STATIC_ROOT = BASE_DIR / "static-collected"
+
 ALLOWED_HOSTS = ["*"]
 
-### User-configurable options, pulled from the environment ###
-
-MAIN_DOMAIN = os.environ["TAKAHE_MAIN_DOMAIN"]
-if "/" in MAIN_DOMAIN:
-    print("TAKAHE_MAIN_DOMAIN should be just the domain name - no https:// or path")
-    sys.exit(1)
-
-
-if os.environ.get("TAKAHE_EMAIL_CONSOLE_ONLY"):
-    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
-    EMAIL_FROM = "test@example.com"
-else:
-    EMAIL_FROM = os.environ["TAKAHE_EMAIL_FROM"]
-    if "TAKAHE_EMAIL_SENDGRID_KEY" in os.environ:
-        EMAIL_HOST = "smtp.sendgrid.net"
-        EMAIL_PORT = 587
-        EMAIL_HOST_USER: Optional[str] = "apikey"
-        EMAIL_HOST_PASSWORD: Optional[str] = os.environ["TAKAHE_EMAIL_SENDGRID_KEY"]
-        EMAIL_USE_TLS = True
-    else:
-        EMAIL_HOST = os.environ["TAKAHE_EMAIL_HOST"]
-        EMAIL_PORT = int(os.environ["TAKAHE_EMAIL_PORT"])
-        EMAIL_HOST_USER = os.environ.get("TAKAHE_EMAIL_USER")
-        EMAIL_HOST_PASSWORD = os.environ.get("TAKAHE_EMAIL_PASSWORD")
-        EMAIL_USE_SSL = EMAIL_PORT == 465
-        EMAIL_USE_TLS = EMAIL_PORT == 587
-
-AUTO_ADMIN_EMAIL = os.environ.get("TAKAHE_AUTO_ADMIN_EMAIL")
-
-# Set up media storage
-MEDIA_BACKEND = os.environ.get("TAKAHE_MEDIA_BACKEND", None)
-if MEDIA_BACKEND == "local":
-    # Note that this MUST be a fully qualified URL in production
-    MEDIA_URL = os.environ.get("TAKAHE_MEDIA_URL", "/media/")
-    MEDIA_ROOT = os.environ.get("TAKAHE_MEDIA_ROOT", BASE_DIR / "media")
-elif MEDIA_BACKEND == "gcs":
-    DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
-    GS_BUCKET_NAME = os.environ["TAKAHE_MEDIA_BUCKET"]
-elif MEDIA_BACKEND == "s3":
-    DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
-    AWS_STORAGE_BUCKET_NAME = os.environ["TAKAHE_MEDIA_BUCKET"]
-else:
-    print("Unknown TAKAHE_MEDIA_BACKEND value")
-    sys.exit(1)
+AUTO_ADMIN_EMAIL: Optional[str] = None
+
+STATOR_TOKEN: Optional[str] = None
diff --git a/takahe/settings/development.py b/takahe/settings/development.py
index 30f74a0..d71a406 100644
--- a/takahe/settings/development.py
+++ b/takahe/settings/development.py
@@ -18,3 +18,9 @@ CSRF_TRUSTED_ORIGINS = [
 ]
 
 EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+SERVER_EMAIL = "test@example.com"
+
+MAIN_DOMAIN = os.environ.get("TAKAHE_MAIN_DOMAIN", "https://example.com")
+
+MEDIA_URL = os.environ.get("TAKAHE_MEDIA_URL", "/media/")
+MEDIA_ROOT = os.environ.get("TAKAHE_MEDIA_ROOT", BASE_DIR / "media")
diff --git a/takahe/settings/production.py b/takahe/settings/production.py
index f453177..34116af 100644
--- a/takahe/settings/production.py
+++ b/takahe/settings/production.py
@@ -1,16 +1,79 @@
 import os
+import sys
+from typing import Optional
 
 from .base import *  # noqa
 
-# Load secret key from environment
+# Ensure debug features are off
+DEBUG = bool(os.environ.get("TAKAHE__SECURITY_HAZARD__DEBUG", False))
+
+# TODO: Allow better setting of allowed_hosts, if we need to
+ALLOWED_HOSTS = ["*"]
+
+### User-configurable options, pulled from the environment ###
+
+# Secret key
 try:
     SECRET_KEY = os.environ["TAKAHE_SECRET_KEY"]
 except KeyError:
     print("You must specify the TAKAHE_SECRET_KEY environment variable!")
-    os._exit(1)
+    sys.exit(1)
 
-# Ensure debug features are off
-DEBUG = False
+# SSL proxy header
+if "TAKAHE_SECURE_HEADER" in os.environ:
+    SECURE_PROXY_SSL_HEADER = (
+        "HTTP_" + os.environ["TAKAHE_SECURE_HEADER"].replace("-", "_").upper(),
+        "https",
+    )
 
-# TODO: Allow better setting of allowed_hosts, if we need to
-ALLOWED_HOSTS = ["*"]
+# Fallback domain for links
+MAIN_DOMAIN = os.environ["TAKAHE_MAIN_DOMAIN"]
+if "/" in MAIN_DOMAIN:
+    print("TAKAHE_MAIN_DOMAIN should be just the domain name - no https:// or path")
+    sys.exit(1)
+
+# Email config
+if os.environ.get("TAKAHE_EMAIL_CONSOLE_ONLY"):
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+    SERVER_EMAIL = "test@example.com"
+else:
+    SERVER_EMAIL = os.environ["TAKAHE_EMAIL_FROM"]
+    if "TAKAHE_EMAIL_SENDGRID_KEY" in os.environ:
+        EMAIL_HOST = "smtp.sendgrid.net"
+        EMAIL_PORT = 587
+        EMAIL_HOST_USER: Optional[str] = "apikey"
+        EMAIL_HOST_PASSWORD: Optional[str] = os.environ["TAKAHE_EMAIL_SENDGRID_KEY"]
+        EMAIL_USE_TLS = True
+    else:
+        EMAIL_HOST = os.environ["TAKAHE_EMAIL_HOST"]
+        EMAIL_PORT = int(os.environ["TAKAHE_EMAIL_PORT"])
+        EMAIL_HOST_USER = os.environ.get("TAKAHE_EMAIL_USER")
+        EMAIL_HOST_PASSWORD = os.environ.get("TAKAHE_EMAIL_PASSWORD")
+        EMAIL_USE_SSL = EMAIL_PORT == 465
+        EMAIL_USE_TLS = EMAIL_PORT == 587
+
+AUTO_ADMIN_EMAIL = os.environ.get("TAKAHE_AUTO_ADMIN_EMAIL")
+
+# Media storage
+MEDIA_BACKEND = os.environ.get("TAKAHE_MEDIA_BACKEND", None)
+if MEDIA_BACKEND == "local":
+    # Note that this MUST be a fully qualified URL in production
+    MEDIA_URL = os.environ.get("TAKAHE_MEDIA_URL", "/media/")
+    MEDIA_ROOT = os.environ.get("TAKAHE_MEDIA_ROOT", BASE_DIR / "media")
+elif MEDIA_BACKEND == "gcs":
+    DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
+    GS_BUCKET_NAME = os.environ["TAKAHE_MEDIA_BUCKET"]
+    GS_QUERYSTRING_AUTH = False
+elif MEDIA_BACKEND == "s3":
+    DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
+    AWS_STORAGE_BUCKET_NAME = os.environ["TAKAHE_MEDIA_BUCKET"]
+else:
+    print("Unknown TAKAHE_MEDIA_BACKEND value")
+    sys.exit(1)
+
+# Stator secret token
+STATOR_TOKEN = os.environ.get("TAKAHE_STATOR_TOKEN")
+
+# Error email recipients
+if "TAKAHE_ERROR_EMAILS" in os.environ:
+    ADMINS = [("Admin", e) for e in os.environ["TAKAHE_ERROR_EMAILS"].split(",")]
-- 
cgit v1.2.3