From 5168e6cd733f17c31edec2a7f36cca2885c9f825 Mon Sep 17 00:00:00 2001
From: finn <git@hot.oily.dad>
Date: Mon, 5 Aug 2024 01:36:10 -0700
Subject: [PATCH] post c10 cleanup

---
 backend/Dockerfile |  2 +-
 backend/config.py  |  1 -
 compose.yaml.local | 20 +++++++++++++-------
 compose.yaml.prod  | 24 +++++++++++++++---------
 dotenv             | 15 +++++++++------
 5 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index e6faad8..51ad67d 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -12,7 +12,7 @@ COPY requirements.txt /code
 RUN target=/root/.cache/pip \
     pip3 install --root-user-action=ignore -q -r requirements.txt
 
-# Need to make this explicit as part of expansion, no migrations or venv
+# Dockerignore has this skip migrations, venv, sqlite db
 COPY . .
 
 ENV FLASK_APP microblog.py
diff --git a/backend/config.py b/backend/config.py
index ac82c1e..94539de 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -9,7 +9,6 @@ class Config:
     SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('DOTENV_MYSQL_PASSWORD') + '@db:3306/flask'
 
     MAIL_SERVER = 'pmb'
-    #MAIL_SERVER = ''
     MAIL_PORT = 25
     MAIL_USE_TLS = False
     MAIL_USERNAME = ''
diff --git a/compose.yaml.local b/compose.yaml.local
index e0f2c61..88cff10 100644
--- a/compose.yaml.local
+++ b/compose.yaml.local
@@ -28,17 +28,23 @@ services:
     build:
       context: backend
       target: builder
-    restart: always
+    # Next two are only debug, used without restart
+    stdin_open: true
+    tty: true
+    #restart: always
     # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"]
+    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
     environment:
       - MYSQL_USER=flasku
       #- MYSQL_PASSWORD=flaskp
-      - MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
-      - TOKEN_I=${DOTENV_TOKEN_I}
-      - TOKEN_C=${DOTENV_TOKEN_C}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - FROM_ADDRESS=${GITEA_MAIL_FROM}
+      - DOTENV_MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
+      - DOTENV_FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
+      - DOTENV_TOKEN_I=${FLASK_TOKEN_I}
+      - DOTENV_TOKEN_C=${FLASK_TOKEN_C}
+      - DOTENV_ADMIN_EMAIL=${FLASK_ADMIN_EMAIL}
+      - DOTENV_FROM_ADDRESS=${FLASK_MAIL_FROM}
+      - DOTENV_JWT_PHRASE=${FLASK_JWT_PHRASE}
+      - DOTENV_REAL_HOSTNAME=${FLASK_REAL_HOSTNAME}
     #ports:
     #  - 8000:8000
     expose:
diff --git a/compose.yaml.prod b/compose.yaml.prod
index f1ab81f..98403d8 100644
--- a/compose.yaml.prod
+++ b/compose.yaml.prod
@@ -28,17 +28,23 @@ services:
     build:
       context: backend
       target: builder
+    # Next two are only debug, used without restart
+    #stdin_open: true
+    #tty: true
     restart: always
     # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"]
+    command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
     environment:
       - MYSQL_USER=flasku
       #- MYSQL_PASSWORD=flaskp
-      - MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
-      - TOKEN_I=${DOTENV_TOKEN_I}
-      - TOKEN_C=${DOTENV_TOKEN_C}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - FROM_ADDRESS=${GITEA_MAIL_FROM}
+      - DOTENV_MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
+      - DOTENV_FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
+      - DOTENV_TOKEN_I=${FLASK_TOKEN_I}
+      - DOTENV_TOKEN_C=${FLASK_TOKEN_C}
+      - DOTENV_ADMIN_EMAIL=${FLASK_ADMIN_EMAIL}
+      - DOTENV_FROM_ADDRESS=${FLASK_MAIL_FROM}
+      - DOTENV_JWT_PHRASE=${FLASK_JWT_PHRASE}
+      - DOTENV_REAL_HOSTNAME=${FLASK_REAL_HOSTNAME}
     #ports:
     #  - 8000:8000
     expose:
@@ -90,9 +96,9 @@ services:
   proxy:
     build: proxy
     restart: always
-    volumes:
-      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
-      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
+    #volumes:
+    #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
+    #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
     ports:
       - 80:80
       - 443:443
diff --git a/dotenv b/dotenv
index 0f2a538..d93dd76 100644
--- a/dotenv
+++ b/dotenv
@@ -5,7 +5,7 @@ DOTENV_MYSQL_ROOT_PASSWORD=rootp
 DOTENV_MYSQL_GITEA_PASSWORD=giteap
 DOTENV_MYSQL_FLASK_PASSWORD=flaskp
 
-GITEA_MAIL_FROM=gitea@gitea.changeme
+GITEA_MAIL_FROM="git@changeme"
 
 # Build ARG GPG_PP. May still need to be empty to avoid breakage.
 BUILD_GPG_PP=
@@ -13,12 +13,15 @@ BUILD_GPG_PP=
 
 # Backend:
 
+FLASK_SECRET_KEY="changeme"
 # Inconsequential token: minimal inconvenience if exposed
-DOTENV_TOKEN_I=dti
+FLASK_TOKEN_I=dti
 
 # Consequential token: protect
-DOTENV_TOKEN_C=dtc
-
-# Destination address for handler mailer
-ADMIN_EMAIL="email@email.changeme"
+FLASK_TOKEN_C=dtc
 
+FLASK_MAIL_FROM="git@changeme"
+# admin email must be valid send from with mail subsystem
+FLASK_ADMIN_EMAIL="git@changeme"
+FLASK_JWT_PHRASE="jwtphrase"
+FLASK_REAL_HOSTNAME="localhost"