pre-c8 checkpoint

This commit is contained in:
finn 2024-08-04 04:39:49 -07:00
parent d7a0167cd6
commit eb0f19b109
6 changed files with 34 additions and 17 deletions

View File

@ -2,12 +2,10 @@
### Sec: ### Sec:
* This repo is public. Mind cred slip-ups. - This repo is public. Mind cred slip-ups.
* Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually. - Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually.
* Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg. - Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg.
* Avoid docker socks stuff. - Avoid docker socks stuff.
### Install: ### Install:
@ -49,19 +47,28 @@ set up cron job for script
pmb-pf - git clone of my mail thing pmb-pf - git clone of my mail thing
other - ref and non-sensitive files for dns other - ref and non-sensitive files for dns
### Timeline: ### Setup cheat:
set up certbot dns\ - set up certbot dns (prod)
see tar of cert dir with script - see tar of cert dir with script (prod)
- flask vs uwsgi in backend compose section (prod)
- build vs local image in pmb-pf compose section
- git clone pmb-pf
- copy example .env in root dir
- copy example .env in pmb-pf
- copy example conf in proxy
- do pmb-pf setup, and adjust root .env
- mind backend config db settings
### Notes: ### Notes:
This repo is minimally-sensitive. Falling outside the repo dir structure are reference awesome-compose files used as baseline -- nginx-flask-mysql -- and certs, containing letsencrypt script. Script may be backed up into repo carefully, sanitizing any tkens. This repo is minimally-sensitive. Falling outside the repo dir structure are reference awesome-compose files used as baseline -- nginx-flask-mysql -- and certs, containing letsencrypt script. Script may be backed up into repo carefully, sanitizing any tkens.
TODO: gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
### Changing gitea subdomain: ### Changing gitea subdomain:
Find in proxy/conf.\ Find in proxy/conf.\
Find in gitea conf.\ Find in gitea conf.\
Rebuild images. Rebuild images.
### Todo:
- gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
- move more stuff from backend config into root .env

View File

@ -18,7 +18,9 @@ pip install flask-migrate
pip install flask-login pip install flask-login
pip install email-validator pip install email-validator
pip install pydenticon pip install pydenticon
Prod only, require sys packages:
pip install mariadb pip install mariadb
pip install uwsgi
... ...
pip freeze > requirements.txt pip freeze > requirements.txt
``` ```
@ -36,8 +38,11 @@ flask db downgrade base
flask db upgrade flask db upgrade
``` ```
Full reset: Full reset or maria init:
``` ```
sql:
drop table users;
drop table posts;
rm app.db rm app.db
rm -r migrations rm -r migrations
flask db init flask db init

View File

@ -26,11 +26,12 @@ if not app.debug:
app.logger.addHandler(mail_handler) app.logger.addHandler(mail_handler)
if app.config['DC_LOGGING']: if app.config['DC_LOGGING']:
print('#################### DEBUGHERE', file=sys.stderr) print('#################### TEST PRINT STDERR DEBUG', file=sys.stderr)
dclog = logging.StreamHandler(stream=sys.stderr) dclog = logging.StreamHandler(stream=sys.stderr)
dclog.setLevel(logging.INFO) dclog.setLevel(logging.INFO)
dclog.propagate = False dclog.propagate = False
app.logger.addHandler(dclog) app.logger.addHandler(dclog)
app.logger.info('@@@@@@@@@@@@@@@@@@@@@ TEST LOGGER INFO MESSAGE')
from app import routes, models, errors from app import routes, models, errors

View File

@ -5,8 +5,8 @@ basedir = os.path.abspath(os.path.dirname(__file__))
class Config: class Config:
SECRET_KEY = os.environ.get('FLASK_SECRET_KEY') or 'flasksk' SECRET_KEY = os.environ.get('FLASK_SECRET_KEY') or 'flasksk'
SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'zapp.db') #SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'zapp.db')
#SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('MYSQL_PASSWORD') + '@db:3306/flask' SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('MYSQL_PASSWORD') + '@db:3306/flask'
#MAIL_SERVER = 'pmb' #MAIL_SERVER = 'pmb'
MAIL_SERVER = '' MAIL_SERVER = ''

View File

@ -30,7 +30,7 @@ services:
target: builder target: builder
restart: always restart: always
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi) # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"] #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
environment: environment:
- MYSQL_USER=flasku - MYSQL_USER=flasku
#- MYSQL_PASSWORD=flaskp #- MYSQL_PASSWORD=flaskp

6
dotenv
View File

@ -5,7 +5,7 @@ DOTENV_MYSQL_ROOT_PASSWORD=rootp
DOTENV_MYSQL_GITEA_PASSWORD=giteap DOTENV_MYSQL_GITEA_PASSWORD=giteap
DOTENV_MYSQL_FLASK_PASSWORD=flaskp DOTENV_MYSQL_FLASK_PASSWORD=flaskp
GITEA_MAIL_FROM= GITEA_MAIL_FROM=gitea@gitea.changeme
# Build ARG GPG_PP. May still need to be empty to avoid breakage. # Build ARG GPG_PP. May still need to be empty to avoid breakage.
BUILD_GPG_PP= BUILD_GPG_PP=
@ -18,3 +18,7 @@ DOTENV_TOKEN_I=dti
# Consequential token: protect # Consequential token: protect
DOTENV_TOKEN_C=dtc DOTENV_TOKEN_C=dtc
# Destination address for handler mailer
ADMIN_EMAIL="email@email.changeme"