flask site buildout #2

Merged
finn merged 25 commits from mgtut1 into master 2024-08-05 08:41:03 +00:00
6 changed files with 34 additions and 17 deletions
Showing only changes of commit eb0f19b109 - Show all commits

View File

@ -2,12 +2,10 @@
### Sec:
* This repo is public. Mind cred slip-ups.
* Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually.
* Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg.
* Avoid docker socks stuff.
- This repo is public. Mind cred slip-ups.
- Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually.
- Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg.
- Avoid docker socks stuff.
### Install:
@ -49,19 +47,28 @@ set up cron job for script
pmb-pf - git clone of my mail thing
other - ref and non-sensitive files for dns
### Timeline:
### Setup cheat:
set up certbot dns\
see tar of cert dir with script
- set up certbot dns (prod)
- see tar of cert dir with script (prod)
- flask vs uwsgi in backend compose section (prod)
- build vs local image in pmb-pf compose section
- git clone pmb-pf
- copy example .env in root dir
- copy example .env in pmb-pf
- copy example conf in proxy
- do pmb-pf setup, and adjust root .env
- mind backend config db settings
### Notes:
This repo is minimally-sensitive. Falling outside the repo dir structure are reference awesome-compose files used as baseline -- nginx-flask-mysql -- and certs, containing letsencrypt script. Script may be backed up into repo carefully, sanitizing any tkens.
TODO: gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
### Changing gitea subdomain:
Find in proxy/conf.\
Find in gitea conf.\
Rebuild images.
### Todo:
- gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
- move more stuff from backend config into root .env

View File

@ -18,7 +18,9 @@ pip install flask-migrate
pip install flask-login
pip install email-validator
pip install pydenticon
Prod only, require sys packages:
pip install mariadb
pip install uwsgi
...
pip freeze > requirements.txt
```
@ -36,8 +38,11 @@ flask db downgrade base
flask db upgrade
```
Full reset:
Full reset or maria init:
```
sql:
drop table users;
drop table posts;
rm app.db
rm -r migrations
flask db init

View File

@ -26,11 +26,12 @@ if not app.debug:
app.logger.addHandler(mail_handler)
if app.config['DC_LOGGING']:
print('#################### DEBUGHERE', file=sys.stderr)
print('#################### TEST PRINT STDERR DEBUG', file=sys.stderr)
dclog = logging.StreamHandler(stream=sys.stderr)
dclog.setLevel(logging.INFO)
dclog.propagate = False
app.logger.addHandler(dclog)
app.logger.info('@@@@@@@@@@@@@@@@@@@@@ TEST LOGGER INFO MESSAGE')
from app import routes, models, errors

View File

@ -5,8 +5,8 @@ basedir = os.path.abspath(os.path.dirname(__file__))
class Config:
SECRET_KEY = os.environ.get('FLASK_SECRET_KEY') or 'flasksk'
SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'zapp.db')
#SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('MYSQL_PASSWORD') + '@db:3306/flask'
#SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'zapp.db')
SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('MYSQL_PASSWORD') + '@db:3306/flask'
#MAIL_SERVER = 'pmb'
MAIL_SERVER = ''

View File

@ -30,7 +30,7 @@ services:
target: builder
restart: always
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"]
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
environment:
- MYSQL_USER=flasku
#- MYSQL_PASSWORD=flaskp

6
dotenv
View File

@ -5,7 +5,7 @@ DOTENV_MYSQL_ROOT_PASSWORD=rootp
DOTENV_MYSQL_GITEA_PASSWORD=giteap
DOTENV_MYSQL_FLASK_PASSWORD=flaskp
GITEA_MAIL_FROM=
GITEA_MAIL_FROM=gitea@gitea.changeme
# Build ARG GPG_PP. May still need to be empty to avoid breakage.
BUILD_GPG_PP=
@ -18,3 +18,7 @@ DOTENV_TOKEN_I=dti
# Consequential token: protect
DOTENV_TOKEN_C=dtc
# Destination address for handler mailer
ADMIN_EMAIL="email@email.changeme"