Merge branch 'develop' into feature/fix-official-models

.gitlab-ci.yml

@@ -5,7 +5,7 @@ stages:
     - deploy
 
 test:
-    image: python:3.5
+    image: python:3.7
     stage: test
     services:
         - postgres:latest
@@ -24,7 +24,7 @@ test:
         - python manage.py test
 
 pycodestyle:
-    image: python:3.5
+    image: python:3.7
     stage: lint
     script:
         - pip install pycodestyle
@@ -46,7 +46,8 @@ remark:
     script:
         - npm run remark
 
-publish:
+# TODO: remove
+publish_dev:
     stage: publish
     image: docker:stable
     services:
@@ -56,7 +57,20 @@ publish:
     script:
         - docker info
         - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-        - docker build . -t "$IMAGE_NAME"
+        - docker build . -t "$IMAGE_NAME_DEV"
+        - docker push "$IMAGE_NAME_DEV"
+
+publish:
+    stage: publish
+    image: docker:stable
+    services:
+        - docker:stable-dind
+    only:
+        - master
+    script:
+        - docker info
+        - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+        - docker build . -f Dockerfile.prod -t "$IMAGE_NAME"
         - docker push "$IMAGE_NAME"
 
 deploy_dev:
@@ -79,24 +93,47 @@ deploy_dev:
         - scp docker-compose.yml $DEV_SSH_USER@$DEV_SSH_HOST:~/deployment/docker-compose.yml
         - scp .deploy_dev.sh $DEV_SSH_USER@$DEV_SSH_HOST:~/deployment/deploy_dev.sh
         - ssh $DEV_SSH_USER@$DEV_SSH_HOST "docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY"
-        - ssh $DEV_SSH_USER@$DEV_SSH_HOST "bash ~/deployment/deploy_dev.sh \"$IMAGE_NAME\""
+        - ssh $DEV_SSH_USER@$DEV_SSH_HOST "bash ~/deployment/deploy_dev.sh \"$IMAGE_NAME_DEV\""
+
+# deploy_production:
+#     stage: deploy
+#     image: alpine:latest
+#     environment:
+#         name: production
+#         url: https://sika.sahkoinsinoorikilta.fi
+#     when: manual
+#     only:
+#         - master
+#     before_script:
+#         - pwd
+#         - apk add --update openssh
+#         - ssh -V
+#         - mkdir -p ~/.ssh
+#         - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+#         - chmod 600 ~/.ssh/id_rsa
+#         - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
+#     script:
+#         - ssh $PROD_SSH_USER@$PROD_SSH_HOST "zsh ~/deploy.sh"
 
 deploy_production:
     stage: deploy
-    image: alpine:latest
-    environment:
-        name: production
-        url: https://sika.sahkoinsinoorikilta.fi
-    when: manual
+    image: docker:stable
     only:
         - master
+    environment:
+        name: production
+        url: sika.sik.party
+    when: manual
+    variables:
+        DOCKER_HOST: $CI_DOCKER_HOST
+        DOCKER_TLS_VERIFY: 1
     before_script:
-        - pwd
-        - apk add --update openssh
-        - ssh -V
-        - mkdir -p ~/.ssh
-        - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-        - chmod 600 ~/.ssh/id_rsa
-        - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
+        - mkdir -p ~/.docker
+        - echo "$TLSCACERT" > ~/.docker/ca.pem
+        - echo "$TLSCERT" > ~/.docker/cert.pem
+        - echo "$TLSKEY" > ~/.docker/key.pem
+        - docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
     script:
-        - ssh $PROD_SSH_USER@$PROD_SSH_HOST "zsh ~/deploy.sh"
+        - docker stack deploy --with-registry-auth -c stack-compose.yml "$SERVICE_NAME"
+    after_script:
+        - docker logout "$CI_REGISTRY"

.python-version

@@ -1 +1 @@
-3.6.8
+3.7.4

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.5
+FROM python:3.7
 ENV PYTHONUNBUFFERED 1
 ENV IS_DOCKER 1
 RUN mkdir /code

Dockerfile.prod

@@ -0,0 +1,26 @@
+FROM python:3.7-alpine
+ENV PYTHONUNBUFFERED 1
+ENV IS_DOCKER 0
+WORKDIR /app
+COPY requirements.txt ./
+COPY requirements.production.txt ./
+COPY . ./
+COPY sikweb/settings-sample-prod.py sikweb/settings.py
+
+# uWSGI, gunicorn etc.
+RUN apk add --no-cache --virtual .build-deps python3-dev build-base linux-headers pcre-dev openssl \
+    # PSQL
+    && apk add --no-cache postgresql-dev \
+    # Pillow
+    && apk add --no-cache jpeg-dev zlib-dev \
+    && pip install --upgrade pip \
+    && pip install -r requirements.txt \
+    && pip install -r requirements.production.txt \
+    && apk del .build-deps
+
+RUN python manage.py collectstatic --noinput
+
+# run migrate
+# python manage.py migrate --noinput
+
+ENTRYPOINT ["sh", "-c", "./production_entrypoint.sh"]

Pipfile

@@ -25,7 +25,7 @@ coverage = "==4.3.4"
 django-nose = "==1.4.5"
 nose-exclude = "==0.5.0"
 psycopg2-binary = "==2.7.6.1"
-django-bootstrap3 = "==8.2.3"
+django-bootstrap3 = "==11.1.0"
 django-tables2 = "==1.6.1"
 pycodestyle = "==2.3.1"
 dealer = "==2.0.5"
@@ -47,6 +47,7 @@ Django = "==2.1.5"
 ipython_genutils = "==0.1.0"
 Pillow = "==5.4.1"
 PyJWT = "==1.6.4"
+whitenoise = "==4.1.4"
 
 [requires]
 python_version = "3.7"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "d80d256f07478bff4dc7f11bc5ffbab6be2716e25360cb1a1fea2b1ce9f8f33f"
+            "sha256": "aaefeb42f8fc73a67edd3c9b61176e4735f8daf1393b2685ad8b5274f5199b0d"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -18,22 +18,21 @@
     "default": {
         "aiohttp": {
             "hashes": [
-                "sha256:1ab7ab0a710135133dcc2980dd48fdd92f6f6066b66ef0356f458f395aa375af",
-                "sha256:1cf5b433a0aa3cf45b0acd4adb14cb20d99166aaa967ab89f629635ac263ca64",
-                "sha256:27b2bc8ca5555d5dadeee07cc2d6f8c06092c9d9c3f203c79c124d07474d3cf8",
-                "sha256:315f55a8469284f3ee54534d76f525b5c104dc514999dca4a007524a458aaba2",
-                "sha256:4f3c1572716ce2c8f22877a8185414ec213c057df35d27f7195f185691828608",
-                "sha256:635bef0626e28446372511e1fd31585205db2f18dab37a43d8adb30b0483e1bf",
-                "sha256:6907359de725e7ccd04b458a0f3322c7d1ba78df3df02e2ceb5abb0e21c975e6",
-                "sha256:772cfc0ff7c088d9e211377951a51c8a5173110cf56214f3e3d08a89be07badc",
-                "sha256:a91251585acf5203842551e37d2700c13c0bb411fa61b13485ab9e8d2dd400e9",
-                "sha256:acbbf0c47aa713d7a4baf52f11a356b01b82cabb53da452328546acaa21c6605",
-                "sha256:af7809ce7de6709afc7770403a70dfdbc4e988c91451108c8e123fac46b870d9",
-                "sha256:de611d7b95c1067d9a415979c63503dbdc735b943d08779506886614b410644a",
-                "sha256:e0fe698d1e6a852a27a88d2844a1a63839ee764d7cf214fd58cbea480407cc1d",
-                "sha256:fa155e309cc2277d6f9d099aecaf3ce78d86a31f5a62a994debc872e4c34ddf4"
+                "sha256:022c400e30848b1994236e31fb38db1dc4b551efe049f737cbac690ab2cdf5c4",
+                "sha256:10f9316ef068536dec0b9f09531fa1cb6bfa8394f278022cb96e789c77811ad2",
+                "sha256:2599b93fd5ba1120b3bd1366d67a7e26bd45b3d5d5548069e00b2fbef7f20ab0",
+                "sha256:2a1c71e7fb8c50e60fb4c9bab8bd5cf7c07f91a6b27dc2556d7354cd2ebb3689",
+                "sha256:6a19d34cc01414d94dd5a4466f8f397293fcb8929df8eeb8989119cc5ef928bb",
+                "sha256:7aab39c2a61a5c6b15bb7e561218ef64770ca1fbf4cc1878c96e630e2b7cc3cc",
+                "sha256:8959e28bc1b87542b0ee4a8302128f633bee296252f261bf03e118c4dff725f0",
+                "sha256:89820f7c488f4e9b1f74371da33403181e11e006663ddf074317aacd690838a6",
+                "sha256:ab761cf0f0b0b90887e276b4a7918f11e323f2228bbb30814bbd538c122028bf",
+                "sha256:cc648ecaca79e37c6e26f370e802e7ae640a069913f661f66c0421084bef219a",
+                "sha256:d6f26e80cd55ac88e1f0397fc8d547933225a5dc1add040e27788c2a028c64c6",
+                "sha256:e7d6ae4a36bfe6d7f93c6f42a0bfa1659f7d011006cb6e8207c85ef5acdb2986",
+                "sha256:fc55b1fec0e4cc1134ffb09ea3970783ee2906dc5dfd7cd16917913f2cfed65b"
             ],
-            "version": "==3.6.0"
+            "version": "==3.6.1"
         },
         "appnope": {
             "hashes": [
@@ -52,10 +51,10 @@
         },
         "attrs": {
             "hashes": [
-                "sha256:69c0dbf2ed392de1cb5ec704444b08a5ef81680a61cb899dc08127123af36a79",
-                "sha256:f0b870f674851ecbfbbbd364d6b5cbdff9dcedbc7f3f5e18a6891057f21fe399"
+                "sha256:ec20e7a4825331c1b5ebf261d111e16fa9612c1f7a5e1f884f12bd53a664dfd2",
+                "sha256:f913492e1663d3c36f502e5e9ba6cd13cf19d7fab50aa13239e420fef95e1396"
             ],
-            "version": "==19.1.0"
+            "version": "==19.2.0"
         },
         "babel": {
             "hashes": [
@@ -180,17 +179,17 @@
         },
         "django-autocomplete-light": {
             "hashes": [
-                "sha256:5ccb1c8c4b75cf72bc5dabd920190ea1ca3a340f56fb6b12d07a62202837fa75"
+                "sha256:29ce2626a11eab2333e5aa9f95166a6d4400f11b5a05e8f23fa77017b1a9089a"
             ],
             "index": "pypi",
-            "version": "==3.2.10"
+            "version": "==3.4.1"
         },
         "django-bootstrap3": {
             "hashes": [
-                "sha256:6f7946d513d6340bb70f25d8ec047bf3bf37bab9e499d3baca99b1aa0ec92a52"
+                "sha256:c417b25328fb8e97cb89e1f07d35632602d702e6eaca863328e833939d0d1743"
             ],
             "index": "pypi",
-            "version": "==8.2.3"
+            "version": "==11.1.0"
         },
         "django-cors-headers": {
             "hashes": [
@@ -418,10 +417,10 @@
         },
         "phonenumberslite": {
             "hashes": [
-                "sha256:5bd43a4c88a015d9762d9e4a6861ed3a8dbbfb34f64239d5f31ada0892730ae1",
-                "sha256:8f41d6e10cc81d5e2fa11d3391707dd8e1d71fbfcd7a8abab5a6dfadd2914a9e"
+                "sha256:66ec7822322c8a7bbf2063e886b8d9ed479a5b14e5f879443bacd9972ebbdece",
+                "sha256:a0542bbe3bb47f20523a6bdb2447340afd78aaaf3c6e09ce214a4a2cb1f75492"
             ],
-            "version": "==8.10.18"
+            "version": "==8.10.20"
         },
         "pickleshare": {
             "hashes": [
@@ -640,10 +639,18 @@
         },
         "urllib3": {
             "hashes": [
-                "sha256:b246607a25ac80bedac05c6f282e3cdaf3afb65420fd024ac94435cabe6e18d1",
-                "sha256:dbe59173209418ae49d485b87d1681aefa36252ee85884c31346debd19463232"
+                "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398",
+                "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86"
             ],
-            "version": "==1.25.3"
+            "version": "==1.25.6"
+        },
+        "whitenoise": {
+            "hashes": [
+                "sha256:22f79cf8f1f509639330f93886acaece8ec5ac5e9600c3b981d33c34e8a42dfd",
+                "sha256:6dfea214b7c12efd689007abf9afa87a426586e9dbc051873ad2c8e535e2a1ac"
+            ],
+            "index": "pypi",
+            "version": "==4.1.4"
         },
         "xlrd": {
             "hashes": [

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     image: postgres
   web:
     build: .
-    image: registry.gitlab.com/sahkoinsinoorikilta/vtmk/web2.0-backend
+    image: registry.gitlab.com/sahkoinsinoorikilta/vtmk/web2.0-backend:dev
     command: ["bash", "-c", "cd /code && ./wait-for-it.sh db:5432 -- bash setup.sh --no-input --no-npm && python manage.py runserver 0.0.0.0:8000"]
     ports:
       - "8000:8000"

kaehmy/static/kaehmy/css/header.css

@@ -23,7 +23,7 @@
         position: absolute;
         left: 0;
         top: 0;
-        background-color: #052f5f;
+        background-color: #0c2938;
         width: 100%;
     }
 

kaehmy/templates/checkbox_option.html

@@ -1,5 +1,4 @@
-{% if wrap_label %}
-<label{% if widget.attrs.id %} for="{{ widget.attrs.id }}"{% endif %}>{% endif %}
+<label{% if widget.attrs.id %} for="{{ widget.attrs.id }}"{% endif %}>
 {% include "django/forms/widgets/input.html" %}
-{% if wrap_label %} {{ widget.label }}</label>{% endif %}
+{{ widget.label }}</label>
 <span class="fa fa-info-circle" data-toggle="tooltip" data-placement="right" title="{{ widget.description }}"></span>

kaehmy/templates/kaehmy.html

@@ -16,21 +16,21 @@
             {% blocktrans %}Kaehmykoneella voit ilmaista kiinnostuksesi toimia killassa ensi vuonna.
             Listassa on vastuualueittain sekä hallitus- että toimihenkilövirkoja.
             Koska lista ei ole koskaan täydellinen, voit myös ehdottaa ihan uutta toimenkuvaa.
-            Jos sinulla on kysyttävää mistä tahansa virasta, kannattaa konsultoida <a href="/static/other/kahmyopas.pdf">kaehmyopasta</a> 
+            Jos sinulla on kysyttävää mistä tahansa virasta, kannattaa konsultoida <a href="/static/other/kahmyopas.pdf">kaehmyopasta</a>
             tai olla yhteydessä kyseistä virkaa tänä vuonna toimittavaan henkilöön.{% endblocktrans %}
         </p>
         <p>
-            {% blocktrans %}Muista, että kaehmyn lähettäminen on kiinnostuksen ilmaus 
+            {% blocktrans %}Muista, että kaehmyn lähettäminen on kiinnostuksen ilmaus
             eikä siis missään nimessä sitova ilmoittautumien mihinkään tehtävään!{% endblocktrans %}
         </p>
         <h5>{% trans "Päivämääriä & deadlineja" %}</h5>
         <ul>
-            <li><strong>29.10.</strong>  {% blocktrans %}Hallitustyrkkypaneeli (haku hallitukseen olisi hyvä tehdä ennen tätä!){% endblocktrans %}</li>
-            <li><strong>5.11.</strong>  {% blocktrans %}Vaalikokous, osa 1 (puheenjohtajan valinta){% endblocktrans %}</li>
-            <li><strong>12.11.</strong> {% blocktrans %}Kiltailta{% endblocktrans %}</li>
-            <li><strong>15.11.</strong> {% blocktrans %}Vaalikokous, osa 2 (hallituksen valinta){% endblocktrans %}</li>
-            <li><strong>20.11.</strong> {% blocktrans %}Haku toimariksi olisi hyvä tehdä ennen tätä!{% endblocktrans %}</li>
-            <li><strong>26.11.</strong> {% blocktrans %}Vaalikokous, osa 3 (toimarien valinta){% endblocktrans %}</li>
+            <li><strong>24.10.</strong> {% blocktrans %}Kiltailta{% endblocktrans %}</li>
+            <li><strong>28.10.</strong>  {% blocktrans %}Hallitustyrkkypaneeli (haku hallitukseen olisi hyvä tehdä ennen tätä!){% endblocktrans %}</li>
+            <li><strong>4.11.</strong>  {% blocktrans %}Vaalikokous, osa 1 (puheenjohtajan valinta){% endblocktrans %}</li>
+            <li><strong>14.11.</strong> {% blocktrans %}Vaalikokous, osa 2 (hallituksen valinta){% endblocktrans %}</li>
+            <li><strong>18.11.</strong> {% blocktrans %}Infoilta toimarihakijoille (haku toimariksi olisi hyvä tehdä ennen tätä){% endblocktrans %}</li>
+            <li><strong>25.11.</strong> {% blocktrans %}Vaalikokous, osa 3 (toimarien valinta){% endblocktrans %}</li>
         </ul>
         <form name="kaehmyForm" action="/kaehmy/submit/" method="post" class="form">{% csrf_token %}
             {% bootstrap_field form.name %}
@@ -46,7 +46,7 @@
                             {{ preset_field.label }}
                         </div>
                         <div class="card-block">
-                            {% bootstrap_field preset_field show_label=False %}                              
+                            {% bootstrap_field preset_field show_label=False %}
                         </div>
                     </div>
                 {% endif %}
@@ -59,11 +59,11 @@
                             {{ custom_field.label }}
                         </div>
                         <div class="card-block">
-                            {% bootstrap_field custom_field show_label=False %}                              
+                            {% bootstrap_field custom_field show_label=False %}
                         </div>
                     </div>
                 {% endif %}
-            {% endfor %}            
+            {% endfor %}
             <div class="card">
                 <div class="card-block">
                     {% bootstrap_field form.custom_role_name %}
@@ -71,7 +71,7 @@
                 </div>
             </div>
             {% bootstrap_field form.text %}
-            
+
             <input type="checkbox" required name="gdpr" value="1">
             <span>{% blocktrans %}
                 Hyväksyn <a href="https://sik.ayy.fi/files/official/Tietosuojaseloste%20%E2%80%93%20Toimihenkil%C3%B6ksi%20hakemisen%20rekisteri.pdf" target="_blank">tietosuojaselosteen</a> ja tietojeni tallentamisen.

kaehmy/views.py

@@ -11,6 +11,7 @@ from django.core.mail import send_mail
 import logging
 import requests
 from dealer.git import git
+from sikweb.settings import URL
 
 from members.views.utils import *
 from kaehmy.models import Application, CustomRole, PresetRole, TelegramChannel
@@ -60,12 +61,12 @@ def comment(request, *args, **kwargs):
         name = comment.name
 
         subject = 'Kaehmyysi tai kommenttiisi on vastattu!'
-        body = ('{} on vastannut kaehmyhakemukseesi tai kommenttiisi kaehmypalvelussa.\r\n\r\n'
-                'Käy lukemassa viesti osoitteessa http://sika.sahkoinsinoorikilta.fi/kaehmy').format(name.capitalize())
+        body = (f'{name.capitalize()} on vastannut kaehmyhakemukseesi tai kommenttiisi kaehmypalvelussa.\r\n\r\n'
+                'Käy lukemassa viesti osoitteessa https://{URL}/kaehmy')
 
         send_email(email, subject, body)
         logging.debug(
-            'Sent kaehmy comment email to recipient <{}>'.format(email))
+            f'Sent kaehmy comment email to recipient <{email}>')
 
         return redirect('/kaehmy')
     else:
@@ -123,7 +124,7 @@ def submit(request, *args, **kwargs):
             custom_role.save()
             application.custom_roles.add(custom_role)
 
-        url = 'https://sika.sahkoinsinoorikilta.fi/kaehmy'
+        url = f'https://{URL}/kaehmy'
 
         email = form.cleaned_data.get('email', '')
         name = form.cleaned_data.get('name', 'Anonymous')

ohlhafv/views.py

@@ -14,6 +14,7 @@ from django.template.loader import render_to_string
 import logging
 import requests
 from dealer.git import git
+from sikweb.settings import URL
 
 from ohlhafv.models import OhlhafvChallenge
 from ohlhafv.forms import OhlhafvForm
@@ -39,7 +40,7 @@ def ohlhafv_submit(request, *args, **kwargs):
         challenge = form.instance
         email = form.cleaned_data.get('victim_email', '')
 
-        url = 'https://sika.sahkoinsinoorikilta.fi/ohlhafv/list'
+        url = f'https://{URL}/ohlhafv/list'
         subject = _('Sinut on haastettu Øhlhäfviin!')
 
         message = render_to_string(

package.json

@@ -9,7 +9,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git@sika.sahkoinsinoorikilta.fi:vtmk/web2.0.git"
+    "url": "git@gitlab.com:sahkoinsinoorikilta/vtmk/web2.0-backend.git"
   },
   "author": "SIK ry",
   "license": "ISC",
@@ -23,4 +23,4 @@
       "remark-preset-lint-recommended"
     ]
   }
-}
+}

production_entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Get ENVs from secrets
+export SECRET_KEY=$(cat $SECRET_KEY_FILE)
+export TG_BOT_TOKEN=$(cat $TG_BOT_TOKEN_FILE)
+export EMAIL_PASSWD=$(cat $EMAIL_PASSWD_FILE)
+export DB_USER=$(cat $DB_USER_FILE)
+export DB_PASSWD=$(cat $DB_PASSWD_FILE)
+
+# Collect static files
+echo "Collect static files"
+python manage.py collectstatic --noinput
+
+# Apply database migrations
+echo "Apply database migrations"
+python manage.py migrate
+
+# Start server
+echo "Django running on http://localhost:8000 in production mode"
+gunicorn -w 4 -b 0.0.0.0:8000 sikweb.wsgi

requirements.production.txt

@@ -1,2 +1,2 @@
-uWSGI==2.0.14
+uWSGI==2.0.18
 gunicorn==19.9.0

requirements.txt

@@ -20,7 +20,7 @@ coverage==4.3.4
 django-nose==1.4.5
 nose-exclude==0.5.0
 psycopg2-binary==2.7.6.1
-django-bootstrap3==8.2.3
+django-bootstrap3==11.1.0
 django-tables2==1.6.1
 pycodestyle==2.3.1
 dealer==2.0.5
@@ -37,3 +37,4 @@ django-import-export==0.7.0
 openpyxl==2.4.11
 django-app-namespace-template-loader==0.4.1
 django-filter==2.0.0
+whitenoise==4.1.4

sikweb/base.py

@@ -123,6 +123,7 @@ NOSE_ARGS = [
 MIDDLEWARE = [
     'sikweb.middleware.ForceDefaultLanguageMiddleware',
     'django.middleware.security.SecurityMiddleware',
+    'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'corsheaders.middleware.CorsMiddleware',

sikweb/settings-sample-prod.py

@@ -0,0 +1,51 @@
+
+"""
+Django settings for sikweb project.
+
+Generated by 'django-admin startproject' using Django 1.9.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/1.9/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/1.9/ref/settings/
+"""
+
+from sikweb.base import *
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = False
+
+ALLOWED_HOSTS = ["sika.sik.party"]
+URL = "sika.sik.party"
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = os.getenv('SECRET_KEY', '<your secret key>')
+
+# ReCaptcha
+# http://www.yaconiello.com/blog/integrating-google-recaptcha-to-django/
+GOOGLE_RECAPTCHA_SITE_KEY = "YOUR-PUBLIC-KEY"
+GOOGLE_RECAPTCHA_SECRET_KEY = "YOUR-PRIVATE-KEY"
+
+# Email settings (more settings in base.py)
+EMAIL_HOST_USER = 'sikviestinta@gmail.com'
+EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWD', '<gmail_passu>')
+DEFAULT_EMAIL_FROM = 'SIK Viestintä <sikviestinta@gmail.com>'
+ENABLE_AUTOMATIC_EMAILS = True
+
+# Token for Telegram bot
+TELEGRAM_BOT_TOKEN = os.getenv('TG_BOT_TOKEN')
+
+# Database settings
+# Only uncomment if default settings in base.py are not ok
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': os.getenv('DB_USER', '<none>'),
+        'USER': os.getenv('DB_USER', '<none>'),
+        'PASSWORD': os.getenv('DB_PASSWD', '<none>'),
+        'HOST': os.getenv('DB_HOST', '127.0.0.1'),
+        'PORT': os.getenv('DB_PORT', 5432),
+    }
+}

sikweb/settings-sample.py

@@ -17,6 +17,7 @@ from sikweb.base import *
 DEBUG = True
 
 # ALLOWED_HOSTS = ["*"]
+URL = "sika.sik.party"
 
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = '7p$85^4ibb^p4-=vs44b7!y0e-zemugze18@a#30&71=a8)dp('

stack-compose.yml

@@ -0,0 +1,69 @@
+version: '3.4'
+services:
+  db:
+    image: postgres:10
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      update_config:
+        order: start-first
+
+    environment:
+      - POSTGRES_USER_FILE=/run/secrets/DJANGO_DB_USER
+      - POSTGRES_PASSWORD_FILE=/run/secrets/DJANGO_DB_PASSWD
+    ports:
+      - 5432:5432
+    volumes:
+      - dbdata:/var/lib/postgresql/data
+    secrets:
+      - DJANGO_DB_USER
+      - DJANGO_DB_PASSWD
+
+  backend:
+    image: registry.gitlab.com/sahkoinsinoorikilta/vtmk/web2.0-backend:latest
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      update_config:
+        order: start-first
+    depends_on:
+      - db
+    ports:
+      - 8000:8000
+    volumes:
+      - type: bind
+        source: /home/sik/production/media
+        target: /app/media
+    environment:
+      - SECRET_KEY_FILE=/run/secrets/DJANGO_SECRET_KEY
+      - TG_BOT_TOKEN_FILE=/run/secrets/DJANGO_TG_BOT_TOKEN
+      - EMAIL_PASSWD_FILE=/run/secrets/DJANGO_EMAIL_PASSWD
+      - DB_USER_FILE=/run/secrets/DJANGO_DB_USER
+      - DB_PASSWD_FILE=/run/secrets/DJANGO_DB_PASSWD
+      - DB_HOST=db
+      - DB_PORT=5432
+
+    secrets:
+      - DJANGO_SECRET_KEY
+      - DJANGO_TG_BOT_TOKEN
+      - DJANGO_EMAIL_PASSWD
+      - DJANGO_DB_USER
+      - DJANGO_DB_PASSWD
+secrets:
+  DJANGO_SECRET_KEY:
+    external: true
+  DJANGO_TG_BOT_TOKEN:
+    external: true
+  DJANGO_EMAIL_PASSWD:
+    external: true
+  DJANGO_DB_NAME:
+    external: true
+  DJANGO_DB_USER:
+    external: true
+  DJANGO_DB_PASSWD:
+    external: true
+
+volumes:
+  dbdata: