From c445a4a66ccadca1fbebba1732792617bf77fa1d Mon Sep 17 00:00:00 2001
From: Aarni Halinen <aarni.halinen@gmail.com>
Date: Tue, 8 Oct 2019 23:07:03 +0300
Subject: [PATCH 1/3] Revert "Read ENV files runtime"

This reverts commit 96dd77e455aae9ed5fec0a3768fa5247d2e56d11.
---
 sikweb/settings-sample-prod.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sikweb/settings-sample-prod.py b/sikweb/settings-sample-prod.py
index 8d8afe5..07d422f 100644
--- a/sikweb/settings-sample-prod.py
+++ b/sikweb/settings-sample-prod.py
@@ -19,7 +19,7 @@ DEBUG = False
 ALLOWED_HOSTS = ["sika.sik.party"]
 
 # SECURITY WARNING: keep the secret key used in production secret!
-f = open(os.getenv("DJANGO_SECRET_KEY_FILE"), "r")
+f = open("/run/secrets/DJANGO_SECRET_KEY", "r")
 SECRET_KEY = f.readline()
 f.close()
 
@@ -30,7 +30,7 @@ GOOGLE_RECAPTCHA_SECRET_KEY = "YOUR-PRIVATE-KEY"
 
 # Email settings (more settings in base.py)
 EMAIL_HOST_USER = 'sikviestinta@gmail.com'
-f = open(os.getenv("DJANGO_EMAIL_PASSWD_FILE"), "r")
+f = open("/run/secrets/DJANGO_EMAIL_PASSWD", "r")
 EMAIL_HOST_PASSWORD = f.readline()
 f.close()
 DEFAULT_EMAIL_FROM = 'SIK Viestintä <sikviestinta@gmail.com>'
@@ -42,13 +42,13 @@ TELEGRAM_BOT_TOKEN = os.getenv('TG_BOT_TOKEN')
 # Database settings
 # Only uncomment if default settings in base.py are not ok
 
-f = open(os.getenv("DJANGO_DB_NAME_FILE"), "r")
+f = open("/run/secrets/DJANGO_DB_NAME", "r")
 DB_NAME = f.readline()
 f.close()
-f = open(os.getenv("DJANGO_DB_USER_FILE"), "r")
+f = open("/run/secrets/DJANGO_DB_USER", "r")
 DB_USER = f.readline()
 f.close()
-f = open(os.getenv("DJANGO_DB_PASSWORD_FILE"), "r")
+f = open("/run/secrets/DJANGO_DB_PASSWORD", "r")
 DB_PASSWORD = f.readline()
 f.close()
 

From c07ec5855a6101af0fa77cbcbaf1c2b6a666f94e Mon Sep 17 00:00:00 2001
From: Aarni Halinen <aarni.halinen@gmail.com>
Date: Tue, 8 Oct 2019 23:07:45 +0300
Subject: [PATCH 2/3] Revert "Read secrets from files to vars"

This reverts commit 84f1f9239b923daf24e5563dffb451f0e74252cd.
---
 sikweb/settings-sample-prod.py | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/sikweb/settings-sample-prod.py b/sikweb/settings-sample-prod.py
index 07d422f..6920a2d 100644
--- a/sikweb/settings-sample-prod.py
+++ b/sikweb/settings-sample-prod.py
@@ -19,9 +19,7 @@ DEBUG = False
 ALLOWED_HOSTS = ["sika.sik.party"]
 
 # SECURITY WARNING: keep the secret key used in production secret!
-f = open("/run/secrets/DJANGO_SECRET_KEY", "r")
-SECRET_KEY = f.readline()
-f.close()
+SECRET_KEY = os.getenv('SECRET_KEY', '<your secret key>')
 
 # ReCaptcha
 # http://www.yaconiello.com/blog/integrating-google-recaptcha-to-django/
@@ -30,9 +28,7 @@ GOOGLE_RECAPTCHA_SECRET_KEY = "YOUR-PRIVATE-KEY"
 
 # Email settings (more settings in base.py)
 EMAIL_HOST_USER = 'sikviestinta@gmail.com'
-f = open("/run/secrets/DJANGO_EMAIL_PASSWD", "r")
-EMAIL_HOST_PASSWORD = f.readline()
-f.close()
+EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWD', '<gmail_passu>')
 DEFAULT_EMAIL_FROM = 'SIK Viestintä <sikviestinta@gmail.com>'
 ENABLE_AUTOMATIC_EMAILS = True
 
@@ -42,22 +38,12 @@ TELEGRAM_BOT_TOKEN = os.getenv('TG_BOT_TOKEN')
 # Database settings
 # Only uncomment if default settings in base.py are not ok
 
-f = open("/run/secrets/DJANGO_DB_NAME", "r")
-DB_NAME = f.readline()
-f.close()
-f = open("/run/secrets/DJANGO_DB_USER", "r")
-DB_USER = f.readline()
-f.close()
-f = open("/run/secrets/DJANGO_DB_PASSWORD", "r")
-DB_PASSWORD = f.readline()
-f.close()
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': DB_NAME,
-        'USER': DB_USER,
-        'PASSWORD': DB_PASSWORD,
+        'NAME': os.getenv('DB_NAME', '<none>'),
+        'USER': os.getenv('DB_USER', '<none>'),
+        'PASSWORD': os.getenv('DB_PASSWD', '<none>'),
         'HOST': os.getenv('DB_HOST', '127.0.0.1'),
         'PORT': os.getenv('DB_PORT', 5432),
     }

From 9ffec5153752542c158e0f831bb1c3c7e01be3e2 Mon Sep 17 00:00:00 2001
From: Aarni Halinen <aarni.halinen@gmail.com>
Date: Tue, 8 Oct 2019 23:16:09 +0300
Subject: [PATCH 3/3] Add ENV population to entrypoint.sh

---
 production_entrypoint.sh | 8 ++++++++
 stack-compose.yml        | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/production_entrypoint.sh b/production_entrypoint.sh
index bce7881..4676b15 100755
--- a/production_entrypoint.sh
+++ b/production_entrypoint.sh
@@ -1,5 +1,13 @@
 #!/bin/sh
 
+# Get ENVs from secrets
+export SECRET_KEY=$(cat $SECRET_KEY_FILE)
+export TG_BOT_TOKEN=$(cat $TG_BOT_TOKEN_FILE)
+export EMAIL_PASSWD=$(cat $EMAIL_PASSWD_FILE)
+export DB_NAME=$(cat $DB_NAME_FILE)
+export DB_USER=$(cat $DB_USER_FILE)
+export DB_PASSWD=$(cat $DB_PASSWD_FILE)
+
 # Collect static files
 echo "Collect static files"
 python manage.py collectstatic --noinput
diff --git a/stack-compose.yml b/stack-compose.yml
index abbe45f..e84a605 100644
--- a/stack-compose.yml
+++ b/stack-compose.yml
@@ -25,7 +25,7 @@ services:
       - EMAIL_PASSWD_FILE=/run/secrets/DJANGO_EMAIL_PASSWD
       - DB_NAME_FILE=/run/secrets/DJANGO_DB_NAME
       - DB_USER_FILE=/run/secrets/DJANGO_DB_USER
-      - DB_PASSWORD_FILE=/run/secrets/DJANGO_DB_PASSWD
+      - DB_PASSWD_FILE=/run/secrets/DJANGO_DB_PASSWD
       - DB_HOST=db
       - DB_PORT=5432