diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..5d168ce Binary files /dev/null and b/.DS_Store differ diff --git a/Dockerfile b/Dockerfile index e8edc22..9f1620b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ WORKDIR /app COPY ./app . RUN python manage.py collectstatic --noinput +RUN chmod +x /app/entrypoint.sh # ============================================= # 5. Create non-root user @@ -55,4 +56,4 @@ EXPOSE 80 # ============================================= # 6. Launch the app # ============================================= -CMD ["gunicorn", "keywarden.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "3"] \ No newline at end of file +CMD ["./entrypoint.sh"] \ No newline at end of file diff --git a/app/apps/core/management/__init__.py b/app/apps/core/management/__init__.py new file mode 100644 index 0000000..844eb9c --- /dev/null +++ b/app/apps/core/management/__init__.py @@ -0,0 +1,2 @@ +# Intentionally empty to mark package + diff --git a/app/apps/core/management/commands/__init__.py b/app/apps/core/management/commands/__init__.py new file mode 100644 index 0000000..844eb9c --- /dev/null +++ b/app/apps/core/management/commands/__init__.py @@ -0,0 +1,2 @@ +# Intentionally empty to mark package + diff --git a/app/apps/core/management/commands/ensure_admin.py b/app/apps/core/management/commands/ensure_admin.py new file mode 100644 index 0000000..33472ba --- /dev/null +++ b/app/apps/core/management/commands/ensure_admin.py @@ -0,0 +1,68 @@ +import os + +from django.contrib.auth import get_user_model +from django.core.management.base import BaseCommand + + +class Command(BaseCommand): + help = "Ensure a Django superuser exists using environment variables" + + def handle(self, *args, **options): + username = ( + os.getenv("DJANGO_SUPERUSER_USERNAME") + or os.getenv("KEYWARDEN_ADMIN_USERNAME") + ) + email = ( + os.getenv("DJANGO_SUPERUSER_EMAIL") + or os.getenv("KEYWARDEN_ADMIN_EMAIL") + ) + password = ( + os.getenv("DJANGO_SUPERUSER_PASSWORD") + or os.getenv("KEYWARDEN_ADMIN_PASSWORD") + ) + + if not username or not email or not password: + self.stdout.write( + self.style.WARNING( + "Superuser env vars not fully set; skipping ensure_admin. " + "Set DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, " + "DJANGO_SUPERUSER_PASSWORD (or KEYWARDEN_ADMIN_*)." + ) + ) + return + + User = get_user_model() + + user, created = User.objects.get_or_create(username=username, defaults={ + "email": email, + "is_staff": True, + "is_superuser": True, + }) + + if created: + user.set_password(password) + user.save() + self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' created.")) + return + + changed = False + + if user.email != email: + user.email = email + changed = True + + # Ensure flags are correct + if not user.is_staff: + user.is_staff = True + changed = True + if not user.is_superuser: + user.is_superuser = True + changed = True + + if changed: + user.save() + self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' updated.")) + else: + self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' already present.")) + + diff --git a/app/entrypoint.sh b/app/entrypoint.sh new file mode 100644 index 0000000..9e6297e --- /dev/null +++ b/app/entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -eu + +python manage.py migrate --noinput +python manage.py ensure_admin + +exec gunicorn keywarden.wsgi:application --bind 0.0.0.0:80 --workers 3 + + diff --git a/docker-compose.yml.example b/docker-compose.yml.example index fefdebf..73d93ed 100644 --- a/docker-compose.yml.example +++ b/docker-compose.yml.example @@ -38,7 +38,7 @@ services: keywarden: image: git.ntbx.io/boris/keywarden:latest container_name: keywarden - command: gunicorn keywarden.wsgi:application --bind 0.0.0.0:8000 + command: sh ./entrypoint.sh ports: - "8000:80" depends_on: @@ -47,6 +47,9 @@ services: environment: - DJANGO_SETTINGS_MODULE=keywarden.settings.dev - PYTHONPATH=/app + - DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME} + - DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL} + - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD} env_file: - .env diff --git a/nginx/configs/sites/default.conf b/nginx/configs/sites/default.conf index 188c46b..ac86e54 100644 --- a/nginx/configs/sites/default.conf +++ b/nginx/configs/sites/default.conf @@ -1,8 +1,8 @@ # Default NGINX Config server { - listen 80; - listen [::]:80; - server_name keywarden.dev.ntbx.io; + listen 8008; + listen [::]:8008; + server_name _; return 301 https://$host$request_uri; } @@ -13,7 +13,7 @@ server { listen [::]:443 ssl; http2 on; - server_name keywarden.dev.ntbx.io; + server_name _; ssl_certificate /certs/certificate.pem; ssl_certificate_key /certs/key.pem; @@ -22,7 +22,7 @@ server { client_max_body_size 50M; location / { - proxy_pass http://keywarden:8000; + proxy_pass http://keywarden:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;