Skip to content

Commit 4670a76

Browse files
sundargs2000sundargs2000
committed
feature: Added generate-env-file.py.
1 parent ce072f4 commit 4670a76

File tree

3 files changed

+65
-11
lines changed

3 files changed

+65
-11
lines changed

.env.example

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Mandatory settings to set
2+
EXTERNAL_HOST = localhost.localdomain
3+
ZULIP_ADMINISTRATOR_EMAIL = [email protected]
4+
5+
# Optional secrets to set
6+
POSTGRES_PASSWORD = REPLACE_WITH_SECURE_POSTGRES_PASSWORD
7+
MEMCACHED_PASSWORD = REPLACE_WITH_SECURE_MEMCACHED_PASSWORD
8+
RABBITMQ_PASSWORD = REPLACE_WITH_SECURE_RABBITMQ_PASSWORD
9+
REDIS_PASSWORD = REPLACE_WITH_SECURE_REDIS_PASSWORD
10+
secret_key = REPLACE_WITH_SECURE_SECRET_KEY

docker-compose.yml

+11-11
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ services:
88
# Note that you need to do a manual `ALTER ROLE` query if you
99
# change this on a system after booting the postgres container
1010
# the first time on a host. Instructions are available in README.md.
11-
POSTGRES_PASSWORD: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
11+
POSTGRES_PASSWORD: '${POSTGRES_PASSWORD}'
1212
volumes:
1313
- '/opt/docker/zulip/postgresql/data:/var/lib/postgresql/data:rw'
1414
memcached:
@@ -24,15 +24,15 @@ services:
2424
environment:
2525
SASL_CONF_PATH: '/home/memcache/memcached.conf'
2626
MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
27-
MEMCACHED_PASSWORD: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
27+
MEMCACHED_PASSWORD: '${MEMCACHED_PASSWORD}'
2828
restart: always
2929
rabbitmq:
3030
image: 'rabbitmq:3.7.7'
3131
hostname: zulip-rabbit
3232
restart: always
3333
environment:
3434
RABBITMQ_DEFAULT_USER: 'zulip'
35-
RABBITMQ_DEFAULT_PASS: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
35+
RABBITMQ_DEFAULT_PASS: '${RABBITMQ_PASSWORD}'
3636
volumes:
3737
- '/opt/docker/zulip/rabbitmq:/var/lib/rabbitmq:rw'
3838
redis:
@@ -44,7 +44,7 @@ services:
4444
echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
4545
exec redis-server /etc/redis.conf
4646
environment:
47-
REDIS_PASSWORD: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
47+
REDIS_PASSWORD: '${REDIS_PASSWORD}'
4848
volumes:
4949
- '/opt/docker/zulip/redis:/data:rw'
5050
zulip:
@@ -71,13 +71,13 @@ services:
7171
SECRETS_email_password: '123456789'
7272
# These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
7373
# MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
74-
SECRETS_rabbitmq_password: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
75-
SECRETS_postgres_password: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
76-
SECRETS_memcached_password: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
77-
SECRETS_redis_password: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
78-
SECRETS_secret_key: 'REPLACE_WITH_SECURE_SECRET_KEY'
79-
SETTING_EXTERNAL_HOST: 'localhost.localdomain'
80-
SETTING_ZULIP_ADMINISTRATOR: '[email protected]'
74+
SECRETS_rabbitmq_password: '${RABBITMQ_PASSWORD}'
75+
SECRETS_postgres_password: '${POSTGRES_PASSWORD}'
76+
SECRETS_memcached_password: '${MEMCACHED_PASSWORD}'
77+
SECRETS_redis_password: '${REDIS_PASSWORD}'
78+
SECRETS_secret_key: '${secret_key}'
79+
SETTING_EXTERNAL_HOST: '${EXTERNAL_HOST}'
80+
SETTING_ZULIP_ADMINISTRATOR: '${ZULIP_ADMINISTRATOR_EMAIL}'
8181
SETTING_EMAIL_HOST: '' # e.g. smtp.example.com
8282
SETTING_EMAIL_HOST_USER: '[email protected]'
8383
SETTING_EMAIL_PORT: '587'

scripts/generate_env_file.py

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
from io import StringIO
2+
import os
3+
import configparser
4+
import secrets
5+
6+
def read_example_env():
7+
file_to_read = None
8+
if os.path.isfile('.env'):
9+
file_to_read = '.env'
10+
else:
11+
file_to_read = '.env.example'
12+
13+
dummy_config = StringIO()
14+
dummy_config.write('[dummy]\n')
15+
dummy_config.write(open(file_to_read).read())
16+
dummy_config.seek(0, os.SEEK_SET)
17+
18+
cp = configparser.ConfigParser()
19+
cp.read_file(dummy_config)
20+
return cp['dummy']
21+
22+
def set_if_expected(env, key, expected, value):
23+
if env[key] == expected:
24+
env[key] = value
25+
26+
def generate_and_set_secrets(env):
27+
set_if_expected(env, 'POSTGRES_PASSWORD', 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD', secrets.token_hex(32))
28+
set_if_expected(env, 'MEMCACHED_PASSWORD', 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD', secrets.token_hex(32))
29+
set_if_expected(env, 'RABBITMQ_PASSWORD', 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD', secrets.token_hex(32))
30+
set_if_expected(env, 'REDIS_PASSWORD', 'REPLACE_WITH_SECURE_REDIS_PASSWORD', secrets.token_hex(32))
31+
set_if_expected(env, 'secret_key', 'REPLACE_WITH_SECURE_SECRET_KEY', ''.join(secrets.choice('abcdefghijklmnopqrstuvwxyz0123456789!@#$^&*(-_=+)') for i in range(50)))
32+
33+
def write_env(env):
34+
env_file = ''
35+
for key in env:
36+
env_file = f'{env_file}{key}={env[key]}\n'
37+
38+
f = open('.env', 'w')
39+
f.write(env_file)
40+
f.close()
41+
42+
env = read_example_env()
43+
generate_and_set_secrets(env)
44+
write_env(env)

0 commit comments

Comments
 (0)