denis/raincloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use path for secret key

Browse source
This commit is contained in:
Denis Lehmann 2022-06-12 12:07:31 +02:00
parent d11e68a85b
commit f813682d33
3 changed files with 28 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

32
README.org
View file

@ -50,7 +50,7 @@
First set up a [[https://redis.io/][Redis]] server which will be used for server-side session caching. First set up a [[https://redis.io/][Redis]] server which will be used for server-side session caching.
Then a WSGI server like [[https://gunicorn.org/][Gunicorn]] can be used to serve /raincloud/ for example like this: Then a WSGI server like [[https://gunicorn.org/][Gunicorn]] can be used to serve /raincloud/ for example like this:
: $ gunicorn "raincloud:create_app(base_path='public', secret_key='i_am_a_key', redis_url='redis://127.0.0.1:6379/0')" : $ gunicorn "raincloud:create_app(base_path='public', secret_key_path='secret_key', redis_url='redis://127.0.0.1:6379/0')"
*** NixOS *** NixOS
@ -71,7 +71,7 @@
services.raincloud = { services.raincloud = {
enable = true; enable = true;
basePath = "/var/lib/raincloud"; basePath = "/var/lib/raincloud";
secretKey = "i_am_a_key"; secretKeyPath = "/var/lib/raincloud/secret_key";
redisUrl = "unix:/run/redis-raincloud/redis.sock"; redisUrl = "unix:/run/redis-raincloud/redis.sock";
}; };
} }
@ -79,18 +79,18 @@
All configuration options are: All configuration options are:
| Option | Description | Type | Default value | Example | | Option | Description | Type | Default value | Example |
|-----------------+---------------------------------------------------------------+-------+----------------------------+-------------------------------| |-----------------+---------------------------------------------------------------+-------+----------------------------+----------------------------------------|
| =address= | Bind address of the server | =str= | =127.0.0.1= | =0.0.0.0= | | =address= | Bind address of the server | =str= | =127.0.0.1= | =0.0.0.0= |
| =port= | Port on which the server listens | =int= | =8000= | =5000= | | =port= | Port on which the server listens | =int= | =8000= | =5000= |
| =user= | User under which the server runs | =str= | =raincloud= | =alice= | | =user= | User under which the server runs | =str= | =raincloud= | =alice= |
| =group= | Group under which the server runs | =str= | =raincloud= | =users= | | =group= | Group under which the server runs | =str= | =raincloud= | =users= |
| =cloudName= | Name of the raincloud | =str= | =raincloud= | =bobsCloud= | | =cloudName= | Name of the raincloud | =str= | =raincloud= | =bobsCloud= |
| =basePath= | Base path of the raincloud | =str= | | =/var/lib/raincloud= | | =basePath= | Base path of the raincloud | =str= | | =/var/lib/raincloud= |
| =secretKey= | Flask secret key | =str= | | =i_am_a_key= | | =secretKeyPath= | Path to file containing Flask secret key | =str= | | =/var/lib/raincloud/secret_key= |
| =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =redis://my_db_server:6379/0= | | =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =unix:/run/redis-raincloud/redis.sock= |
| =numWorkers= | Number of Gunicorn workers (recommendation is: 2 x #CPUs + 1) | =int= | =5= | =17= | | =numWorkers= | Number of Gunicorn workers (recommendation is: 2 x #CPUs + 1) | =int= | =5= | =17= |
| =workerTimeout= | Gunicorn worker timeout | =int= | =300= | =360= | | =workerTimeout= | Gunicorn worker timeout | =int= | =300= | =360= |
*** Docker *** Docker
@ -116,12 +116,12 @@
/raincloud/ provides four configuration options which can be passed to =raincloud.create_app()=: /raincloud/ provides four configuration options which can be passed to =raincloud.create_app()=:
- =base_path= :: Base path of the raincloud - =base_path= :: Base path of the raincloud
- =secret_key= :: Flask secret key - =secret_key_path= :: Path to file containing Flask secret key
- =redis_url= :: URL of redis database (default: =redis://127.0.0.1:6379/0=) - =redis_url= :: URL of redis database (default: =redis://127.0.0.1:6379/0=)
- =cloud_name= :: Cloud name (default: =raincloud=) - =cloud_name= :: Cloud name (default: =raincloud=)
Set them for example like this: Set them for example like this:
: >>> app = raincloud.create_app(base_path='/home/alice/public', secret_key='i_am_a_key', redis_url='redis://127.0.0.1:6379/0', cloud_name='raincloud') : >>> app = raincloud.create_app(base_path='/home/alice/public', secret_key_path='/var/lib/raincloud/secret_key', redis_url='redis://127.0.0.1:6379/0', cloud_name='raincloud')
*** =rc.conf= *** =rc.conf=
:properties: :properties:

9
flake.nix
View file

@ -59,17 +59,20 @@
basePath = mkOption { basePath = mkOption {
type = types.str; type = types.str;
example = "/var/lib/raincloud"
description = "Base path of the raincloud"; description = "Base path of the raincloud";
}; };
secretKey = mkOption { secretKeyPath = mkOption {
type = types.str; type = types.str;
description = "Flask secret key"; example = "/var/lib/raincloud/secret_key";
description = "Path to file containing Flask secret key";
}; };
redisUrl = mkOption { redisUrl = mkOption {
type = types.str; type = types.str;
default = "redis://127.0.0.1:6379/0"; default = "redis://127.0.0.1:6379/0";
example = "unix:/run/redis-raincloud/redis.sock";
description = "URL of Redis database"; description = "URL of Redis database";
}; };
@ -115,7 +118,7 @@
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStart = '' ExecStart = ''
${gunicorn}/bin/gunicorn "raincloud:create_app('${cfg.basePath}', '${cfg.secretKey}', '${cfg.redisUrl}', '${cfg.cloudName}')" \ ${gunicorn}/bin/gunicorn "raincloud:create_app('${cfg.basePath}', '${cfg.secretKeyPath}', '${cfg.redisUrl}', '${cfg.cloudName}')" \
--workers ${toString cfg.numWorkers} \ --workers ${toString cfg.numWorkers} \
--timeout ${toString cfg.workerTimeout} \ --timeout ${toString cfg.workerTimeout} \
--bind=${cfg.address}:${toString cfg.port} --bind=${cfg.address}:${toString cfg.port}

8
raincloud/raincloud.py
View file

@ -18,12 +18,16 @@ import werkzeug
def create_app( def create_app(
base_path, secret_key, redis_url="redis://127.0.0.1:6379/0", cloud_name="raincloud" base_path,
secret_key_path,
redis_url="redis://127.0.0.1:6379/0",
cloud_name="raincloud",
): ):
# Create app # Create app
app = Flask(__name__) app = Flask(__name__)
app.config["SECRET_KEY"] = secret_key with open(secret_key_path, "r") as secret_key_file:
app.config["SECRET_KEY"] = secret_key_file.readline()
# Create handlers # Create handlers
dh = DirectoryHandler(base_path) dh = DirectoryHandler(base_path)