From 04e4dd8cdfcf7be4701872c0241960af7b1abc0f Mon Sep 17 00:00:00 2001 From: chriscummings Date: Fri, 22 Nov 2024 08:44:33 -0600 Subject: [PATCH 1/6] Allow running local postgres in prod mode --- compose.override.production.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.override.production.yml b/compose.override.production.yml index 58f47d72..4fc425bf 100644 --- a/compose.override.production.yml +++ b/compose.override.production.yml @@ -27,7 +27,7 @@ services: env_file: - ./.envs/.production/.postgres deploy: - replicas: 0 + replicas: ${POSTGRES_ENABLED:-0} nginx: image: nginx:1.19 From 8ce0a037cb223c4b8e8233fdf7229efd232255d1 Mon Sep 17 00:00:00 2001 From: chriscummings Date: Fri, 22 Nov 2024 09:45:45 -0600 Subject: [PATCH 2/6] fix(deps): dude, you gotta use the right image name --- compose/production/django/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/production/django/Dockerfile b/compose/production/django/Dockerfile index cbb5aeb5..e1dd7b04 100644 --- a/compose/production/django/Dockerfile +++ b/compose/production/django/Dockerfile @@ -1,5 +1,5 @@ -FROM python:3.12-slim-bookwork +FROM python:3.12-slim-bookworm ENV PYTHONUNBUFFERED 1 From 2074ab48d5bde84aae016ac759bac4913bd1d211 Mon Sep 17 00:00:00 2001 From: chriscummings Date: Fri, 22 Nov 2024 11:36:38 -0600 Subject: [PATCH 3/6] fix(db): add vault for postgress password --- compose.override.production.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose.override.production.yml b/compose.override.production.yml index 4fc425bf..de54d36a 100644 --- a/compose.override.production.yml +++ b/compose.override.production.yml @@ -26,6 +26,7 @@ services: - production_postgres_data_backups:/backups:z env_file: - ./.envs/.production/.postgres + - /etc/vault.d/secrets/kv_root_security.env deploy: replicas: ${POSTGRES_ENABLED:-0} From 472ad28c84d568d9c00c2dfd78e3baf4920e6640 Mon Sep 17 00:00:00 2001 From: chriscummings Date: Fri, 22 Nov 2024 12:15:13 -0600 Subject: [PATCH 4/6] fix(db): postgress ssl var should be a bool --- config/settings/production.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/settings/production.py b/config/settings/production.py index 8f62b5d4..ffa8bf90 100644 --- a/config/settings/production.py +++ b/config/settings/production.py @@ -13,7 +13,7 @@ DATABASES["default"] = env.db("DATABASE_URL") # noqa F405 DATABASES["default"]["ATOMIC_REQUESTS"] = True # noqa F405 DATABASES["default"]["CONN_MAX_AGE"] = env.int("CONN_MAX_AGE", default=60) # noqa F405 -if env("POSTGRES_SSL"): +if env.bool("POSTGRES_SSL"): DATABASES["default"]["OPTIONS"] = {"sslmode": "require"} # noqa F405 # CACHES From c95b847c0426efbb435f665198bf4b5d5a02d309 Mon Sep 17 00:00:00 2001 From: chriscummings Date: Fri, 22 Nov 2024 12:22:14 -0600 Subject: [PATCH 5/6] fix(db): actually disable ssl when it's set to off --- config/settings/production.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/settings/production.py b/config/settings/production.py index ffa8bf90..0ac40991 100644 --- a/config/settings/production.py +++ b/config/settings/production.py @@ -15,7 +15,8 @@ DATABASES["default"]["CONN_MAX_AGE"] = env.int("CONN_MAX_AGE", default=60) # noqa F405 if env.bool("POSTGRES_SSL"): DATABASES["default"]["OPTIONS"] = {"sslmode": "require"} # noqa F405 - +elif not env.bool("POSTGRES_SSL"): + DATABASES["default"]["OPTIONS"] = {"sslmode": "disable"} # noqa F405 # CACHES # ------------------------------------------------------------------------------ CACHES = { From 48d79a4b14b921986fe31eea5bb1f8a8700dda1e Mon Sep 17 00:00:00 2001 From: chriscummings Date: Tue, 26 Nov 2024 11:58:59 -0600 Subject: [PATCH 6/6] fix(defaults): set default to True --- config/settings/production.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/settings/production.py b/config/settings/production.py index 0ac40991..8073e7f7 100644 --- a/config/settings/production.py +++ b/config/settings/production.py @@ -13,9 +13,9 @@ DATABASES["default"] = env.db("DATABASE_URL") # noqa F405 DATABASES["default"]["ATOMIC_REQUESTS"] = True # noqa F405 DATABASES["default"]["CONN_MAX_AGE"] = env.int("CONN_MAX_AGE", default=60) # noqa F405 -if env.bool("POSTGRES_SSL"): +if env.bool("POSTGRES_SSL", default=True): DATABASES["default"]["OPTIONS"] = {"sslmode": "require"} # noqa F405 -elif not env.bool("POSTGRES_SSL"): +else: DATABASES["default"]["OPTIONS"] = {"sslmode": "disable"} # noqa F405 # CACHES # ------------------------------------------------------------------------------