Use environment variables in Django settings

2025-03-05 17:28:57 +01:00 · 2025-03-05 17:28:57 +01:00 · 2e49849960
commit 2e49849960
parent 34cee1aa2e
3 changed files with 115 additions and 67 deletions
--- a/src/servala/settings.py
+++ b/src/servala/settings.py
@ -1,34 +1,72 @@
 """
 Django settings for servala project.

-Generated by 'django-admin startproject' using Django 4.2.
+Servala is run using environment variables. Documentation:

-For more information on this file, see
-https://docs.djangoproject.com/en/4.2/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/4.2/ref/settings/
+- README.md for project information
+- .env.example for environment variables in use
+- Django settings guide: https://docs.djangoproject.com/en/4.2/topics/settings/
+- Django settings reference: https://docs.djangoproject.com/en/4.2/ref/settings/
 """

+import os
 from pathlib import Path

-# Build paths inside the project like this: BASE_DIR / 'subdir'.
+SERVALA_ENVIRONMENT = os.environ.get("SERVALA_ENVIRONMENT", "development")
+DEBUG = SERVALA_ENVIRONMENT == "development"
+
+SECRET_KEY = os.environ.get("SERVALA_SECRET_KEY")
+if previous_secret_key := os.environ.get("SERVALA_PREVIOUS_SECRET_KEY"):
+    SECRET_KEY_FALLBACKS = [previous_secret_key]
+
 BASE_DIR = Path(__file__).resolve().parent.parent

-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-8sl^1&1f-$3%w7cf)q(rcvi4jo(#s3ug-@be0ooc2ioep*&%7@"
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
 ALLOWED_HOSTS = []
+if allowed_hosts := os.environ.get("SERVALA_ALLOWED_HOSTS"):
+    ALLOWED_HOSTS = allowed_hosts.split(",")

+db_name = os.environ.get("SERVALA_DB_NAME", "")
+if SERVALA_ENVIRONMENT == "development" and not db_name:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.sqlite3",
+            "NAME": BASE_DIR / "db.sqlite3",
+            "OPTIONS": {"timeout": 10},
+        }
+    }
+else:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.postgresql",
+            "NAME": db_name or "servala",
+            "USER": os.environ.get("SERVALA_DB_USER", "servala"),
+            "PASSWORD": os.environ.get("SERVALA_DB_PASSWORD"),
+            "HOST": os.environ.get("SERVALA_DB_HOST", "localhost"),
+            "PORT": os.environ.get("SERVALA_DB_PORT", "5432"),
+            "CONN_MAX_AGE": 120,
+            "CONN_HEALTH_CHECKS": True,
+        }
+    }

-# Application definition
+MEDIA_ROOT = os.environ.get("SERVALA_MEDIA_ROOT", "media")
+
+if MEDIA_ROOT.startswith("/"):
+    MEDIA_ROOT = Path(MEDIA_ROOT)
+else:
+    MEDIA_ROOT = BASE_DIR / MEDIA_ROOT
+
+EMAIL_HOST = os.environ.get("SERVALA_EMAIL_HOST", "localhost")
+EMAIL_PORT = int(os.environ.get("SERVALA_EMAIL_PORT", "25"))
+EMAIL_HOST_USER = os.environ.get("SERVALA_EMAIL_USER", "")
+EMAIL_HOST_PASSWORD = os.environ.get("SERVALA_EMAIL_PASSWORD", "")
+EMAIL_USE_TLS = os.environ.get("SERVALA_EMAIL_TLS", "False") == "True"
+EMAIL_USE_SSL = os.environ.get("SERVALA_EMAIL_SSL", "False") == "True"
+
+#######################################
+#   Non-configurable settings below   #
+#######################################
+
+WSGI_APPLICATION = "servala.wsgi.application"

 INSTALLED_APPS = [
    "django.contrib.admin",
@ -50,6 +88,8 @@ MIDDLEWARE = [
 ]

 ROOT_URLCONF = "servala.urls"
+STATIC_URL = "static/"  # CSS, JavaScript, etc.
+MEDIA_URL = "media/"  # User uploads, e.g. images

 TEMPLATES = [
    {
@ -67,57 +107,27 @@ TEMPLATES = [
    },
 ]

-WSGI_APPLICATION = "servala.wsgi.application"
-
-
-# Database
-# https://docs.djangoproject.com/en/4.2/ref/settings/#databases
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "db.sqlite3",
-    }
-}
-
-
-# Password validation
-# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
-
 AUTH_PASSWORD_VALIDATORS = [
    {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
    },
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
 ]
-
-
-# Internationalization
-# https://docs.djangoproject.com/en/4.2/topics/i18n/
-
-LANGUAGE_CODE = "en-us"
-
-TIME_ZONE = "UTC"
-
-USE_I18N = True
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/4.2/howto/static-files/
-
-STATIC_URL = "static/"
-
-# Default primary key field type
-# https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
+PASSWORD_HASHERS = [
+    "django.contrib.auth.hashers.Argon2PasswordHasher",
+    "django.contrib.auth.hashers.PBKDF2PasswordHasher",
+    "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
+    "django.contrib.auth.hashers.BCryptSHA256PasswordHasher",
+    "django.contrib.auth.hashers.ScryptPasswordHasher",
+]
+CSRF_COOKIE_NAME = "servala_csrf"
+LANGUAGE_COOKIE_NAME = "servala_lang"
+SESSION_COOKIE_NAME = "servala_sess"
+SESSION_COOKIE_SECURE = not DEBUG

 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+# TODO
+TIME_ZONE = "UTC"