Use environment variables in Django settings

.env.example

@@ -0,0 +1,35 @@
+# One of "development", "staging", "production". Defaults to "development".
+# In any environment that is not "production", a big visible warning naming
+# the current environment is shown at the top of every page.
+# When the environment is "development", DEBUG is set to True.
+SERVALA_ENVIRONMENT='development'
+
+# Set PREVIOUS_SECRET_KEY when rotating to a new secret key in order to not expire all sessions
+# SERVALA_PREVIOUS_SECRET_KEY=''
+SERVALA_SECRET_KEY='django-insecure-8sl^1&1f-$3%w7cf)q(rcvi4jo(#s3ug-@be0ooc2ioep*&%7@'
+
+# Set the allowed hosts as comma-separated list.
+# Use a leading dot to match a domain and all subdomains.
+# Leave or unset in the development environment in order to accept localhost names.
+SERVALA_ALLOWED_HOSTS='.example.com'
+
+# Database settings:
+# In development mode, leave the DB name empty in order to use a SQLite database called db.sqlite3
+# Otherwise, defaults point to a local PostgreSQL database with name and user "servala".
+# You MUST set the password.
+SERVALA_DB_USER=''
+SERVALA_DB_PASSWORD=''
+SERVALA_DB_HOST=''
+SERVALA_DB_PORT=''
+
+# Location for file uploads. Leading "/" for absolute path, otherwise relative to base dir
+# Defaults to 'media'
+SERVALA_MEDIA_ROOT=''
+
+SERVALA_EMAIL_HOST='localhost'
+SERVALA_EMAIL_PORT='25'
+SERVALA_EMAIL_USER=''
+SERVALA_EMAIL_PASSWORD=''
+# At most one of the following settings may be set to True
+SERVALA_EMAIL_TLS='False'
+SERVALA_EMAIL_SSL='False'

README.md

@@ -4,7 +4,10 @@ The Servala Self-Service Portal
 
 ## Development setup
 
-Use ``uv`` to install the project and run its commands while you’re developing:
+First, copy the ``.env.example`` file to ``.env`` and adjust the settings to your needs.
+Make sure to source the file before running any commands.
+
+Then use ``uv`` to install the project and run its commands while you’re developing:
 
 ```bash
 uv sync --dev

src/servala/settings.py

@@ -1,34 +1,72 @@
 """
 Django settings for servala project.
 
-Generated by 'django-admin startproject' using Django 4.2.
+Servala is run using environment variables. Documentation:
 
-For more information on this file, see
-https://docs.djangoproject.com/en/4.2/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/4.2/ref/settings/
+- README.md for project information
+- .env.example for environment variables in use
+- Django settings guide: https://docs.djangoproject.com/en/4.2/topics/settings/
+- Django settings reference: https://docs.djangoproject.com/en/4.2/ref/settings/
 """
 
+import os
 from pathlib import Path
 
-# Build paths inside the project like this: BASE_DIR / 'subdir'.
+SERVALA_ENVIRONMENT = os.environ.get("SERVALA_ENVIRONMENT", "development")
+DEBUG = SERVALA_ENVIRONMENT == "development"
+
+SECRET_KEY = os.environ.get("SERVALA_SECRET_KEY")
+if previous_secret_key := os.environ.get("SERVALA_PREVIOUS_SECRET_KEY"):
+    SECRET_KEY_FALLBACKS = [previous_secret_key]
+
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-8sl^1&1f-$3%w7cf)q(rcvi4jo(#s3ug-@be0ooc2ioep*&%7@"
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
 ALLOWED_HOSTS = []
+if allowed_hosts := os.environ.get("SERVALA_ALLOWED_HOSTS"):
+    ALLOWED_HOSTS = allowed_hosts.split(",")
 
+db_name = os.environ.get("SERVALA_DB_NAME", "")
+if SERVALA_ENVIRONMENT == "development" and not db_name:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.sqlite3",
+            "NAME": BASE_DIR / "db.sqlite3",
+            "OPTIONS": {"timeout": 10},
+        }
+    }
+else:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.postgresql",
+            "NAME": db_name or "servala",
+            "USER": os.environ.get("SERVALA_DB_USER", "servala"),
+            "PASSWORD": os.environ.get("SERVALA_DB_PASSWORD"),
+            "HOST": os.environ.get("SERVALA_DB_HOST", "localhost"),
+            "PORT": os.environ.get("SERVALA_DB_PORT", "5432"),
+            "CONN_MAX_AGE": 120,
+            "CONN_HEALTH_CHECKS": True,
+        }
+    }
 
-# Application definition
+MEDIA_ROOT = os.environ.get("SERVALA_MEDIA_ROOT", "media")
+
+if MEDIA_ROOT.startswith("/"):
+    MEDIA_ROOT = Path(MEDIA_ROOT)
+else:
+    MEDIA_ROOT = BASE_DIR / MEDIA_ROOT
+
+EMAIL_HOST = os.environ.get("SERVALA_EMAIL_HOST", "localhost")
+EMAIL_PORT = int(os.environ.get("SERVALA_EMAIL_PORT", "25"))
+EMAIL_HOST_USER = os.environ.get("SERVALA_EMAIL_USER", "")
+EMAIL_HOST_PASSWORD = os.environ.get("SERVALA_EMAIL_PASSWORD", "")
+EMAIL_USE_TLS = os.environ.get("SERVALA_EMAIL_TLS", "False") == "True"
+EMAIL_USE_SSL = os.environ.get("SERVALA_EMAIL_SSL", "False") == "True"
+
+#######################################
+#   Non-configurable settings below   #
+#######################################
+
+WSGI_APPLICATION = "servala.wsgi.application"
 
 INSTALLED_APPS = [
     "django.contrib.admin",
@@ -50,6 +88,8 @@ MIDDLEWARE = [
 ]
 
 ROOT_URLCONF = "servala.urls"
+STATIC_URL = "static/"  # CSS, JavaScript, etc.
+MEDIA_URL = "media/"  # User uploads, e.g. images
 
 TEMPLATES = [
     {
@@ -67,57 +107,27 @@ TEMPLATES = [
     },
 ]
 
-WSGI_APPLICATION = "servala.wsgi.application"
-
-
-# Database
-# https://docs.djangoproject.com/en/4.2/ref/settings/#databases
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "db.sqlite3",
-    }
-}
-
-
-# Password validation
-# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
-
 AUTH_PASSWORD_VALIDATORS = [
     {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
     },
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
 ]
-
-
-# Internationalization
-# https://docs.djangoproject.com/en/4.2/topics/i18n/
-
-LANGUAGE_CODE = "en-us"
-
-TIME_ZONE = "UTC"
-
-USE_I18N = True
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/4.2/howto/static-files/
-
-STATIC_URL = "static/"
-
-# Default primary key field type
-# https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
+PASSWORD_HASHERS = [
+    "django.contrib.auth.hashers.Argon2PasswordHasher",
+    "django.contrib.auth.hashers.PBKDF2PasswordHasher",
+    "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
+    "django.contrib.auth.hashers.BCryptSHA256PasswordHasher",
+    "django.contrib.auth.hashers.ScryptPasswordHasher",
+]
+CSRF_COOKIE_NAME = "servala_csrf"
+LANGUAGE_COOKIE_NAME = "servala_lang"
+SESSION_COOKIE_NAME = "servala_sess"
+SESSION_COOKIE_SECURE = not DEBUG
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+# TODO
+TIME_ZONE = "UTC"