diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c0e41507bb1c3b4c11fb63ca7ae726e7222ffd79..eabc4b8bc307e8c5a002833c17d79c2acbeddf8b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,6 +22,7 @@ deploy_test: - echo "Deploy to test" - rm -f /var/www/test/$CI_COMMIT_REF_NAME - ln -s . /var/www/test/$CI_COMMIT_REF_NAME + - envsubst < src/gms/settings_local.example.py > src/gms/setting_local.py - python src/manage.py makemigrations - python src/manage.py migrate --run-syncdb - ln -s /etc/uwsgi/vassals/test.skel /etc/uwsgi/vassals/$CI_COMMIT_REF_NAME.ini diff --git a/src/gms/settings_local.example.py b/src/gms/settings_local.example.py index e5de56edfab269fe85b61843307852edfd6ac14c..be33709da3f66fbfc00990edab130ec60388042c 100644 --- a/src/gms/settings_local.example.py +++ b/src/gms/settings_local.example.py @@ -14,26 +14,26 @@ ADMINS = ( ### Database connection options ### DATABASES = { 'default': { - 'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'. + 'ENGINE': '${DB_ENGINE}', # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'. # this should end up in uccportal/.db/members.db - 'NAME': os.path.join(ROOT_DIR, '.db', 'members.db'), # Or path to database file if using sqlite3. - 'USER': '', # Not used with sqlite3. - 'PASSWORD': '', # Not used with sqlite3. - 'HOST': '', # Set to empty string for localhost. Not used with sqlite3. + 'NAME': '${DB_NAME}', # Or path to database file if using sqlite3. + 'USER': '${DB_USER}', # Not used with sqlite3. + 'PASSWORD': '${DB_SECRET}', # Not used with sqlite3. + 'HOST': '${DB_HOST}', # Set to empty string for localhost. Not used with sqlite3. 'PORT': '', # Set to empty string for default. Not used with sqlite3. }, 'memberdb_old': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'uccmemberdb_2018', 'USER': 'uccmemberdb', - 'PASSWORD': 'something-secret-here', + 'PASSWORD': '${OLDDB_SECRET}', 'HOST': 'mussel.ucc.gu.uwa.edu.au', 'PORT': '', } } # Make this unique, and don't share it with anybody. -SECRET_KEY = 'something-unique-here' +SECRET_KEY = '${SECRET_KEY}' # Set this to whatever your ServerName/ServerAlias(es) are ALLOWED_HOSTS = [] @@ -45,13 +45,14 @@ import ldap from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, LDAPGroupQuery # LDAP admin settings +LDAP_BASE_DN = 'DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' LDAP_USER_SEARCH_DN = 'CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' -LDAP_BIND_DN = "" +LDAP_BIND_DN = 'CN=uccportal,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' LDAP_BIND_SECRET = "" # this could be ad.ucc.gu.uwa.edu.au but that doesn't resolve externally - # useful for testing, but should be changed in production so failover works -AUTH_LDAP_SERVER_URI = 'ldaps://samson.ucc.gu.uwa.edu.au/' +AUTH_LDAP_SERVER_URI = 'ldaps://ad.ucc.gu.uwa.edu.au/' # This is also a bad idea, should be changed in production AUTH_LDAP_GLOBAL_OPTIONS = { @@ -92,9 +93,9 @@ AUTH_LDAP_USER_FLAGS_BY_GROUP = { } # the Square app and location data (set to sandbox unless you want it to charge people) -SQUARE_APP_ID = 'maybe-sandbox-something-something-here' -SQUARE_LOCATION = 'CBASEDE-this-is-probably-somewhere-in-Sydney' -SQUARE_ACCESS_TOKEN = 'keep-this-very-secret' +SQUARE_APP_ID = '${SQUARE_APP_ID}' +SQUARE_LOCATION = '${SQUARE_LOCATION}' +SQUARE_ACCESS_TOKEN = '${SQUARE_SECRET}' DISPENSE_BIN = '/usr/local/bin/dispense' @@ -103,4 +104,4 @@ EMAIL_HOST = "secure.ucc.asn.au" EMAIL_PORT = 465 EMAIL_USE_SSL = True EMAIL_HOST_USER = "uccportal" -EMAIL_HOST_PASSWORD = "changeme" +EMAIL_HOST_PASSWORD = "${EMAIL_SECRET}"