moritz/lazyflat
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions
lazyflat/web/settings.py
EiSiMo a35e6c9c69 fix(web): read git SHA from .git in the image instead of SOURCE_COMMIT 
Coolify v4 doesn't inject SOURCE_COMMIT (only COOLIFY_BRANCH,
COOLIFY_FQDN, COOLIFY_RESOURCE_UUID, COOLIFY_URL and the container
name). The previous build-arg approach always resolved to "dev".

Switch the web build context to the repo root so the Dockerfile can
COPY .git into a scratch path, parse HEAD → SHA with a small sh
snippet (handles both detached-HEAD and packed-refs), and stamp the
image with a /git_commit file. settings.py now prefers env GIT_COMMIT
(for local dev overrides) and falls back to /git_commit → "dev".

The .git copy is the last content layer, so only this thin layer
invalidates per commit; pip install stays cached.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 10:53:45 +02:00

79 lines
3.3 KiB
Python
Raw Blame History

import secrets
import sys
from os import getenv
from pathlib import Path
from dotenv import load_dotenv
load_dotenv()
def _required(key: str) -> str:
val = getenv(key)
if not val:
print(f"missing required env var: {key}", file=sys.stderr)
sys.exit(1)
return val
# --- Admin bootstrap ----------------------------------------------------------
# On first boot the web service seeds this user as an admin in the database.
# Afterwards the user record in SQLite is authoritative: changing the hash in
# env does NOT rotate the DB password — use the /einstellungen UI.
AUTH_USERNAME: str = _required("AUTH_USERNAME")
AUTH_PASSWORD_HASH: str = _required("AUTH_PASSWORD_HASH")
# --- Session cookie -----------------------------------------------------------
SESSION_SECRET: str = getenv("SESSION_SECRET") or secrets.token_urlsafe(48)
SESSION_COOKIE_NAME: str = "lazyflat_session"
SESSION_MAX_AGE_SECONDS: int = int(getenv("SESSION_MAX_AGE_SECONDS", str(60 * 60 * 24 * 7)))
COOKIE_SECURE: bool = getenv("COOKIE_SECURE", "true").lower() in ("true", "1", "yes", "on")
# --- Internal service auth ----------------------------------------------------
INTERNAL_API_KEY: str = _required("INTERNAL_API_KEY")
# --- Apply service ------------------------------------------------------------
APPLY_URL: str = getenv("APPLY_URL", "http://apply:8000")
APPLY_TIMEOUT: int = int(getenv("APPLY_TIMEOUT", "600"))
APPLY_FAILURE_THRESHOLD: int = int(getenv("APPLY_FAILURE_THRESHOLD", "3"))
# --- Alert service knob (mirrored so web can predict the next scrape) ---------
ALERT_SCRAPE_INTERVAL_SECONDS: int = int(getenv("ALERT_SCRAPE_INTERVAL_SECONDS", getenv("SLEEP_INTERVALL", "60")))
# --- Storage ------------------------------------------------------------------
DATA_DIR: Path = Path(getenv("DATA_DIR", "/data"))
DATA_DIR.mkdir(parents=True, exist_ok=True)
DB_PATH: Path = DATA_DIR / "lazyflat.sqlite"
# Retention (errors / audit / application forensics). Default 14 days.
RETENTION_DAYS: int = int(getenv("RETENTION_DAYS", "14"))
RETENTION_RUN_INTERVAL_SECONDS: int = int(getenv("RETENTION_RUN_INTERVAL_SECONDS", str(60 * 60)))
# --- Rate limiting ------------------------------------------------------------
LOGIN_RATE_LIMIT: int = int(getenv("LOGIN_RATE_LIMIT", "5"))
LOGIN_RATE_WINDOW_SECONDS: int = int(getenv("LOGIN_RATE_WINDOW_SECONDS", "900"))
# --- App URL (used to build links in notifications) ---------------------------
PUBLIC_URL: str = getenv("PUBLIC_URL", "https://flat.lab.moritz.run")
# --- LLM enrichment (Anthropic Haiku) -----------------------------------------
ANTHROPIC_API_KEY: str = getenv("ANTHROPIC_API_KEY", "")
ANTHROPIC_MODEL: str = getenv("ANTHROPIC_MODEL", "claude-haiku-4-5-20251001")
# --- Build info --------------------------------------------------------------
# The Dockerfile writes /git_commit at build time by parsing the repo's .git
# dir (Coolify doesn't expose the SHA as an env var). Env GIT_COMMIT overrides
# the file so local dev can fake a value. Rendered in the site footer so the
# running commit is visible at a glance.
def _read_git_commit() -> str:
env_val = getenv("GIT_COMMIT", "").strip()
if env_val:
return env_val
try:
with open("/git_commit") as _f:
return _f.read().strip() or "dev"
except OSError:
return "dev"
GIT_COMMIT: str = _read_git_commit()
Reference in a new issue View git blame Copy permalink