diff --git a/config/make_config.py b/config/make_config.py new file mode 100644 index 000000000..003e97a3f --- /dev/null +++ b/config/make_config.py @@ -0,0 +1,69 @@ +import questionary +from rich import print +import yaml +from jinja2 import Environment, FileSystemLoader +from icecream import ic + +mode = questionary.select( + "What is your deployment mode?", choices=["local", "VM/remote"] +).ask() + +fqdn = "localhost" +port = "8443" + +if mode != "local": + fqdn = questionary.text( + "Expected FQDN/hostname", default="ciso.assistant.local" + ).ask() + port = questionary.text("Port to use", default="443").ask() + +need_mailer = questionary.confirm( + "Do you need email notifications? Mailer settings will be required", default=False +).ask() + +EMAIL_HOST = "" +EMAIL_PORT = "" +EMAIL_USE_TLS = "" +EMAIL_HOST_USER = "" +EMAIL_HOST_PASSWORD = "" +DEFAULT_FROM_EMAIL = "" + +if need_mailer: + """ + export EMAIL_HOST_USER='' + export EMAIL_HOST_PASSWORD='' + export DEFAULT_FROM_EMAIL=ciso-assistant@ciso-assistantcloud.com + export EMAIL_HOST=localhost + export EMAIL_PORT=1025 + export EMAIL_USE_TLS=True + """ + EMAIL_HOST = questionary.text("Mailer host: ", default="localhost").ask() + EMAIL_PORT = questionary.text("Mailer port: ", default="1025").ask() + EMAIL_USE_TLS = questionary.confirm("Use TLS? ", default=False).ask() + EMAIL_HOST_USER = questionary.text("Mailer username: ").ask() + EMAIL_HOST_PASSWORD = questionary.password("Mailer password: ").ask() + DEFAULT_FROM_EMAIL = questionary.text( + "Default from email: ", default="ciso-assistant@company.com" + ).ask() +db = questionary.select("Choose a database", choices=["sqlite", "postgresql"]).ask() +ic( + mode, + fqdn, + port, + db, + need_mailer, + EMAIL_HOST, + EMAIL_PORT, + EMAIL_USE_TLS, + EMAIL_HOST_USER, + EMAIL_HOST_PASSWORD, + DEFAULT_FROM_EMAIL, +) +""" +export POSTGRES_NAME=ciso-assistant +export POSTGRES_USER=ciso-assistantuser +export POSTGRES_PASSWORD= +export POSTGRES_PASSWORD_FILE= # alternative way to specify password +export DB_HOST=localhost +export DB_PORT=5432 # optional, default value is 5432 +""" diff --git a/config/requirements.txt b/config/requirements.txt new file mode 100644 index 000000000..b38df13bb --- /dev/null +++ b/config/requirements.txt @@ -0,0 +1,4 @@ +questionary +rich +Jinja2 +icecream diff --git a/config/templates/pg_tmpl.j2 b/config/templates/pg_tmpl.j2 new file mode 100644 index 000000000..52362ec1d --- /dev/null +++ b/config/templates/pg_tmpl.j2 @@ -0,0 +1,77 @@ +services: + backend: + container_name: backend + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + restart: always + depends_on: + - postgres + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - POSTGRES_NAME=ciso_assistant + - POSTGRES_USER=ciso_assistant + - POSTGRES_PASSWORD=ciso_assistant + - DB_HOST=postgres + volumes: + - ./db:/code/db + + huey: + container_name: huey + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + depends_on: + - backend + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - POSTGRES_NAME=ciso_assistant + - POSTGRES_USER=ciso_assistant + - POSTGRES_PASSWORD=ciso_assistant + - DB_HOST=postgres + volumes: + - ./db:/code/db + entrypoint: + - /bin/sh + - -c + - | + poetry run python manage.py run_huey -w 2 --scheduler-interval 60 + + frontend: + container_name: frontend + environment: + - PUBLIC_BACKEND_API_URL=http://backend:8000/api + - PROTOCOL_HEADER=x-forwarded-proto + - HOST_HEADER=x-forwarded-host + + image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest + depends_on: + - backend + + postgres: + container_name: postgres + image: postgres:16 + restart: always + environment: + POSTGRES_DB: ciso_assistant + POSTGRES_USER: ciso_assistant + POSTGRES_PASSWORD: ciso_assistant + volumes: + - ./db/pg:/var/lib/postgresql/data + + caddy: + container_name: caddy + image: caddy:2.8.4 + restart: unless-stopped + ports: + - 8443:8443 + command: + - caddy + - reverse-proxy + - --from + - https://localhost:8443 + - --to + - frontend:3000 + volumes: + - ./db:/data diff --git a/config/templates/sqlite_tmpl.j2 b/config/templates/sqlite_tmpl.j2 new file mode 100644 index 000000000..cfbceab96 --- /dev/null +++ b/config/templates/sqlite_tmpl.j2 @@ -0,0 +1,61 @@ +services: + backend: + container_name: backend + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=True + - AUTH_TOKEN_TTL=7200 + volumes: + - ./db:/code/db + + huey: + container_name: huey + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + depends_on: + - backend + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - AUTH_TOKEN_TTL=7200 + volumes: + - ./db:/code/db + entrypoint: + - /bin/sh + - -c + - | + poetry run python manage.py run_huey -w 2 --scheduler-interval 60 + + frontend: + container_name: frontend + environment: + - PUBLIC_BACKEND_API_URL=http://backend:8000/api + - PUBLIC_BACKEND_API_EXPOSED_URL=https://localhost:8443/api + - PROTOCOL_HEADER=x-forwarded-proto + - HOST_HEADER=x-forwarded-host + + image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest + depends_on: + - backend + + caddy: + container_name: caddy + image: caddy:2.8.4 + environment: + - CISO_ASSISTANT_URL=https://localhost:8443 + depends_on: + - frontend + restart: unless-stopped + ports: + - 8443:8443 + volumes: + - ./caddy_data:/data + command: | + sh -c 'echo $$CISO_ASSISTANT_URL "{ + reverse_proxy /api/* backend:8000 + reverse_proxy /* frontend:3000 + }" > Caddyfile && caddy run'