From 43671c946f02ccdca76c0192575626496cdd2af9 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Mon, 3 Feb 2025 18:37:51 +0100 Subject: [PATCH 1/3] starting point --- config/make_config.py | 21 +++++++++++++++++++++ config/requirements.txt | 3 +++ config/templates/pg_tmpl.j2 | 0 config/templates/sqlite_tmpl.j2 | 0 4 files changed, 24 insertions(+) create mode 100644 config/make_config.py create mode 100644 config/requirements.txt create mode 100644 config/templates/pg_tmpl.j2 create mode 100644 config/templates/sqlite_tmpl.j2 diff --git a/config/make_config.py b/config/make_config.py new file mode 100644 index 000000000..9c42407b6 --- /dev/null +++ b/config/make_config.py @@ -0,0 +1,21 @@ +import questionary +from rich import print +import yaml +from jinja2 import Environment, FileSystemLoader + +mode = questionary.select( + "What is your deployment mode?", choices=["local", "VM/remote"] +).ask() + +fqdn = "localhost" +port = "8443" + +if mode != "local": + fqdn = questionary.text( + "Expected FQDN/hostname", default="ciso.assistant.local" + ).ask() + port = questionary.text("Port to use", default="443").ask() + + +db = questionary.select("Choose a database", choices=["sqlite", "postgresql"]).ask() +print(mode, fqdn, port, db) diff --git a/config/requirements.txt b/config/requirements.txt new file mode 100644 index 000000000..14b9c7bfb --- /dev/null +++ b/config/requirements.txt @@ -0,0 +1,3 @@ +questionary +rich +Jinja2 diff --git a/config/templates/pg_tmpl.j2 b/config/templates/pg_tmpl.j2 new file mode 100644 index 000000000..e69de29bb diff --git a/config/templates/sqlite_tmpl.j2 b/config/templates/sqlite_tmpl.j2 new file mode 100644 index 000000000..e69de29bb From 8adadc920424432068bbc518b0eb6a94061df939 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Mon, 3 Feb 2025 19:34:09 +0100 Subject: [PATCH 2/3] checkpoint --- config/templates/pg_tmpl.j2 | 77 +++++++++++++++++++++++++++++++++ config/templates/sqlite_tmpl.j2 | 61 ++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) diff --git a/config/templates/pg_tmpl.j2 b/config/templates/pg_tmpl.j2 index e69de29bb..52362ec1d 100644 --- a/config/templates/pg_tmpl.j2 +++ b/config/templates/pg_tmpl.j2 @@ -0,0 +1,77 @@ +services: + backend: + container_name: backend + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + restart: always + depends_on: + - postgres + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - POSTGRES_NAME=ciso_assistant + - POSTGRES_USER=ciso_assistant + - POSTGRES_PASSWORD=ciso_assistant + - DB_HOST=postgres + volumes: + - ./db:/code/db + + huey: + container_name: huey + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + depends_on: + - backend + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - POSTGRES_NAME=ciso_assistant + - POSTGRES_USER=ciso_assistant + - POSTGRES_PASSWORD=ciso_assistant + - DB_HOST=postgres + volumes: + - ./db:/code/db + entrypoint: + - /bin/sh + - -c + - | + poetry run python manage.py run_huey -w 2 --scheduler-interval 60 + + frontend: + container_name: frontend + environment: + - PUBLIC_BACKEND_API_URL=http://backend:8000/api + - PROTOCOL_HEADER=x-forwarded-proto + - HOST_HEADER=x-forwarded-host + + image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest + depends_on: + - backend + + postgres: + container_name: postgres + image: postgres:16 + restart: always + environment: + POSTGRES_DB: ciso_assistant + POSTGRES_USER: ciso_assistant + POSTGRES_PASSWORD: ciso_assistant + volumes: + - ./db/pg:/var/lib/postgresql/data + + caddy: + container_name: caddy + image: caddy:2.8.4 + restart: unless-stopped + ports: + - 8443:8443 + command: + - caddy + - reverse-proxy + - --from + - https://localhost:8443 + - --to + - frontend:3000 + volumes: + - ./db:/data diff --git a/config/templates/sqlite_tmpl.j2 b/config/templates/sqlite_tmpl.j2 index e69de29bb..cfbceab96 100644 --- a/config/templates/sqlite_tmpl.j2 +++ b/config/templates/sqlite_tmpl.j2 @@ -0,0 +1,61 @@ +services: + backend: + container_name: backend + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=True + - AUTH_TOKEN_TTL=7200 + volumes: + - ./db:/code/db + + huey: + container_name: huey + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + depends_on: + - backend + restart: always + environment: + - ALLOWED_HOSTS=backend,localhost + - CISO_ASSISTANT_URL=https://localhost:8443 + - DJANGO_DEBUG=False + - AUTH_TOKEN_TTL=7200 + volumes: + - ./db:/code/db + entrypoint: + - /bin/sh + - -c + - | + poetry run python manage.py run_huey -w 2 --scheduler-interval 60 + + frontend: + container_name: frontend + environment: + - PUBLIC_BACKEND_API_URL=http://backend:8000/api + - PUBLIC_BACKEND_API_EXPOSED_URL=https://localhost:8443/api + - PROTOCOL_HEADER=x-forwarded-proto + - HOST_HEADER=x-forwarded-host + + image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest + depends_on: + - backend + + caddy: + container_name: caddy + image: caddy:2.8.4 + environment: + - CISO_ASSISTANT_URL=https://localhost:8443 + depends_on: + - frontend + restart: unless-stopped + ports: + - 8443:8443 + volumes: + - ./caddy_data:/data + command: | + sh -c 'echo $$CISO_ASSISTANT_URL "{ + reverse_proxy /api/* backend:8000 + reverse_proxy /* frontend:3000 + }" > Caddyfile && caddy run' From 1f607051c839c408bac82ec27c2e1489b1fa3184 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Tue, 4 Feb 2025 14:01:19 +0100 Subject: [PATCH 3/3] wip --- config/make_config.py | 50 ++++++++++++++++++++++++++++++++++++++++- config/requirements.txt | 1 + 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/config/make_config.py b/config/make_config.py index 9c42407b6..003e97a3f 100644 --- a/config/make_config.py +++ b/config/make_config.py @@ -2,6 +2,7 @@ from rich import print import yaml from jinja2 import Environment, FileSystemLoader +from icecream import ic mode = questionary.select( "What is your deployment mode?", choices=["local", "VM/remote"] @@ -16,6 +17,53 @@ ).ask() port = questionary.text("Port to use", default="443").ask() +need_mailer = questionary.confirm( + "Do you need email notifications? Mailer settings will be required", default=False +).ask() + +EMAIL_HOST = "" +EMAIL_PORT = "" +EMAIL_USE_TLS = "" +EMAIL_HOST_USER = "" +EMAIL_HOST_PASSWORD = "" +DEFAULT_FROM_EMAIL = "" +if need_mailer: + """ + export EMAIL_HOST_USER='' + export EMAIL_HOST_PASSWORD='' + export DEFAULT_FROM_EMAIL=ciso-assistant@ciso-assistantcloud.com + export EMAIL_HOST=localhost + export EMAIL_PORT=1025 + export EMAIL_USE_TLS=True + """ + EMAIL_HOST = questionary.text("Mailer host: ", default="localhost").ask() + EMAIL_PORT = questionary.text("Mailer port: ", default="1025").ask() + EMAIL_USE_TLS = questionary.confirm("Use TLS? ", default=False).ask() + EMAIL_HOST_USER = questionary.text("Mailer username: ").ask() + EMAIL_HOST_PASSWORD = questionary.password("Mailer password: ").ask() + DEFAULT_FROM_EMAIL = questionary.text( + "Default from email: ", default="ciso-assistant@company.com" + ).ask() db = questionary.select("Choose a database", choices=["sqlite", "postgresql"]).ask() -print(mode, fqdn, port, db) +ic( + mode, + fqdn, + port, + db, + need_mailer, + EMAIL_HOST, + EMAIL_PORT, + EMAIL_USE_TLS, + EMAIL_HOST_USER, + EMAIL_HOST_PASSWORD, + DEFAULT_FROM_EMAIL, +) +""" +export POSTGRES_NAME=ciso-assistant +export POSTGRES_USER=ciso-assistantuser +export POSTGRES_PASSWORD= +export POSTGRES_PASSWORD_FILE= # alternative way to specify password +export DB_HOST=localhost +export DB_PORT=5432 # optional, default value is 5432 +""" diff --git a/config/requirements.txt b/config/requirements.txt index 14b9c7bfb..b38df13bb 100644 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -1,3 +1,4 @@ questionary rich Jinja2 +icecream