Config creation script

config/make_config.py

@@ -0,0 +1,69 @@
+import questionary
+from rich import print
+import yaml
+from jinja2 import Environment, FileSystemLoader
+from icecream import ic
+
+mode = questionary.select(
+    "What is your deployment mode?", choices=["local", "VM/remote"]
+).ask()
+
+fqdn = "localhost"
+port = "8443"
+
+if mode != "local":
+    fqdn = questionary.text(
+        "Expected FQDN/hostname", default="ciso.assistant.local"
+    ).ask()
+    port = questionary.text("Port to use", default="443").ask()
+
+need_mailer = questionary.confirm(
+    "Do you need email notifications? Mailer settings will be required", default=False
+).ask()
+
+EMAIL_HOST = ""
+EMAIL_PORT = ""
+EMAIL_USE_TLS = ""
+EMAIL_HOST_USER = ""
+EMAIL_HOST_PASSWORD = ""
+DEFAULT_FROM_EMAIL = ""
+
+if need_mailer:
+    """
+    export EMAIL_HOST_USER=''
+    export EMAIL_HOST_PASSWORD=''
+    export [email protected]
+    export EMAIL_HOST=localhost
+    export EMAIL_PORT=1025
+    export EMAIL_USE_TLS=True
+    """
+    EMAIL_HOST = questionary.text("Mailer host: ", default="localhost").ask()
+    EMAIL_PORT = questionary.text("Mailer port: ", default="1025").ask()
+    EMAIL_USE_TLS = questionary.confirm("Use TLS? ", default=False).ask()
+    EMAIL_HOST_USER = questionary.text("Mailer username: ").ask()
+    EMAIL_HOST_PASSWORD = questionary.password("Mailer password: ").ask()
+    DEFAULT_FROM_EMAIL = questionary.text(
+        "Default from email: ", default="[email protected]"
+    ).ask()
+db = questionary.select("Choose a database", choices=["sqlite", "postgresql"]).ask()
+ic(
+    mode,
+    fqdn,
+    port,
+    db,
+    need_mailer,
+    EMAIL_HOST,
+    EMAIL_PORT,
+    EMAIL_USE_TLS,
+    EMAIL_HOST_USER,
+    EMAIL_HOST_PASSWORD,
+    DEFAULT_FROM_EMAIL,
+)
+"""
+export POSTGRES_NAME=ciso-assistant
+export POSTGRES_USER=ciso-assistantuser
+export POSTGRES_PASSWORD=<XXX>
+export POSTGRES_PASSWORD_FILE=<XXX>  # alternative way to specify password
+export DB_HOST=localhost
+export DB_PORT=5432  # optional, default value is 5432
+"""

config/requirements.txt

@@ -0,0 +1,4 @@
+questionary
+rich
+Jinja2
+icecream

config/templates/pg_tmpl.j2

@@ -0,0 +1,77 @@
+services:
+  backend:
+    container_name: backend
+    image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
+    restart: always
+    depends_on:
+      - postgres
+    environment:
+      - ALLOWED_HOSTS=backend,localhost
+      - CISO_ASSISTANT_URL=https://localhost:8443
+      - DJANGO_DEBUG=False
+      - POSTGRES_NAME=ciso_assistant
+      - POSTGRES_USER=ciso_assistant
+      - POSTGRES_PASSWORD=ciso_assistant
+      - DB_HOST=postgres
+    volumes:
+      - ./db:/code/db
+
+  huey:
+    container_name: huey
+    image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
+    depends_on:
+      - backend
+    restart: always
+    environment:
+      - ALLOWED_HOSTS=backend,localhost
+      - CISO_ASSISTANT_URL=https://localhost:8443
+      - DJANGO_DEBUG=False
+      - POSTGRES_NAME=ciso_assistant
+      - POSTGRES_USER=ciso_assistant
+      - POSTGRES_PASSWORD=ciso_assistant
+      - DB_HOST=postgres
+    volumes:
+      - ./db:/code/db
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        poetry run python manage.py run_huey -w 2 --scheduler-interval 60
+
+  frontend:
+    container_name: frontend
+    environment:
+      - PUBLIC_BACKEND_API_URL=http://backend:8000/api
+      - PROTOCOL_HEADER=x-forwarded-proto
+      - HOST_HEADER=x-forwarded-host
+
+    image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest
+    depends_on:
+      - backend
+
+  postgres:
+    container_name: postgres
+    image: postgres:16
+    restart: always
+    environment:
+      POSTGRES_DB: ciso_assistant
+      POSTGRES_USER: ciso_assistant
+      POSTGRES_PASSWORD: ciso_assistant
+    volumes:
+      - ./db/pg:/var/lib/postgresql/data
+
+  caddy:
+    container_name: caddy
+    image: caddy:2.8.4
+    restart: unless-stopped
+    ports:
+      - 8443:8443
+    command:
+      - caddy
+      - reverse-proxy
+      - --from
+      - https://localhost:8443
+      - --to
+      - frontend:3000
+    volumes:
+      - ./db:/data

config/templates/sqlite_tmpl.j2

@@ -0,0 +1,61 @@
+services:
+  backend:
+    container_name: backend
+    image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
+    restart: always
+    environment:
+      - ALLOWED_HOSTS=backend,localhost
+      - CISO_ASSISTANT_URL=https://localhost:8443
+      - DJANGO_DEBUG=True
+      - AUTH_TOKEN_TTL=7200
+    volumes:
+      - ./db:/code/db
+
+  huey:
+    container_name: huey
+    image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
+    depends_on:
+      - backend
+    restart: always
+    environment:
+      - ALLOWED_HOSTS=backend,localhost
+      - CISO_ASSISTANT_URL=https://localhost:8443
+      - DJANGO_DEBUG=False
+      - AUTH_TOKEN_TTL=7200
+    volumes:
+      - ./db:/code/db
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        poetry run python manage.py run_huey -w 2 --scheduler-interval 60
+
+  frontend:
+    container_name: frontend
+    environment:
+      - PUBLIC_BACKEND_API_URL=http://backend:8000/api
+      - PUBLIC_BACKEND_API_EXPOSED_URL=https://localhost:8443/api
+      - PROTOCOL_HEADER=x-forwarded-proto
+      - HOST_HEADER=x-forwarded-host
+
+    image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest
+    depends_on:
+      - backend
+
+  caddy:
+    container_name: caddy
+    image: caddy:2.8.4
+    environment:
+      - CISO_ASSISTANT_URL=https://localhost:8443
+    depends_on:
+      - frontend
+    restart: unless-stopped
+    ports:
+      - 8443:8443
+    volumes:
+      - ./caddy_data:/data
+    command: |
+      sh -c 'echo $$CISO_ASSISTANT_URL "{
+      reverse_proxy /api/* backend:8000
+      reverse_proxy /* frontend:3000
+      }" > Caddyfile && caddy run'