Rely on .env file for setup and runtime configuration

Removed .env file from git-repo because we don't want to share our secrets.
Kimitsune · Jul 28, 2020 · 888b112 · 888b112
1 parent 663e5c7
commit 888b112
Show file tree

Hide file tree

Showing 7 changed files with 116 additions and 73 deletions.
diff --git a/.env b/.env
diff --git a/.env.sample b/.env.sample
@@ -0,0 +1,59 @@
+###################################################################################################
+# Generic Settings (devices, sso, market, account)
+###################################################################################################
+
+MYCROFT_DOMAIN=asdf.asdf
+SSO_BASE_URL=sso.asdf.asdf
+OAUTH_BASE_URL=sso.asdf.asdf
+
+SELENE_ENVIRONMENT=prod
+
+DB_HOST=db
+DB_NAME=mycroft
+DB_PORT=5432
+DB_USER=selene
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+
+###################################################################################################
+# Market API Skills Setup (skills_setup)
+###################################################################################################
+
+GITHUB_USER=<todo>
+GITHUB_PASSWORD=<todo>
+
+###################################################################################################
+# Device API (devices)
+###################################################################################################
+
+EMAIL_SERVICE_HOST=
+EMAIL_SERVICE_PORT=
+EMAIL_SERVICE_USER=
+EMAIL_SERVICE_PASSWORD=
+
+# The speech to text engine requires a key to Google's STT API.
+GOOGLE_STT_KEY=
+
+# The weather skill requires a key to the Open Weather Map API
+OWM_KEY=
+OWM_URL=https://api.openweathermap.org/data/2.5
+
+# The Wolfram Alpha skill requires an API key to the Wolfram Alpha API
+WOLFRAM_ALPHA_KEY=
+WOLFRAM_ALPHA_URL=https://api.wolframalpha.com
+
+###################################################################################################
+# Single Sign On API (sso)
+###################################################################################################
+
+# The password reset functionality sends an email to the user with a link to reset their password. 
+# Selene uses SendGrid to send these emails so a SendGrid account and API key are required.
+SENDGRID_API_KEY=
+
+# Access to the Github API is required to support logging in with your Github account. 
+# Details can be found here <https://developer.github.com/v3/guides/basics-of-authentication/>
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
+.env
 storage
-generated
+generated
diff --git a/README.md b/README.md
@@ -22,21 +22,17 @@ The project that is closer to the desired result is Mycroft (https://mycroft.ai/
 - A good CPU, STT AND TTS are very CPU intensive. (Using a (nvidia/CUDA ?) GPU would speed up the process a lot but I don't know if it works with this setup yet.)
 
 ## Prepare configuration
-
-Edit and complete:
-
-- `config.env`
-- `config_external_accounts.env`
-- `.env`
-
-The .env file is only used to build the images, but the variable it contains must have the same value as the one in `config.env`.  
+
+You can use `.env.sample` as a starting point to create your specific `.env` file. 
+ ```sh
+cp .env.sample .env
+```
 
 To generate all needed passwords in `./generated` you can run:
 ```sh
 ./setup.sh (only needed once)  
 ```
 
-
 If you do not have a valid domain you can use a fake one like `asdf.asdf` as `MICROFT_DOMAIN`.
 
 Then you should edit your `/etc/hosts` to something like that:
@@ -108,11 +104,10 @@ docker-compose up -d
 - Use uWSGI for both mozilla-tts and deepspeech server instead of directly exposing the flask dev server through nginx.
 - Make the deepspeech server container use the mainstream repo now that it has been updated.
 - core-version should not be hardcoded in docker-compose.yml (get latest somehow?)
-- Add more variables to the .env files. (There are some left in docker-compose.yml)
-- Remove `.env` and `config.env` and `config_external_accounts.env` from git repository add them to `.gitignore` and place `.*.template` files instead (reduce risk of accidental commit)
 - Make TTS and STT use the GPU. Not very difficult to do, but they seem to use CUDA and for now I do not plan on installing anything proprietary on my servers.
 - Include a fix for the problems in the troubleshooting section.  
 - Rewrite the nginx config to expose api only on the required domains ? to make it easier to split this on multiple computers without docker swarm ?  
+- Use .env Variables in wakeword setup
 
 ## Note
 

diff --git a/config.env b/config.env
diff --git a/config_external_accounts.env b/config_external_accounts.env
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -16,7 +16,6 @@ services:
     env_file:
       - generated/postgres_password
       - generated/selene_postgres_password
-      - config.env
     volumes:
     - ./postgres_setup:/docker-entrypoint-initdb.d
     command:
@@ -49,7 +48,7 @@ services:
       - generated/postgres_password
       - generated/selene_postgres_password
     environment:
-      DB_HOST: "db"
+      DB_HOST: ${DB_HOST:-db}
 
   db_wakeword_setup:
     image: postgres:12.1
@@ -96,15 +95,13 @@ services:
         # TODO: core-version shouldn't be hardcoded (get latest somehow?)
     env_file:
       - generated/selene_postgres_password
-      - generated/jwt_access_secret
-      - generated/jwt_refresh_secret
-      - generated/encryption_salt
-      - config_external_accounts.env
     environment:
-      DB_HOST: db
-      DB_NAME: mycroft
-      DB_PORT: 5432
-      DB_USER: selene
+      DB_HOST: ${DB_HOST:-db}
+      DB_NAME: ${DB_NAME:-mycroft}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_USER: ${DB_USER:-selene}
+      GITHUB_USER: ${GITHUB_USER}
+      GITHUB_PASSWORD: ${GITHUB_PASSWORD}
 
   sso:
     image: selene-backend
@@ -134,16 +131,16 @@ services:
       - generated/jwt_refresh_secret
       - generated/jwt_reset_secret
       - generated/encryption_salt
-      - config.env
     environment:
-      DB_HOST: db
-      DB_NAME: mycroft
-      DB_PORT: 5432
-      DB_USER: selene
-      GITHUB_CLIENT_ID: <github client id> TODO
-      GITHUB_CLIENT_SECRET: <github client secret> TODO
-      SELENE_ENVIRONMENT: prod
-      SENDGRID_API_KEY: <sendgrid API key> TODO
+      DB_HOST: ${DB_HOST:-db}
+      DB_NAME: ${DB_NAME:-mycroft}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_USER: ${DB_USER:-selene}
+      SSO_BASE_URL: ${SSO_BASE_URL}
+      SELENE_ENVIRONMENT: ${SELENE_ENVIRONMENT:-prod}
+      GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
+      GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
+      SENDGRID_API_KEY: ${SENDGRID_API_KEY}
 
   account:
     image: selene-backend
@@ -172,15 +169,15 @@ services:
       - generated/jwt_access_secret
       - generated/jwt_refresh_secret
       - generated/encryption_salt
-      - config.env
     environment:
-      DB_HOST: db
-      DB_NAME: mycroft
-      DB_PORT: 5432
-      DB_USER: selene
-      SELENE_ENVIRONMENT: prod
-      REDIS_HOST: redis
-      REDIS_PORT: 6379
+      DB_HOST: ${DB_HOST:-db}
+      DB_NAME: ${DB_NAME:-mycroft}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_USER: ${DB_USER:-selene}
+      OAUTH_BASE_URL: ${OAUTH_BASE_URL}
+      SELENE_ENVIRONMENT: ${SELENE_ENVIRONMENT:-prod}
+      REDIS_HOST: ${REDIS_HOST:-redis}
+      REDIS_PORT: ${REDIS_PORT:-6379}
 
   market:
     image: selene-backend
@@ -209,15 +206,15 @@ services:
       - generated/jwt_access_secret
       - generated/jwt_refresh_secret
       - generated/encryption_salt
-      - config.env
     environment:
-      DB_HOST: db
-      DB_NAME: mycroft
-      DB_PORT: 5432
-      DB_USER: selene
-      SELENE_ENVIRONMENT: prod
-      REDIS_HOST: redis
-      REDIS_PORT: 6379
+      DB_HOST: ${DB_HOST:-db}
+      DB_NAME: ${DB_NAME:-mycroft}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_USER: ${DB_USER:-selene}
+      OAUTH_BASE_URL: ${OAUTH_BASE_URL}
+      SELENE_ENVIRONMENT: ${SELENE_ENVIRONMENT:-prod}
+      REDIS_HOST: ${REDIS_HOST:-redis}
+      REDIS_PORT: ${REDIS_PORT:-6379}
 
   devices:
     image: selene-backend
@@ -246,17 +243,24 @@ services:
       - generated/jwt_access_secret
       - generated/jwt_refresh_secret
       - generated/encryption_salt
-      - config_external_accounts.env
-      - config.env
     environment:
-      DB_HOST: db
-      DB_NAME: mycroft
-      DB_PORT: 5432
-      DB_USER: selene
-      SELENE_ENVIRONMENT: prod
-      REDIS_HOST: redis
-      REDIS_PORT: 6379
-      SELENE_ENVIRONMENT: prod
+      DB_HOST: ${DB_HOST:-db}
+      DB_NAME: ${DB_NAME:-mycroft}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_USER: ${DB_USER:-selene}
+      OAUTH_BASE_URL: ${SSO_BASE_URL}
+      SELENE_ENVIRONMENT: ${SELENE_ENVIRONMENT:-prod}
+      REDIS_HOST: ${REDIS_HOST:-redis}
+      REDIS_PORT: ${REDIS_PORT:-6379}
+      EMAIL_SERVICE_HOST: ${EMAIL_SERVICE_HOST}
+      EMAIL_SERVICE_PORT: ${EMAIL_SERVICE_PORT}
+      EMAIL_SERVICE_USER: ${EMAIL_SERVICE_USER}
+      EMAIL_SERVICE_PASSWORD: ${EMAIL_SERVICE_PASSWORD}
+      GOOGLE_STT_KEY: ${GOOGLE_STT_KEY}
+      OWM_KEY: ${OWM_KEY}
+      OWM_URL: ${OWM_URL:-https://api.openweathermap.org/data/2.5}
+      WOLFRAM_ALPHA_KEY: ${WOLFRAM_ALPHA_KEY}
+      WOLFRAM_ALPHA_URL: ${WOLFRAM_ALPHA_URL:-https://api.wolframalpha.com}
 
   deepspeech:
     image: deepspeech