Skip to content

Instantly share code, notes, and snippets.

@Lauriy
Lauriy / Dockerfile
Last active July 29, 2024 20:32
Django Dockerfile base layer
FROM python:3.12-slim AS base
LABEL maintainer="Lauri Elias <[email protected]>"
# So we'd never have a stuck build waiting for input
ARG DEBIAN_FRONTEND=noninteractive
# Waste of microseconds, I trust the base image to be up to date
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
# So the very last log entry before a crash would be recorded
@Lauriy
Lauriy / Dockerfile
Created July 29, 2024 20:51
Django runserver & pytest Dockerfile layer
FROM base AS development
# Django's built-in development server
EXPOSE 8000
COPY requirements.test.txt pytest.ini ./
RUN --mount=type=cache,target=/root/.cache/pip pip install --no-cache-dir -r requirements.test.txt \
&& rm -rf requirements.test.txt
@Lauriy
Lauriy / docker-compose.yml
Created July 29, 2024 20:53
docker-compose entries for a testing Postgres database, a local Django instance, and a special entry just for running pytest inside Docker
services:
postgres:
profiles: ["dev", "test", "prod"]
image: postgres:16-alpine
container_name: rik_proovitoo_postgres
ports:
- '5432:5432'
environment:
- POSTGRES_DB=rik_proovitöö
- POSTGRES_USER=rik_proovitöö
@Lauriy
Lauriy / docker-entrypoint.sh
Created July 29, 2024 21:03
Docker entrypoint that runs either Django runserver, pytest, or uwsgi
#!/bin/bash
set -e
python manage.py migrate --noinput
case "$DJANGO_ENV" in
"development")
python manage.py loaddata rik_proovitöö/fixtures/superuser.json
python manage.py loaddata rik_proovitöö/fixtures/legal_entity.json
python manage.py loaddata rik_proovitöö/fixtures/equity.json
@Lauriy
Lauriy / docker-compose.yml
Created July 29, 2024 21:11
Production docker-compose entry for Django + uwsgi with file sockets
rik_proovitoo_prod:
profiles: ["prod"]
build:
context: .
target: production
image: laurielias/rik_proovitoo:latest
container_name: rik_proovitoo_prod
volumes:
- ./run:/home/docker/rik_proovitöö/run
environment:
@Lauriy
Lauriy / rik.indoorsman.ee.nginx
Last active July 29, 2024 21:18
Nginx reverse proxy in front of a WSGI socket
upstream django_rik_proovitoo {
server unix:///home/rik/rik_proovitöö/run/app.sock;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rik.indoorsman.ee;
@Lauriy
Lauriy / Dockerfile
Last active July 30, 2024 11:29
Dockerfile stage that installs uWSGI and sets non-root permissions
FROM base AS production
# Let's allow .pycs again
ENV PYTHONDONTWRITEBYTECODE=0
# Needed to compile uwsgi, clean up after
RUN --mount=type=cache,target=/var/cache/apt apt-get update && apt-get install -y --no-install-recommends \
build-essential \
python3-dev \
libpcre3-dev \
sudo cryptsetup luksOpen /dev/nvme0n1p7 linux-root # decrypt LUKS
sudo vgscan
sudo vgchange -ay
sudo lvdisplay
sudo mkdir /mnt/linux
sudo mount /dev/vglinux/root /mnt/linux # yours might be named ubuntu-vg
sudo mount /dev/nvme0n1p2 /mnt/linux/boot # in case you have a separate unencrypted /boot
sudo mount /dev/nvme0n1p1 /mnt/linux/boot/efi
sudo mount --bind /dev /mnt/linux/dev # so the makeshift system would be aware of stuff
sudo mount --bind /proc /mnt/linux/proc