Updated for Ghostwriter CLI and using a single .env file

compose/production/django/Dockerfile

@@ -4,10 +4,9 @@ ENV PYTHONUNBUFFERED 1
 
 ENV PYTHONPATH="$PYTHONPATH:/app/config"
 
-RUN apk --no-cache add build-base
-
-# psycopg2 dependencies
-RUN apk --no-cache add --virtual build-deps gcc python3-dev musl-dev \
+RUN apk --no-cache add build-base \
+    # psycopg2 dependencies
+    && apk --no-cache add --virtual build-deps gcc python3-dev musl-dev \
     && apk --no-cache add postgresql-dev \
     # Pillow dependencies
     && apk --no-cache add jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-dev tk-dev tcl-dev \

compose/production/redis/Dockerfile

@@ -0,0 +1 @@
+FROM redis:6-alpine

config/settings/base.py

@@ -43,7 +43,7 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#use-l10n
 USE_L10N = False
 # https://docs.djangoproject.com/en/4.0/ref/settings/#date-format
-DATE_FORMAT = env("DATE_FORMAT", default="d M Y",)
+DATE_FORMAT = env("DJANGO_DATE_FORMAT", default="d M Y",)
 # https://docs.djangoproject.com/en/dev/ref/settings/#use-tz
 USE_TZ = True
 # https://docs.djangoproject.com/en/dev/ref/settings/#locale-paths
@@ -334,7 +334,7 @@
 # health checks can take a long time and will be different for everyone.
 
 Q_CLUSTER = {
-    "name": env("QCLUSTER_NAME", default="soar"),
+    "name": env("DJANGO_QCLUSTER_NAME", default="soar"),
     "timeout": 43200,
     "retry": 43200,
     "recycle": 500,
@@ -426,7 +426,7 @@
     "JWT_EXPIRATION_DELTA": timedelta(minutes=15),
     "JWT_REFRESH_EXPIRATION_DELTA": timedelta(days=7),
     "JWT_AUDIENCE": "Ghostwriter",
-    "JWT_SECRET_KEY": env("GRAPHQL_JWT_SECRET_KEY", default="Vso7i8BApwA6km4L50PFRvqcTtGZHLrC1pnKLCXqfTWifhjbGq4nTd6ZrDH2Iobe"),
+    "JWT_SECRET_KEY": env("DJANGO_JWT_SECRET_KEY", default="Vso7i8BApwA6km4L50PFRvqcTtGZHLrC1pnKLCXqfTWifhjbGq4nTd6ZrDH2Iobe"),
     "JWT_ALGORITHM": "HS256",
 }
 

config/settings/local.py

@@ -11,14 +11,11 @@
     default="Vso7i8BApwA6km4L50PFRvqcTtGZHLrC1pnKLCXqfTWifhjbGq4nTd6ZrDH2Iobe",
 )
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = [
-    "localhost",
-    "0.0.0.0",
-    "127.0.0.1",
-    "django",
-    "host.docker.internal",
-    "172.20.0.5",
-]
+hosts = env(
+    "DJANGO_ALLOWED_HOSTS",
+    default="localhost 0.0.0.0 127.0.0.1 172.20.0.5 django host.docker.internal"
+)
+ALLOWED_HOSTS = hosts.split(" ")
 
 # CACHES
 # ------------------------------------------------------------------------------

config/settings/production.py

@@ -6,9 +6,11 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#secret-key
 SECRET_KEY = env("DJANGO_SECRET_KEY")
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = env.list(
-    "DJANGO_ALLOWED_HOSTS", default=["ghostwriter.local", "localhost", "host.docker.internal"],
+hosts = env(
+    "DJANGO_ALLOWED_HOSTS",
+    default="ghostwriter.local localhost host.docker.internal"
 )
+ALLOWED_HOSTS = hosts.split(" ")
 
 # DATABASES
 # ------------------------------------------------------------------------------
@@ -74,7 +76,7 @@
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#default-from-email
 DEFAULT_FROM_EMAIL = env(
-    "DJANGO_DEFAULT_FROM_EMAIL", default="Ghostwriter <noreply@specterops.io>"
+    "DJANGO_DEFAULT_FROM_EMAIL", default="Ghostwriter <noreply@ghostwriter.local>"
 )
 # https://docs.djangoproject.com/en/dev/ref/settings/#server-email
 SERVER_EMAIL = env("DJANGO_SERVER_EMAIL", default=DEFAULT_FROM_EMAIL)
@@ -101,7 +103,7 @@
 # django-compressor
 # ------------------------------------------------------------------------------
 # https://django-compressor.readthedocs.io/en/latest/settings/#django.conf.settings.COMPRESS_ENABLED
-COMPRESS_ENABLED = env.bool("COMPRESS_ENABLED", default=True)
+COMPRESS_ENABLED = env.bool("DJANGO_COMPRESS_ENABLED", default=True)
 # https://django-compressor.readthedocs.io/en/latest/settings/#django.conf.settings.COMPRESS_STORAGE
 COMPRESS_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
 # https://django-compressor.readthedocs.io/en/latest/settings/#django.conf.settings.COMPRESS_URL

local.yml

@@ -1,4 +1,4 @@
-version: '3'
+version: "3"
 
 volumes:
   local_postgres_data: {}
@@ -14,10 +14,32 @@ services:
       - postgres
     volumes:
       - .:/app
-    env_file:
-      - ./.envs/.local/.django
-      - ./.envs/.local/.postgres
-      - ./.envs/.local/.hasura
+    labels:
+      name: ghostwriter_django
+    environment:
+      - USE_DOCKER=${USE_DOCKER}
+      - IPYTHONDIR=${IPYTHONDIR}
+      - DJANGO_ACCOUNT_ALLOW_REGISTRATION=${DJANGO_ACCOUNT_ALLOW_REGISTRATION}
+      - DJANGO_ACCOUNT_EMAIL_VERIFICATION=${DJANGO_ACCOUNT_EMAIL_VERIFICATION}
+      - DJANGO_ADMIN_URL=${DJANGO_ADMIN_URL}
+      - DJANGO_ALLOWED_HOSTS=${DJANGO_ALLOWED_HOSTS}
+      - DJANGO_DATE_FORMAT=${DJANGO_DATE_FORMAT}
+      - DJANGO_JWT_SECRET_KEY=${DJANGO_JWT_SECRET_KEY}
+      - DJANGO_QCLUSTER_NAME=${DJANGO_QCLUSTER_NAME}
+      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
+      - DJANGO_SECURE_SSL_REDIRECT=${DJANGO_SECURE_SSL_REDIRECT}
+      - DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE}
+      - DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL}
+      - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
+      - DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME}
+      - HASURA_ACTION_SECRET=${HASURA_GRAPHQL_ACTION_SECRET}
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PORT=${POSTGRES_PORT}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}/0
+      - WEB_CONCURRENCY=${DJANGO_WEB_CONCURRENCY}
     ports:
       - "8000:8000"
     command: /start
@@ -30,31 +52,47 @@ services:
     volumes:
       - local_postgres_data:/var/lib/postgresql/data
       - local_postgres_data_backups:/backups
-    env_file:
-      - ./.envs/.local/.postgres
+    labels:
+      name: ghostwriter_postgres
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PORT=${POSTGRES_PORT}
+      - POSTGRES_USER=${POSTGRES_USER}
+    ports:
+      - "${POSTGRES_PORT}:5432"
 
   redis:
-    image: redis:5-alpine
+    build:
+      context: .
+      dockerfile: ./compose/production/redis/Dockerfile
+    image: ghostwriter_local_redis
+    labels:
+      name: ghostwriter_redis
 
   queue:
     <<: *django
     image: ghostwriter_local_queue
     depends_on:
       - redis
       - postgres
+    labels:
+      name: ghostwriter_queue
     ports: []
     command: /start-queue
 
-  graphql-engine:
+  graphql_engine:
     build:
       context: .
-      dockerfile: ./compose/local/hasura/Dockerfile
+      dockerfile: ./compose/production/hasura/Dockerfile
+    image: ghostwriter_local_graphql
     depends_on:
       - postgres
       - django
     restart: always
     ports:
-      - "8080:8080"
+      - "${HASURA_GRAPHQL_SERVER_PORT}:8080"
       - "9691:9691"
     volumes:
       - ./hasura-docker/metadata:/metadata
@@ -63,6 +101,20 @@ services:
       options:
         max-file: "1"
         max-size: "10m"
-    env_file:
-      - ./.envs/.local/.postgres
-      - ./.envs/.local/.hasura
+    labels:
+      name: ghostwriter_graphql
+    environment:
+      - ACTIONS_URL_BASE=http://${DJANGO_HOST}:${DJANGO_PORT}/api
+      - HASURA_ACTION_SECRET=${HASURA_GRAPHQL_ACTION_SECRET}
+      - HASURA_GRAPHQL_ADMIN_SECRET=${HASURA_GRAPHQL_ADMIN_SECRET}
+      - HASURA_GRAPHQL_AUTH_HOOK=http://${DJANGO_HOST}:${DJANGO_PORT}/api/webhook
+      - HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
+      - HASURA_GRAPHQL_DEV_MODE=${HASURA_GRAPHQL_DEV_MODE}
+      - HASURA_GRAPHQL_ENABLE_CONSOLE=${HASURA_GRAPHQL_ENABLE_CONSOLE}
+      - HASURA_GRAPHQL_ENABLED_LOG_TYPES=${HASURA_GRAPHQL_ENABLED_LOG_TYPES}
+      - HASURA_GRAPHQL_ENABLE_TELEMETRY=${HASURA_GRAPHQL_ENABLE_TELEMETRY}
+      - HASURA_GRAPHQL_INSECURE_SKIP_TLS_VERIFY=${HASURA_GRAPHQL_INSECURE_SKIP_TLS_VERIFY}
+      - HASURA_GRAPHQL_LOG_LEVEL=${HASURA_GRAPHQL_LOG_LEVEL}
+      - HASURA_GRAPHQL_METADATA_DIR=${HASURA_GRAPHQL_METADATA_DIR}
+      - HASURA_GRAPHQL_MIGRATIONS_DIR=${HASURA_GRAPHQL_MIGRATIONS_DIR}
+      - HASURA_GRAPHQL_SERVER_PORT=${HASURA_GRAPHQL_SERVER_PORT}

production.yml

@@ -16,9 +16,34 @@ services:
     depends_on:
       - postgres
       - redis
-    env_file:
-      - ./.envs/.production/.django
-      - ./.envs/.production/.postgres
+    labels:
+      name: ghostwriter_django
+    environment:
+      - USE_DOCKER=${USE_DOCKER}
+      - IPYTHONDIR=${IPYTHONDIR}
+      - DJANGO_ACCOUNT_ALLOW_REGISTRATION=${DJANGO_ACCOUNT_ALLOW_REGISTRATION}
+      - DJANGO_ACCOUNT_EMAIL_VERIFICATION=${DJANGO_ACCOUNT_EMAIL_VERIFICATION}
+      - DJANGO_ADMIN_URL=${DJANGO_ADMIN_URL}
+      - DJANGO_ALLOWED_HOSTS=${DJANGO_ALLOWED_HOSTS}
+      - DJANGO_DATE_FORMAT=${DJANGO_DATE_FORMAT}
+      - DJANGO_JWT_SECRET_KEY=${DJANGO_JWT_SECRET_KEY}
+      - DJANGO_QCLUSTER_NAME=${DJANGO_QCLUSTER_NAME}
+      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
+      - DJANGO_SECURE_SSL_REDIRECT=${DJANGO_SECURE_SSL_REDIRECT}
+      - DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE}
+      - DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL}
+      - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
+      - DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME}
+      - HASURA_ACTION_SECRET=${HASURA_GRAPHQL_ACTION_SECRET}
+      - MAILGUN_API_KEY=${DJANGO_MAILGUN_API_KEY}
+      - MAILGUN_DOMAIN=${DJANGO_MAILGUN_DOMAIN}
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PORT=${POSTGRES_PORT}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}/0
+      - WEB_CONCURRENCY=${DJANGO_WEB_CONCURRENCY}
     command: /start
     volumes:
       - production_staticfiles:/app/staticfiles
@@ -33,8 +58,16 @@ services:
     volumes:
       - production_postgres_data:/var/lib/postgresql/data
       - production_postgres_data_backups:/backups
-    env_file:
-      - ./.envs/.production/.postgres
+    labels:
+      name: ghostwriter_postgres
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PORT=${POSTGRES_PORT}
+      - POSTGRES_USER=${POSTGRES_USER}
+    ports:
+      - "${POSTGRES_PORT}:5432"
 
   nginx:
     build: ./compose/production/nginx
@@ -47,12 +80,19 @@ services:
       - production_staticfiles:/app/staticfiles
       - ./compose/production/nginx/nginx.conf:/etc/nginx/nginx.conf
       - ./ssl:/ssl
+    labels:
+      name: ghostwriter_nginx
     ports:
       - "0.0.0.0:80:80"
       - "0.0.0.0:443:443"
 
   redis:
-    image: redis:5-alpine
+    build:
+      context: .
+      dockerfile: ./compose/production/redis/Dockerfile
+    image: ghostwriter_production_redis
+    labels:
+      name: ghostwriter_redis
     restart: unless-stopped
 
   queue:
@@ -64,26 +104,43 @@ services:
       - postgres
       - django
     ports: []
+    labels:
+      name: ghostwriter_queue
     command: /start-queue
 
-  graphql-engine:
-      build:
-        context: .
-        dockerfile: ./compose/production/hasura/Dockerfile
-      depends_on:
-        - postgres
-        - django
-      restart: always
-      ports:
-        - "8080:8080"
-        - "9691:9691"
-      volumes:
-        - ./hasura-docker/metadata:/metadata
-      logging:
-        driver: "json-file"
-        options:
-          max-file: "1"
-          max-size: "10m"
-      env_file:
-        - ./.envs/.production/.postgres
-        - ./.envs/.production/.hasura
+  graphql_engine:
+    build:
+      context: .
+      dockerfile: ./compose/production/hasura/Dockerfile
+    image: ghostwriter_production_graphql
+    depends_on:
+      - postgres
+      - django
+    restart: always
+    ports:
+      - "${HASURA_GRAPHQL_SERVER_PORT}:8080"
+      - "9691:9691"
+    volumes:
+      - ./hasura-docker/metadata:/metadata
+    logging:
+      driver: "json-file"
+      options:
+        max-file: "1"
+        max-size: "10m"
+    labels:
+      name: ghostwriter_graphql
+    environment:
+      - ACTIONS_URL_BASE=http://${NGINX_HOST}:${NGINX_PORT}/api
+      - HASURA_ACTION_SECRET=${HASURA_GRAPHQL_ACTION_SECRET}
+      - HASURA_GRAPHQL_ADMIN_SECRET=${HASURA_GRAPHQL_ADMIN_SECRET}
+      - HASURA_GRAPHQL_AUTH_HOOK=http://${NGINX_HOST}:${NGINX_PORT}/api/webhook
+      - HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
+      - HASURA_GRAPHQL_DEV_MODE=${HASURA_GRAPHQL_DEV_MODE}
+      - HASURA_GRAPHQL_ENABLE_CONSOLE=${HASURA_GRAPHQL_ENABLE_CONSOLE}
+      - HASURA_GRAPHQL_ENABLED_LOG_TYPES=${HASURA_GRAPHQL_ENABLED_LOG_TYPES}
+      - HASURA_GRAPHQL_ENABLE_TELEMETRY=${HASURA_GRAPHQL_ENABLE_TELEMETRY}
+      - HASURA_GRAPHQL_INSECURE_SKIP_TLS_VERIFY=${HASURA_GRAPHQL_INSECURE_SKIP_TLS_VERIFY}
+      - HASURA_GRAPHQL_LOG_LEVEL=${HASURA_GRAPHQL_LOG_LEVEL}
+      - HASURA_GRAPHQL_METADATA_DIR=${HASURA_GRAPHQL_METADATA_DIR}
+      - HASURA_GRAPHQL_MIGRATIONS_DIR=${HASURA_GRAPHQL_MIGRATIONS_DIR}
+      - HASURA_GRAPHQL_SERVER_PORT=${HASURA_GRAPHQL_SERVER_PORT}