3cec226b89
- Dockerfile with healthcheck and entrypoint for deps + .env persistence - generate_env.py for local secrets; design docs and changelog Co-authored-by: Cursor <cursoragent@cursor.com>
53 lines
1.6 KiB
Python
53 lines
1.6 KiB
Python
#!/usr/bin/env python3
|
|
"""Generate docker/.env with random secrets for local Compose."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import base64
|
|
import secrets
|
|
from pathlib import Path
|
|
|
|
ROOT = Path(__file__).resolve().parent.parent
|
|
OUT = ROOT / "docker" / ".env"
|
|
EXAMPLE = ROOT / "docker" / ".env.example"
|
|
|
|
|
|
def _token(n: int = 32) -> str:
|
|
return secrets.token_urlsafe(n)
|
|
|
|
|
|
def main() -> None:
|
|
if OUT.exists():
|
|
raise SystemExit(f"Refusing to overwrite existing {OUT} — delete it first.")
|
|
|
|
mysql_root = _token(24)
|
|
mysql_pass = _token(24)
|
|
secret = _token(32)
|
|
api_key = _token(24)
|
|
# Fernet-compatible (same as install wizard)
|
|
enc_key = base64.urlsafe_b64encode(secrets.token_bytes(32)).decode()
|
|
|
|
text = EXAMPLE.read_text(encoding="utf-8")
|
|
lines: list[str] = []
|
|
for line in text.splitlines():
|
|
if line.startswith("MYSQL_ROOT_PASSWORD="):
|
|
lines.append(f"MYSQL_ROOT_PASSWORD={mysql_root}")
|
|
elif line.startswith("MYSQL_PASSWORD="):
|
|
lines.append(f"MYSQL_PASSWORD={mysql_pass}")
|
|
elif line.startswith("NEXUS_SECRET_KEY="):
|
|
lines.append(f"NEXUS_SECRET_KEY={secret}")
|
|
elif line.startswith("NEXUS_API_KEY="):
|
|
lines.append(f"NEXUS_API_KEY={api_key}")
|
|
elif line.startswith("NEXUS_ENCRYPTION_KEY="):
|
|
lines.append(f"NEXUS_ENCRYPTION_KEY={enc_key}")
|
|
else:
|
|
lines.append(line)
|
|
|
|
OUT.write_text("\n".join(lines) + "\n", encoding="utf-8", newline="\n")
|
|
print(f"Wrote {OUT}")
|
|
print("Next: docker compose up -d --build")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|