zulip · sundargs2000 · May 13, 2021 · timabbott · May 19, 2021 · timabbott
diff --git a/.env.example b/.env.example
@@ -0,0 +1,10 @@
+# Mandatory settings to set
+EXTERNAL_HOST = localhost.localdomain
+ZULIP_ADMINISTRATOR_EMAIL = [email protected]
+
+# Optional secrets to set
+POSTGRES_PASSWORD = REPLACE_WITH_SECURE_POSTGRES_PASSWORD
+MEMCACHED_PASSWORD = REPLACE_WITH_SECURE_MEMCACHED_PASSWORD
+RABBITMQ_PASSWORD = REPLACE_WITH_SECURE_RABBITMQ_PASSWORD
+REDIS_PASSWORD = REPLACE_WITH_SECURE_REDIS_PASSWORD
+secret_key = REPLACE_WITH_SECURE_SECRET_KEY
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,7 +8,7 @@ services:
       # Note that you need to do a manual `ALTER ROLE` query if you
       # change this on a system after booting the postgres container
       # the first time on a host.  Instructions are available in README.md.
-      POSTGRES_PASSWORD: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
+      POSTGRES_PASSWORD: '${POSTGRES_PASSWORD}'
     volumes:
       - '/opt/docker/zulip/postgresql/data:/var/lib/postgresql/data:rw'
   memcached:
@@ -24,15 +24,15 @@ services:
     environment:
       SASL_CONF_PATH: '/home/memcache/memcached.conf'
       MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
-      MEMCACHED_PASSWORD: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
+      MEMCACHED_PASSWORD: '${MEMCACHED_PASSWORD}'
     restart: always
   rabbitmq:
     image: 'rabbitmq:3.7.7'
     hostname: zulip-rabbit
     restart: always
     environment:
         RABBITMQ_DEFAULT_USER: 'zulip'
-        RABBITMQ_DEFAULT_PASS: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
+        RABBITMQ_DEFAULT_PASS: '${RABBITMQ_PASSWORD}'
     volumes:
       - '/opt/docker/zulip/rabbitmq:/var/lib/rabbitmq:rw'
   redis:
@@ -44,7 +44,7 @@ services:
         echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
         exec redis-server /etc/redis.conf
     environment:
-      REDIS_PASSWORD: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
+      REDIS_PASSWORD: '${REDIS_PASSWORD}'
     volumes:
       - '/opt/docker/zulip/redis:/data:rw'
   zulip:
@@ -71,13 +71,13 @@ services:
       SECRETS_email_password: '123456789'
       # These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
       # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
-      SECRETS_rabbitmq_password: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
-      SECRETS_postgres_password: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
-      SECRETS_memcached_password: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
-      SECRETS_redis_password: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
-      SECRETS_secret_key: 'REPLACE_WITH_SECURE_SECRET_KEY'
-      SETTING_EXTERNAL_HOST: 'localhost.localdomain'
-      SETTING_ZULIP_ADMINISTRATOR: '[email protected]'
+      SECRETS_rabbitmq_password: '${RABBITMQ_PASSWORD}'
+      SECRETS_postgres_password: '${POSTGRES_PASSWORD}'
+      SECRETS_memcached_password: '${MEMCACHED_PASSWORD}'
+      SECRETS_redis_password: '${REDIS_PASSWORD}'
+      SECRETS_secret_key: '${secret_key}'
+      SETTING_EXTERNAL_HOST: '${EXTERNAL_HOST}'
+      SETTING_ZULIP_ADMINISTRATOR: '${ZULIP_ADMINISTRATOR_EMAIL}'
       SETTING_EMAIL_HOST: ''  # e.g. smtp.example.com
       SETTING_EMAIL_HOST_USER: '[email protected]'
       SETTING_EMAIL_PORT: '587'

diff --git a/scripts/generate_env_file.py b/scripts/generate_env_file.py
@@ -0,0 +1,44 @@
+from io import StringIO
+import os
+import configparser
+import secrets
+
+def read_example_env():
+    file_to_read = None
+    if os.path.isfile('.env'):
+        file_to_read = '.env'
+    else:
+        file_to_read = '.env.example'
+
+    dummy_config = StringIO()
+    dummy_config.write('[dummy]\n')
+    dummy_config.write(open(file_to_read).read())
+    dummy_config.seek(0, os.SEEK_SET)
+
+    cp = configparser.ConfigParser()
+    cp.read_file(dummy_config)
+    return cp['dummy']
+
+def set_if_expected(env, key, expected, value):
+    if env[key] == expected:
+        env[key] = value
+
+def generate_and_set_secrets(env):
+    set_if_expected(env, 'POSTGRES_PASSWORD', 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD', secrets.token_hex(32))
+    set_if_expected(env, 'MEMCACHED_PASSWORD', 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD', secrets.token_hex(32))
+    set_if_expected(env, 'RABBITMQ_PASSWORD', 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD', secrets.token_hex(32))
+    set_if_expected(env, 'REDIS_PASSWORD', 'REPLACE_WITH_SECURE_REDIS_PASSWORD', secrets.token_hex(32))
+    set_if_expected(env, 'secret_key', 'REPLACE_WITH_SECURE_SECRET_KEY', ''.join(secrets.choice('abcdefghijklmnopqrstuvwxyz0123456789!@#$^&*(-_=+)') for i in range(50)))
+
+def write_env(env):
+    env_file = ''
+    for key in env:
+        env_file = f'{env_file}{key}={env[key]}\n'
+
+    f = open('.env', 'w')
+    f.write(env_file)
+    f.close()
+
+env = read_example_env()
+generate_and_set_secrets(env)
+write_env(env)