From e6e512efafe30d4c58321a48b6a1e0c15da32574 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 17:10:15 +0800
Subject: [PATCH 1/9] initial implementation of Dockerfile

---
 docker/Production/Dockerfile       | 28 +++++++++++++
 docker/Production/config_docker.py | 66 ++++++++++++++++++++++++++++++
 docker/Production/entrypoint.sh    | 23 +++++++++++
 3 files changed, 117 insertions(+)
 create mode 100644 docker/Production/Dockerfile
 create mode 100644 docker/Production/config_docker.py
 create mode 100644 docker/Production/entrypoint.sh

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
new file mode 100644
index 0000000..0d976f5
--- /dev/null
+++ b/docker/Production/Dockerfile
@@ -0,0 +1,28 @@
+FROM debian:stretch-slim
+LABEL maintainer="k@ndk.name"
+
+ENV LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8
+
+RUN apt-get update -y \
+	&& apt-get install -y --no-install-recommends apt-transport-https locales locales-all python3-pip python3-dev curl libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config build-essential libmariadb-dev-compat \
+    && curl -sL https://deb.nodesource.com/setup_10.x | bash - \
+    && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+    && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \
+    && apt-get install -y nodejs yarn \
+    && apt-get clean -y \
+	&& rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt/powerdns-admin
+
+COPY . .
+RUN pip3 install -r requirements.txt \
+    && pip3 install psycopg2-binary \
+    && yarn install --pure-lockfile \
+    && flask assets build
+
+COPY ./docker/Production/entrypoint.sh /usr/local/bin/
+
+ENV FLASK_APP=app/__init__.py
+EXPOSE 80/tcp
+ENTRYPOINT ["entrypoint.sh"]
+CMD ["gunicorn", "-t", "120", "--workers", "4", "--bind", "0.0.0.0:80", "--log-level", "info" ,"app:app"]
diff --git a/docker/Production/config_docker.py b/docker/Production/config_docker.py
new file mode 100644
index 0000000..99b8c48
--- /dev/null
+++ b/docker/Production/config_docker.py
@@ -0,0 +1,66 @@
+legal_envvars = (
+    'SECRET_KEY',
+    'BIND_ADDRESS',
+    'PORT',
+    'TIMEOUT',
+    'LOG_LEVEL',
+    'LOG_FILE',
+    'SALT',
+    'UPLOAD_DIR',
+    'SQLALCHEMY_TRACK_MODIFICATIONS',
+    'SQLALCHEMY_DATABASE_URI',
+    'SAML_ENABLED',
+    'SAML_DEBUG',
+    'SAML_PATH',
+    'SAML_METADATA_URL',
+    'SAML_METADATA_CACHE_LIFETIME',
+    'SAML_IDP_SSO_BINDING',
+    'SAML_IDP_ENTITY_ID',
+    'SAML_NAMEID_FORMAT',
+    'SAML_ATTRIBUTE_EMAIL',
+    'SAML_ATTRIBUTE_GIVENNAME',
+    'SAML_ATTRIBUTE_SURNAME',
+    'SAML_ATTRIBUTE_NAME',
+    'SAML_ATTRIBUTE_USERNAME',
+    'SAML_ATTRIBUTE_ADMIN',
+    'SAML_ATTRIBUTE_GROUP',
+    'SAML_GROUP_ADMIN_NAME',
+    'SAML_GROUP_TO_ACCOUNT_MAPPING',
+    'SAML_ATTRIBUTE_ACCOUNT',
+    'SAML_SP_ENTITY_ID',
+    'SAML_SP_CONTACT_NAME',
+    'SAML_SP_CONTACT_MAIL',
+    'SAML_SIGN_REQUEST',
+    'SAML_WANT_MESSAGE_SIGNED',
+    'SAML_LOGOUT',
+    'SAML_LOGOUT_URL',
+)
+
+legal_envvars_int = (
+    'PORT',
+    'TIMEOUT',
+    'SAML_METADATA_CACHE_LIFETIME',
+)
+
+legal_envvars_bool = (
+    'SQLALCHEMY_TRACK_MODIFICATIONS',
+    'SAML_ENABLED',
+    'SAML_DEBUG',
+    'SAML_SIGN_REQUEST',
+    'SAML_WANT_MESSAGE_SIGNED',
+    'SAML_LOGOUT',
+)
+
+# import everything from environment variables
+import os
+import sys
+for v in legal_envvars:
+    if v in os.environ:
+        ret = os.environ[v]
+        if v in legal_envvars_bool:
+            ret = bool(ret)
+        if v in legal_envvars_int:
+            ret = int(ret)
+        sys.modules[__name__].__dict__[v] = ret
+
+
diff --git a/docker/Production/entrypoint.sh b/docker/Production/entrypoint.sh
new file mode 100644
index 0000000..74efa61
--- /dev/null
+++ b/docker/Production/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -Eeuo pipefail
+cd /opt/powerdns-admin
+
+DB_MIGRATION_DIR='./migrations'
+
+if [ ! -f ./config.py ]; then
+    cat ./config_template.py ./docker/Production/config_docker.py > ./config.py
+fi
+
+if [ "$1" == gunicorn ]; then
+    if [ ! -d "${DB_MIGRATION_DIR}" ]; then
+        flask db init --directory ${DB_MIGRATION_DIR}
+        flask db migrate -m "Init DB" --directory ${DB_MIGRATION_DIR}
+        flask db upgrade --directory ${DB_MIGRATION_DIR}
+        ./init_data.py
+    else
+        flask db migrate -m "Upgrade DB Schema" --directory ${DB_MIGRATION_DIR}
+        flask db upgrade --directory ${DB_MIGRATION_DIR}
+    fi
+fi
+
+exec "$@"

From b77be8d15891f54d78f78e28c7a76d5a5f4b54f9 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 18:48:31 +0800
Subject: [PATCH 2/9] add setuptools

---
 docker/Production/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 0d976f5..79ed6ae 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="k@ndk.name"
 ENV LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8
 
 RUN apt-get update -y \
-	&& apt-get install -y --no-install-recommends apt-transport-https locales locales-all python3-pip python3-dev curl libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config build-essential libmariadb-dev-compat \
+	&& apt-get install -y --no-install-recommends apt-transport-https locales locales-all python3-pip python3-setuptools python3-dev curl libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config build-essential libmariadb-dev-compat \
     && curl -sL https://deb.nodesource.com/setup_10.x | bash - \
     && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
     && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \

From ed77afcdd67966364ea029e44e6d94579bf2ea04 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 19:20:37 +0800
Subject: [PATCH 3/9] yarn now do not need --pure-lockfile

---
 docker/Production/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 79ed6ae..cc4a403 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -17,7 +17,7 @@ WORKDIR /opt/powerdns-admin
 COPY . .
 RUN pip3 install -r requirements.txt \
     && pip3 install psycopg2-binary \
-    && yarn install --pure-lockfile \
+    && yarn install \
     && flask assets build
 
 COPY ./docker/Production/entrypoint.sh /usr/local/bin/

From 5d23c71bcbb267068d385a9e9716c088d3734195 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 19:45:56 +0800
Subject: [PATCH 4/9] add the true yarn

---
 docker/Production/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index cc4a403..6a2e386 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -8,6 +8,7 @@ RUN apt-get update -y \
     && curl -sL https://deb.nodesource.com/setup_10.x | bash - \
     && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
     && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \
+    && apt-get update -y \
     && apt-get install -y nodejs yarn \
     && apt-get clean -y \
 	&& rm -rf /var/lib/apt/lists/*
@@ -17,7 +18,7 @@ WORKDIR /opt/powerdns-admin
 COPY . .
 RUN pip3 install -r requirements.txt \
     && pip3 install psycopg2-binary \
-    && yarn install \
+    && yarn install --pure-lockfile \
     && flask assets build
 
 COPY ./docker/Production/entrypoint.sh /usr/local/bin/

From 8e11686b7dc790b7104d4fffc9745849699398b4 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 20:15:45 +0800
Subject: [PATCH 5/9] temporary create config.py to make flask work

---
 docker/Production/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 6a2e386..44d3273 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -19,7 +19,9 @@ COPY . .
 RUN pip3 install -r requirements.txt \
     && pip3 install psycopg2-binary \
     && yarn install --pure-lockfile \
-    && flask assets build
+    && cp config_template.py config.py \
+    && flask assets build \
+    && rm config.py
 
 COPY ./docker/Production/entrypoint.sh /usr/local/bin/
 

From 8c85119f5cb872d119d2fa4755afa0628cbc819b Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 20:53:31 +0800
Subject: [PATCH 6/9] fix dockerfile

---
 docker/Production/Dockerfile       | 1 +
 docker/Production/config_docker.py | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 44d3273..1f1aea9 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -24,6 +24,7 @@ RUN pip3 install -r requirements.txt \
     && rm config.py
 
 COPY ./docker/Production/entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
 
 ENV FLASK_APP=app/__init__.py
 EXPOSE 80/tcp
diff --git a/docker/Production/config_docker.py b/docker/Production/config_docker.py
index 99b8c48..6be6d5f 100644
--- a/docker/Production/config_docker.py
+++ b/docker/Production/config_docker.py
@@ -1,3 +1,7 @@
+# defaults for Docker image
+BIND_ADDRESS='0.0.0.0'
+PORT=80
+
 legal_envvars = (
     'SECRET_KEY',
     'BIND_ADDRESS',

From d8bb62900d64b244ad6282237ab8e7e04b1f309e Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 21:03:19 +0800
Subject: [PATCH 7/9] simply upgrade database

---
 docker/Production/entrypoint.sh | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/docker/Production/entrypoint.sh b/docker/Production/entrypoint.sh
index 74efa61..215a9ab 100644
--- a/docker/Production/entrypoint.sh
+++ b/docker/Production/entrypoint.sh
@@ -2,22 +2,12 @@
 set -Eeuo pipefail
 cd /opt/powerdns-admin
 
-DB_MIGRATION_DIR='./migrations'
-
 if [ ! -f ./config.py ]; then
     cat ./config_template.py ./docker/Production/config_docker.py > ./config.py
 fi
 
 if [ "$1" == gunicorn ]; then
-    if [ ! -d "${DB_MIGRATION_DIR}" ]; then
-        flask db init --directory ${DB_MIGRATION_DIR}
-        flask db migrate -m "Init DB" --directory ${DB_MIGRATION_DIR}
-        flask db upgrade --directory ${DB_MIGRATION_DIR}
-        ./init_data.py
-    else
-        flask db migrate -m "Upgrade DB Schema" --directory ${DB_MIGRATION_DIR}
-        flask db upgrade --directory ${DB_MIGRATION_DIR}
-    fi
+    flask db upgrade
 fi
 
 exec "$@"

From 7878ecda2ae3e9c70d93457bd04ef8eee80141b9 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Fri, 12 Jul 2019 22:20:59 +0800
Subject: [PATCH 8/9] allow setting gunicorn default args via environment
 variables

---
 docker/Production/Dockerfile    |  2 +-
 docker/Production/entrypoint.sh | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 1f1aea9..45489a8 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -29,4 +29,4 @@ RUN chmod +x /usr/local/bin/entrypoint.sh
 ENV FLASK_APP=app/__init__.py
 EXPOSE 80/tcp
 ENTRYPOINT ["entrypoint.sh"]
-CMD ["gunicorn", "-t", "120", "--workers", "4", "--bind", "0.0.0.0:80", "--log-level", "info" ,"app:app"]
+CMD ["gunicorn","app:app"]
diff --git a/docker/Production/entrypoint.sh b/docker/Production/entrypoint.sh
index 215a9ab..f705d35 100644
--- a/docker/Production/entrypoint.sh
+++ b/docker/Production/entrypoint.sh
@@ -2,12 +2,19 @@
 set -Eeuo pipefail
 cd /opt/powerdns-admin
 
+GUNICORN_TIMEOUT="${GUINCORN_TIMEOUT:-120}"
+GUNICORN_WORKERS="${GUNICORN_WORKERS:-4}"
+GUNICORN_LOGLEVEL="${GUNICORN_LOGLEVEL:-info}"
+
 if [ ! -f ./config.py ]; then
     cat ./config_template.py ./docker/Production/config_docker.py > ./config.py
 fi
 
+GUNICORN_ARGS="-t ${GUNICORN_TIMEOUT} --workers ${GUNICORN_WORKERS} --bind 0.0.0.0:80 --log-level ${GUNICORN_LOGLEVEL}"
 if [ "$1" == gunicorn ]; then
     flask db upgrade
-fi
+    exec "$@" $GUNICORN_ARGS
 
-exec "$@"
+else
+    exec "$@"
+fi

From 71a87dc38fb1a6d551b8808bd966b8bcc5c5a428 Mon Sep 17 00:00:00 2001
From: James Swineson <github@public.swineson.me>
Date: Sat, 13 Jul 2019 09:01:41 +0800
Subject: [PATCH 9/9] pkg-config is not used

---
 docker/Production/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Production/Dockerfile b/docker/Production/Dockerfile
index 45489a8..f328302 100644
--- a/docker/Production/Dockerfile
+++ b/docker/Production/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="k@ndk.name"
 ENV LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8
 
 RUN apt-get update -y \
-	&& apt-get install -y --no-install-recommends apt-transport-https locales locales-all python3-pip python3-setuptools python3-dev curl libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config build-essential libmariadb-dev-compat \
+	&& apt-get install -y --no-install-recommends apt-transport-https locales locales-all python3-pip python3-setuptools python3-dev curl libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev build-essential libmariadb-dev-compat \
     && curl -sL https://deb.nodesource.com/setup_10.x | bash - \
     && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
     && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \