.env.example

@@ -43,12 +43,3 @@ IDHUB_ENABLE_EMAIL=false
 IDHUB_ENABLE_2FACTOR_AUTH=false
 IDHUB_ENABLE_DOMAIN_CHECKER=false
 IDHUB_PREDEFINED_TOKEN='27f944ce-3d58-4f48-b068-e4aa95f97c95'
-
-
-# IDHUB- Postgres
-###
-IDHUB_DB_NAME="idhub"
-IDHUB_DB_USER="ereuse"
-IDHUB_DB_PASSWORD="ereuse"
-IDHUB_DB_HOST="idhub-postgres"
-IDHUB_DB_PORT=5432

docker-compose.override.yml

@@ -1,11 +0,0 @@
-services:
-  idhub:
-    environment:
-      - DEBUG=true
-      - CREATE_TEST_USERS=true
-    volumes:
-      - .:/opt/idhub
-
-  idhub-postgres:
-    ports:
-      - 5433:5432

docker-compose.prod.override.yml

@@ -1,10 +0,0 @@
-services:
-  idhub:
-    environment:
-      - DEBUG=false
-      - CREATE_TEST_USERS=false
-    volumes:
-      - idhub_data:/opt/idhub
-
-volumes:
-  idhub_data:

docker-compose.yml

@@ -7,20 +7,21 @@ services:
       context: .
       dockerfile: docker/idhub.Dockerfile
     environment:
-      # General
       - DOMAIN=${IDHUB_DOMAIN:-localhost}
       - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-$IDHUB_DOMAIN}
       - DEBUG=true
       - DEMO=${IDHUB_DEMO:-}
-
-      # Admin & User
       - INITIAL_ADMIN_EMAIL=${IDHUB_ADMIN_EMAIL}
       - INITIAL_ADMIN_PASSWORD=${IDHUB_ADMIN_PASSWD}
       - CREATE_TEST_USERS=true
-
-      # Email Configuration
       - ENABLE_EMAIL=${IDHUB_ENABLE_EMAIL:-true}
+      - ENABLE_2FACTOR_AUTH=${IDHUB_ENABLE_2FACTOR_AUTH:-true}
       - ENABLE_DOMAIN_CHECKER=${IDHUB_ENABLE_DOMAIN_CHECKER:-true}
+      - PREDEFINED_TOKEN=${IDHUB_PREDEFINED_TOKEN:-}
+      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
+      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
+      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
+      - PORT=${IDHUB_PORT:-9001}
       - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
       - EMAIL_HOST=${IDHUB_EMAIL_HOST}
       - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@@ -28,47 +29,10 @@ services:
       - EMAIL_PORT=${IDHUB_EMAIL_PORT}
       - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
       - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
-
-      # Auth & Security
-      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
-      - PREDEFINED_TOKEN=${IDHUB_PREDEFINED_TOKEN:-}
-      - ENABLE_2FACTOR_AUTH=${IDHUB_ENABLE_2FACTOR_AUTH:-true}
-
-      # App
-      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
-      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
-      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
-      - PORT=${IDHUB_PORT:-9001}
       - SUPPORTED_CREDENTIALS=${IDHUB_SUPPORTED_CREDENTIALS:-}
-
+      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
-      # DB vars
-      - DB_PORT=${IDHUB_DB_PORT:-5432}
-      - DB_HOST=${IDHUB_DB_HOST:-devicehub-postgres}
-      - DB_NAME=${IDHUB_DB_NAME}
-      - DB_USER=${IDHUB_DB_USER}
-      - DB_PASSWORD=${IDHUB_DB_PASSWORD}
-
     ports:
       - ${IDHUB_PORT:-9001}:${IDHUB_PORT:-9001}
-    depends_on:
+    # TODO manage volumes dev vs prod
-      idhub-postgres:
-        condition: service_healthy
-        restart: true
-
-  idhub-postgres:
-    image: postgres:17
-    environment:
-      - POSTGRES_DB=${IDHUB_DB_NAME}
-      - POSTGRES_USER=${IDHUB_DB_USER}
-      - POSTGRES_PASSWORD=${IDHUB_DB_PASSWORD}
     volumes:
-      - idhub_pg_data:/var/lib/postgresql/data
+      - .:/opt/idhub
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${IDHUB_DB_USER} -d ${IDHUB_DB_NAME}"]
-      start_period: 1s
-      interval: 1s
-      timeout: 10s
-      retries: 10
-
-volumes:
-  idhub_pg_data:

docker/idhub.Dockerfile

@@ -4,6 +4,7 @@ FROM python:3.11.7-slim-bookworm
 RUN apt update && \
     apt-get install -y \
     git \
+    sqlite3 \
     jq \
     libpango-1.0-0 libpangoft2-1.0-0 \
       && pip install cffi brotli \

docker/idhub.entrypoint.sh

@@ -28,11 +28,14 @@ END
 }
 
 deployment_strategy() {
+        # detect if existing deployment (TODO only works with sqlite)
+        if [ -f "${idhub_dir}/db.sqlite3" ]; then
+                echo "INFO: detected EXISTING deployment"
+                ./manage.py migrate
 
-        init_flagfile="${idhub_dir}/already_configured.idhub"
+                # warn admin that it should re-enter password to keep the service working
-        if [ ! -f "${init_flagfile}" ]; then
+                ./manage.py send_mail_admins
-
+        else
-                    echo "INFO: detected NEW deployment"
                 # this file helps all docker containers to guess number of hosts involved
                 #   right now is only needed by new deployment for oidc
                 if [ -d "/sharedsecret" ]; then
@@ -55,15 +58,6 @@ deployment_strategy() {
                 else
                         echo "Note: skipping oidc4vp config"
                 fi
-
-                    # remain next command as the last operation for this if conditional
-                    touch "${init_flagfile}"
-
-        else
-                echo "INFO: detected PREVIOUS deployment"
-                ./manage.py migrate
-                # warn admin that it should re-enter password to keep the service working
-                ./manage.py send_mail_admins
         fi
 }
 

requirements.txt

@@ -35,4 +35,3 @@ pyroaring==0.4.5
 coverage==7.4.3
 gunicorn==21.2.0
 pyvckit
-psycopg2-binary==2.9.10

trustchain_idhub/settings.py

@@ -121,15 +121,22 @@ WSGI_APPLICATION = 'trustchain_idhub.wsgi.application'
 
 # Database
 # https://docs.djangoproject.com/en/4.2/ref/settings/#databases
+
 DATABASES = {
-    'default': {
+    # 'default': {
-        'ENGINE': os.getenv('DB_ENGINE', 'django.db.backends.postgresql'),
+    #     'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.getenv('IDHUB_DB_NAME', 'idhub'),
+    #     'NAME': BASE_DIR / 'db.sqlite3',
-        'USER': os.getenv('IDHUB_DB_USER', 'ereuse'),
+    # }
-        'PASSWORD': os.getenv('IDHUB_DB_PASSWORD', 'ereuse'),
+    'default': config(
-        'HOST': os.getenv('IDHUB_DB_HOST', 'idhub-postgres'),
+        'DATABASE_URL',
-        'PORT': os.getenv('IDHUB_DB_PORT', '5432'),
+        default='sqlite:///' + os.path.join(BASE_DIR, 'db.sqlite3'),
-    }
+        cast=db_url
+    )
+    # 'default': config(
+    #     'DATABASE_URL',
+    #     default='sqlite:///' + os.path.join(BASE_DIR, 'db.sqlite3'),
+    #     cast=db_url
+    # )
 }