Restructure startup procedure

2025-11-04 04:12:45 +00:00 · 2023-09-25 10:11:11 +02:00
parent 4a9a03e648
commit 4581367d04
15 changed files with 399 additions and 236 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -8,5 +8,6 @@
 !.flaskenv
 !boot.sh
 !config.py
 !docker-entrypoint.sh
 !nopaque.py
 !requirements.txt
--- a/.env.tpl
+++ b/.env.tpl
@@ -1,204 +1,29 @@
-################################################################################
+##############################################################################
-# Docker                                                                       #
+# Variables for use in Docker Compose YAML files                             #
-################################################################################
+##############################################################################
 # DEFAULT: ./data
 # NOTE: Use `.` as <project-basedir>
 # HOST_DATA_DIR=
 # Example: 1000
 # HINT: Use this bash command `id -u`
 # NOTE: 0 (= root user) is not allowed
 HOST_UID=
 # Example: 1000
 # HINT: Use this bash command `id -g`
 HOST_GID=
 # Example: 999
 # HINT: Use this bash command `getent group docker | cut -d: -f3`
 HOST_DOCKER_GID=
-# DEFAULT: ./logs
+# DEFAULT: nopaque
-# NOTES: Use `.` as <project-basedir>
+DOCKER_DEFAULT_NETWORK_NAME=nopaque
 # HOST_LOG_DIR=
-# DEFAULT: nopaque_default
+# DEFAULT: ./volumes/db/data
-# DOCKER_NETWORK_NAME=
+DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH=./volumes/db/data
-################################################################################
+# DEFAULT: ./volumes/mq/data
-# Flask                                                                        #
+DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH=./volumes/mq/data
 # https://flask.palletsprojects.com/en/1.1.x/config/                           #
 ################################################################################
 # CHOOSE ONE: http, https
 # DEFAULT: http
 # PREFERRED_URL_SCHEME=
-# DEFAULT: hard to guess string
+# NOTE: This must be a network share and it must be available on all
-# HINT: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
+#       Docker Swarm nodes, mounted to the same path with the same
-# SECRET_KEY=
+#       user and group ownership.
 DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH=
-# DEFAULT: localhost:5000
+# DEFAULT: ./volumes/nopaque/logs
-# Example: nopaque.example.com/nopaque.example.com:5000
+DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH=./volumes/nopaque/logs
 # HINT: If your instance is publicly available on a different Port then 80/443,
 #       you will have to add this to the server name
 # SERVER_NAME=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set to true if you redirect http to https
 # SESSION_COOKIE_SECURE=
 ################################################################################
 # Flask-Assets                                                                 #
 # https://webassets.readthedocs.io/en/latest/                                  #
 ################################################################################
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # ASSETS_DEBUG=
 ################################################################################
 # Flask-Hashids                                                                #
 # https://github.com/Pevtrick/Flask-Hashids                                    #
 ################################################################################
 # DEFAULT: 16
 # HASHIDS_MIN_LENGTH=
 # NOTE: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
 #       It is strongly recommended that this is NEVER the same as the SECRET_KEY
 HASHIDS_SALT=
 ################################################################################
 # Flask-Login                                                                  #
 # https://flask-login.readthedocs.io/en/latest/                                #
 ################################################################################
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set to true if you redirect http to https
 # REMEMBER_COOKIE_SECURE=
 ################################################################################
 # Flask-Mail                                                                   #
 # https://pythonhosted.org/Flask-Mail/                                         #
 ################################################################################
 # EXAMPLE: nopaque Admin <nopaque@example.com>
 MAIL_DEFAULT_SENDER=
 MAIL_PASSWORD=
 # EXAMPLE: smtp.example.com
 MAIL_SERVER=
 # EXAMPLE: 587
 MAIL_PORT=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # MAIL_USE_SSL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # MAIL_USE_TLS=
 # EXAMPLE: nopaque@example.com
 MAIL_USERNAME=
 ################################################################################
 # Flask-SQLAlchemy                                                             #
 # https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/                  #
 ################################################################################
 # DEFAULT: 'sqlite:///<nopaque-basedir>/data.sqlite'
 # NOTE: Use `.` as <nopaque-basedir>,
 #       Don't use a SQLite database when using Docker
 # SQLALCHEMY_DATABASE_URI=
 ################################################################################
 # nopaque                                                                      #
 ################################################################################
 # An account is registered with this email adress gets automatically assigned
 # the administrator role.
 # EXAMPLE: admin.nopaque@example.com
 NOPAQUE_ADMIN=
 # DEFAULT: /mnt/nopaque
 # NOTE: This must be a network share and it must be available on all Docker
 #       Swarm nodes
 # NOPAQUE_DATA_DIR=
 # CHOOSE ONE: False, True
 # DEFAULT: True
 # NOPAQUE_IS_PRIMARY_INSTANCE=
 # transport://[userid:password]@hostname[:port]/[virtual_host]
 NOPAQUE_SOCKETIO_MESSAGE_QUEUE_URI=
 # NOTE: Get these from the nopaque development team
 NOPAQUE_DOCKER_REGISTRY_USERNAME=
 NOPAQUE_DOCKER_REGISTRY_PASSWORD=
 # DEFAULT: %Y-%m-%d %H:%M:%S
 # NOPAQUE_LOG_DATE_FORMAT=
 # DEFAULT: [%(asctime)s] %(levelname)s in %(pathname)s (function: %(funcName)s, line: %(lineno)d): %(message)s
 # NOPAQUE_LOG_FORMAT=
 # DEFAULT: INFO
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # NOPAQUE_LOG_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: True
 # NOPAQUE_LOG_FILE_ENABLED=
 # DEFAULT: <nopaque-basedir>/logs
 # NOTE: Use `.` as <nopaque-basedir>
 # NOPAQUE_LOG_FILE_DIR=
 # DEFAULT: NOPAQUE_LOG_LEVEL
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # NOPAQUE_LOG_FILE_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # NOPAQUE_LOG_STDERR_ENABLED=
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # DEFAULT: NOPAQUE_LOG_LEVEL
 # NOPAQUE_LOG_STDERR_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set this to True only if you are using a proxy in front of nopaque
 # NOPAQUE_PROXY_FIX_ENABLED=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-For
 # NOPAQUE_PROXY_FIX_X_FOR=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Host
 # NOPAQUE_PROXY_FIX_X_HOST=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Port
 # NOPAQUE_PROXY_FIX_X_PORT=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Prefix
 # NOPAQUE_PROXY_FIX_X_PREFIX=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Proto
 # NOPAQUE_PROXY_FIX_X_PROTO=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # NOPAQUE_TRANSKRIBUS_ENABLED=
 # READ-COOP account data: https://readcoop.eu/
 # NOPAQUE_READCOOP_USERNAME=
 # NOPAQUE_READCOOP_PASSWORD=
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 # nopaque specifics
 app/static/gen/
-data/
+volumes/
 docker-compose.override.yml
 logs/
 !logs/dummy
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,42 @@
 default:
  image: docker:24.0.6
  services:
    - docker:24.0.6-dind
  tags:
    - docker
 variables:
  DOCKER_TLS_CERTDIR: /certs
 build_image:
  stage: build
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      when: on_success
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
      when: "on_success"
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - when: never
  before_script:
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG
 include:
  - template: Security/Container-Scanning.gitlab-ci.yml
 container_scanning:
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      when: on_success
      variables:
        CS_IMAGE: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
      when: on_success
      variables:
        CS_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}
    - when: never
--- a/39
+++ b/39
@@ -4,11 +4,6 @@ FROM python:3.11.5-slim-bookworm
 LABEL authors="Patrick Jentsch <p.jentsch@uni-bielefeld.de>"
 ARG DOCKER_GID
 ARG UID
 ARG GID
 ENV LANG="C.UTF-8"
 ENV PYTHONDONTWRITEBYTECODE="1"
 ENV PYTHONUNBUFFERED="1"
@@ -17,34 +12,42 @@ ENV PYTHONUNBUFFERED="1"
 RUN apt-get update \
 && apt-get install --no-install-recommends --yes \
      build-essential \
      gosu \
      libpq-dev \
 && rm --recursive /var/lib/apt/lists/*
-RUN groupadd --gid "${DOCKER_GID}" docker \
+COPY docker-entrypoint.sh /usr/local/bin/
- && groupadd --gid "${GID}" nopaque \
+
- && useradd --create-home --gid nopaque --groups "${DOCKER_GID}" --no-log-init --uid "${UID}" nopaque
+
 RUN useradd --create-home --no-log-init nopaque \
 && groupadd docker \
 && usermod --append --groups docker nopaque
 USER nopaque
 WORKDIR /home/nopaque
-ENV PYTHON3_VENV_PATH="/home/nopaque/venv"
+ENV NOPAQUE_PYTHON3_VENV_PATH="/home/nopaque/.venv"
-RUN python3 -m venv "${PYTHON3_VENV_PATH}"
+RUN python3 -m venv "${NOPAQUE_PYTHON3_VENV_PATH}"
-ENV PATH="${PYTHON3_VENV_PATH}/bin:${PATH}"
+ENV PATH="${NOPAQUE_PYTHON3_VENV_PATH}/bin:${PATH}"
 COPY --chown=nopaque:nopaque requirements.txt .
 RUN python3 -m pip install --requirement requirements.txt \
 && rm requirements.txt
 COPY --chown=nopaque:nopaque app app
 COPY --chown=nopaque:nopaque migrations migrations
 COPY --chown=nopaque:nopaque tests tests
-COPY --chown=nopaque:nopaque .flaskenv boot.sh config.py nopaque.py ./
+COPY --chown=nopaque:nopaque .flaskenv boot.sh config.py nopaque.py requirements.txt ./
 RUN python3 -m pip install --requirement requirements.txt \
 && mkdir logs
 USER root
 EXPOSE 5000
-ENTRYPOINT ["./boot.sh"]
+ENTRYPOINT ["docker-entrypoint.sh"]
--- a/app/init.py
+++ b/app/init.py
@@ -13,7 +13,6 @@ from flask_paranoid import Paranoid
 from flask_socketio import SocketIO
 from flask_sqlalchemy import SQLAlchemy
 from flask_hashids import Hashids
 from werkzeug.exceptions import HTTPException
 apifairy = APIFairy()
--- a/app/daemon/corpus_utils.py
+++ b/app/daemon/corpus_utils.py
@@ -143,7 +143,7 @@ def _create_cqpserver_container(corpus):
    ''' ## Name ## '''
    name = f'cqpserver_{corpus.id}'
    ''' ## Network ## '''
-    network = f'{current_app.config["DOCKER_NETWORK_NAME"]}'
+    network = f'{current_app.config["NOPAQUE_DOCKER_NETWORK_NAME"]}'
    ''' ## Volumes ## '''
    volumes = []
    ''' ### Corpus data volume ### '''
--- a/app/main/cli.py
+++ b/app/main/cli.py
@@ -43,3 +43,5 @@ def deploy():
    SpaCyNLPPipelineModel.insert_defaults()
    print('Insert/Update default TesseractOCRPipelineModels')
    TesseractOCRPipelineModel.insert_defaults()
    # TODO: Implement checks for if the nopaque network exists
--- a/boot.sh
+++ b/boot.sh
@@ -13,7 +13,7 @@ display_help() {
    echo "Run '${script_name} COMMAND --help' for more information on a command."
 }
-if [[ "${#}" -eq 0 ]]; then
+if [[ "${#}" == "0" ]]; then
    if [[ "${NOPAQUE_IS_PRIMARY_INSTANCE:-True}" == "True" ]]; then
        while true; do
            flask deploy
@@ -26,7 +26,7 @@ if [[ "${#}" -eq 0 ]]; then
    fi
    python3 nopaque.py
 elif [[ "${1}" == "flask" ]]; then
-    flask "${@:2}"
+    flask ${@:2}
 elif [[ "${1}" == "--help" || "${1}" == "-h" ]]; then
    display_help
 else
--- a/config.py
+++ b/config.py
@@ -7,13 +7,10 @@ import os
 basedir = os.path.abspath(os.path.dirname(__file__))
-load_dotenv(os.path.join(basedir, '.env'))
+load_dotenv(os.path.join(basedir, 'nopaque.env'))
 class Config:
    ''' Docker '''
    DOCKER_NETWORK_NAME = os.environ.get('DOCKER_NETWORK_NAME', 'nopaque_default')
    ''' APIFairy '''
    APIFAIRY_TITLE = 'nopaque'
    APIFAIRY_VERSION = '0.0.1'
@@ -35,8 +32,8 @@ class Config:
    ASSETS_DEBUG = os.environ.get('ASSETS_DEBUG', 'false').lower() == 'true'
    ''' # Flask-Hashids '''
-    HASHIDS_MIN_LENGTH = 16
+    HASHIDS_MIN_LENGTH = int(os.environ.get('HASHIDS_MIN_LENGTH', '16'))
-    HASHIDS_SALT=os.environ.get('HASHIDS_SALT')
+    HASHIDS_SALT=os.environ.get('HASHIDS_SALT', 'hard to guess string')
    ''' # Flask-Login # '''
    REMEMBER_COOKIE_SECURE = \
@@ -61,7 +58,7 @@ class Config:
    ''' # nopaque # '''
    NOPAQUE_ADMIN = os.environ.get('NOPAQUE_ADMIN')
    NOPAQUE_DATA_DIR = \
-        os.path.abspath(os.environ.get('NOPAQUE_DATA_DIR', '/mnt/nopaque'))
+        os.path.abspath(os.environ.get('NOPAQUE_DATA_PATH', '/mnt/nopaque'))
    NOPAQUE_IS_PRIMARY_INSTANCE = \
        os.environ.get('NOPAQUE_IS_PRIMARY_INSTANCE', 'true').lower() == 'true'
    NOPAQUE_MAIL_SUBJECT_PREFIX = '[nopaque]'
@@ -74,6 +71,8 @@ class Config:
    NOPAQUE_DOCKER_REGISTRY = 'gitlab.ub.uni-bielefeld.de:4567'
    NOPAQUE_DOCKER_IMAGE_PREFIX = f'{NOPAQUE_DOCKER_REGISTRY}/sfb1288inf/'
    NOPAQUE_DOCKER_NETWORK_NAME = \
        os.environ.get('DOCKER_NETWORK_NAME', 'nopaque')
    NOPAQUE_DOCKER_REGISTRY_USERNAME = \
        os.environ.get('NOPAQUE_DOCKER_REGISTRY_USERNAME')
    NOPAQUE_DOCKER_REGISTRY_PASSWORD = \
@@ -90,7 +89,7 @@ class Config:
    NOPAQUE_LOG_FILE_ENABLED = \
        os.environ.get('NOPAQUE_LOG_FILE_ENABLED', 'true').lower() == 'true'
    NOPAQUE_LOG_FILE_DIR = \
-        os.environ.get('NOPAQUE_LOG_FILE_DIR', os.path.join(basedir, 'logs'))
+        os.environ.get('NOPAQUE_LOGS_PATH', os.path.join(basedir, 'logs'))
    NOPAQUE_LOG_FILE_LEVEL = \
        os.environ.get('NOPAQUE_LOG_FILE_LEVEL', NOPAQUE_LOG_LEVEL)
    NOPAQUE_LOG_STDERR_ENABLED = \
--- a/db.env.tpl
+++ b/db.env.tpl
@@ -1,4 +1,11 @@
-POSTGRES_DB_NAME=
+##############################################################################
 # Environment variables to configure the db service in docker-compose.yml.   #
 #                                                                            #
 # More information about the environment variables can be found here:        #
 # https://hub.docker.com/_/postgres                                          #
 ##############################################################################
 POSTGRES_DB=
 POSTGRES_USER=
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,17 @@
 version: "3.5"
 # The docker-compose.yml file is not meant to be modified itself. 
 # Instead use the following files for configurations:
 # - .env: Environment variables for the docker-compose.yml file.
 # - db.env: Environment variables for the database service.
 # - nopaque.env: Environment variables for the nopaque service.
 # - docker-compose.override.yml: Override the docker-compose.yml file.
 #   - Don't change too much here, it's meant for configurations like exposing
 #     ports for development or adding labels for e.g. traefik.
 networks:
  default:
-    name: "${DOCKER_NETWORK_NAME:-nopaque_default}"
+    name: "${DOCKER_DEFAULT_NETWORK_NAME}"
 services:
  db:
@@ -10,28 +19,46 @@ services:
    image: postgres:11
    restart: unless-stopped
    volumes:
-      - "${HOST_DATA_DIR:-./data}/db:/var/lib/postgresql/data"
+      - type: bind
        source: "${DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH}"
        target: "/var/lib/postgresql/data"
  mq:
    image: redis:6
    restart: unless-stopped
    volumes:
-      - "${HOST_DATA_DIR:-./data}/mq:/data"
+      - type: bind
        source: "${DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH}"
        target: "/data"
  nopaque:
-    build:
+    build: .
      args:
        DOCKER_GID: ${HOST_DOCKER_GID}
        GID: ${HOST_GID}
        UID: ${HOST_UID}
      context: .
    depends_on:
      - db
      - mq
-    env_file: .env
+    env_file:
      - nopaque.env
    environment:
      # This section overrides the values set in the nopaque.env file. Do not
      # override the environment variables in a docker-compose.override.yml
      # file unless you really know what you are doing.
      - NOPAQUE_UID=${HOST_UID}
      - NOPAQUE_GID=${HOST_GID}
      - DOCKER_GID=${HOST_DOCKER_GID}
      - NOPAQUE_DATA_PATH=${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}
      - NOPAQUE_DOCKER_NETWORK_NAME=${DOCKER_DEFAULT_NETWORK_NAME}
      - NOPAQUE_LOGS_PATH=/home/nopaque/logs
    image: nopaque:latest
    restart: unless-stopped
    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
+      - type: bind
-      - "${NOPAQUE_DATA_DIR:-/mnt/nopaque}:${NOPAQUE_DATA_DIR:-/mnt/nopaque}"
+        source: "/var/run/docker.sock"
-      - "${HOST_LOG_DIR-./logs}:${NOPAQUE_LOG_DIR:-/home/nopaque/logs}"
+        target: "/var/run/docker.sock"
      # TODO: Make this less quirky. The target path should be variable.
      #       In order to achieve this, a cifs volume needs to be configured.
      - type: bind
        source: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
        target: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
      - type: bind
        source: "${DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH}"
        target: "/home/nopaque/logs"
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,55 @@
 #!/bin/bash
 GREEN_COLOR="\033[0;32m"
 RED_COLOR="\033[0;31m"
 NO_COLOR="\033[0m"
 CHECK_MARK="\xE2\x9C\x93"
 CROSS_MARK="\xE2\x9D\x8C"
 echo -n "Set container UID and GIDs to match the host system..."
 if [[ "${NOPAQUE_UID}" == 0 ]]; then
    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
    echo "Running as root is not allowed"
    exit 1
 else
    echo ""
 fi
 echo -n "- Updating docker GID ($(getent group docker | cut -d: -f3) -> ${DOCKER_GID})... "
 groupmod --gid "${DOCKER_GID}" docker > /dev/null
 if [[ "${?}" == "0" ]]; then
    echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
    exit 1
 fi
 echo -n "- Updating nopaque GID ($(id -g nopaque) -> ${NOPAQUE_GID})... "
 groupmod --gid "${NOPAQUE_GID}" nopaque > /dev/null
 if [[ "${?}" == "0" ]]; then
    echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
    exit 1
 fi
 echo -n "- Updating nopaque UID ($(id -u nopaque) -> ${NOPAQUE_UID})... "
 usermod --uid "${NOPAQUE_UID}" nopaque > /dev/null
 if [[ "${?}" == "0" ]]; then
    echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
    exit 1
 fi
 echo -n "- Updating nopaque directory owner and group... "
 chown -R nopaque:nopaque /home/nopaque
 if [[ "${?}" == "0" ]]; then
    echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
    exit 1
 fi
 exec gosu nopaque ./boot.sh ${@}
--- a/logs/dummy
+++ b/logs/dummy
--- a/nopaque.env.tpl
+++ b/nopaque.env.tpl
@@ -0,0 +1,203 @@
 ##############################################################################
 # Environment variables to configure the nopaque.                            #
 # - When running nopaque with Docker Compose, these variables are set in the #
 #   `docker-compose.yml` file.                                               #
 # - When running nopaque without Docker, these variables are loaded by       #
 #   nopaque in the config.py file                                            #
 ##############################################################################
 ##############################################################################
 # Flask                                                                      #
 # https://flask.palletsprojects.com/en/1.1.x/config/                         #
 ##############################################################################
 # CHOOSE ONE: http, https
 # DEFAULT: http
 # PREFERRED_URL_SCHEME=
 # DEFAULT: hard to guess string
 # HINT: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
 # SECRET_KEY=
 # DEFAULT: localhost:5000
 # EXAMPLES:
 # - nopaque.example.com
 # - nopaque.example.com:5000
 # HINT: If your instance is publicly available on a different Port then 80/443,
 #       you will have to add this to the server name
 # SERVER_NAME=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set to true if you redirect http to https
 # SESSION_COOKIE_SECURE=
 ##############################################################################
 # Flask-Assets                                                               #
 # https://webassets.readthedocs.io/en/latest/                                #
 ##############################################################################
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # ASSETS_DEBUG=
 ##############################################################################
 # Flask-Hashids                                                              #
 # https://github.com/Pevtrick/Flask-Hashids                                  #
 ##############################################################################
 # DEFAULT: 16
 # HASHIDS_MIN_LENGTH=
 # DEFAULT: hard to guess string
 # HINT: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
 # NOTE: In production it is strongly recommended that this is NEVER the same as
 #       the `SECRET_KEY`
 # HASHIDS_SALT=
 ##############################################################################
 # Flask-Login                                                                #
 # https://flask-login.readthedocs.io/en/latest/                              #
 ##############################################################################
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set to true if you redirect http to https
 # REMEMBER_COOKIE_SECURE=
 ##############################################################################
 # Flask-Mail                                                                 #
 # https://pythonhosted.org/Flask-Mail/                                       #
 ##############################################################################
 # EXAMPLE: nopaque Admin <nopaque@example.com>
 MAIL_DEFAULT_SENDER=
 MAIL_PASSWORD=
 # EXAMPLE: smtp.example.com
 MAIL_SERVER=
 # EXAMPLE: 587
 MAIL_PORT=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # MAIL_USE_SSL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # MAIL_USE_TLS=
 # EXAMPLE: nopaque@example.com
 MAIL_USERNAME=
 ##############################################################################
 # Flask-SQLAlchemy                                                           #
 # https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/                #
 ##############################################################################
 # NOTES:
 # - Use `.` as <nopaque-basedir>
 # - Don't use a SQLite database when using Docker Compose
 SQLALCHEMY_DATABASE_URI=
 ##############################################################################
 # nopaque                                                                    #
 ##############################################################################
 # An account is registered with this email adress gets automatically assigned
 # the administrator role
 # EXAMPLE: admin.nopaque@example.com
 NOPAQUE_ADMIN=
 # DEFAULT: /mnt/nopaque
 # NOTES: 
 # - This must be a network share and it must be available on all
 #   Docker Swarm nodes, mounted to the same path with the same
 #   user and group ownership
 # - When running with Docker Compose, this gets overwritten in the
 #   `docker-compose.yml` file
 # NOPAQUE_DATA_PATH=
 # CHOOSE ONE: False, True
 # DEFAULT: True
 # NOPAQUE_IS_PRIMARY_INSTANCE=
 # transport://[userid:password]@hostname[:port]/[virtual_host]
 NOPAQUE_SOCKETIO_MESSAGE_QUEUE_URI=
 # DEFAULT: nopaque
 # NOTE: When running with Docker Compose, this gets overwritten in the
 #       `docker-compose.yml` file
 # NOPAQUE_DOCKER_NETWORK_NAME=
 # NOTE: Get these from the nopaque development team
 NOPAQUE_DOCKER_REGISTRY_USERNAME=
 NOPAQUE_DOCKER_REGISTRY_PASSWORD=
 # DEFAULT: %Y-%m-%d %H:%M:%S
 # NOPAQUE_LOG_DATE_FORMAT=
 # DEFAULT: [%(asctime)s] %(levelname)s in %(pathname)s (function: %(funcName)s, line: %(lineno)d): %(message)s
 # NOPAQUE_LOG_FORMAT=
 # DEFAULT: INFO
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # NOPAQUE_LOG_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: True
 # NOPAQUE_LOG_FILE_ENABLED=
 # DEFAULT: <nopaque-basedir>/logs
 # NOTES:
 # - Use `.` as <nopaque-basedir>
 # - When running with Docker Compose, this gets overwritten in the
 #   `docker-compose.yml` file
 # NOPAQUE_LOGS_PATH=
 # DEFAULT: NOPAQUE_LOG_LEVEL
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # NOPAQUE_LOG_FILE_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # NOPAQUE_LOG_STDERR_ENABLED=
 # DEFAULT: NOPAQUE_LOG_LEVEL
 # CHOOSE ONE: CRITICAL, ERROR, WARNING, INFO, DEBUG
 # NOPAQUE_LOG_STDERR_LEVEL=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # HINT: Set this to True only if you are using a proxy in front of nopaque
 # NOPAQUE_PROXY_FIX_ENABLED=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-For
 # NOPAQUE_PROXY_FIX_X_FOR=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Host
 # NOPAQUE_PROXY_FIX_X_HOST=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Port
 # NOPAQUE_PROXY_FIX_X_PORT=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Prefix
 # NOPAQUE_PROXY_FIX_X_PREFIX=
 # DEFAULT: 0
 # Number of values to trust for X-Forwarded-Proto
 # NOPAQUE_PROXY_FIX_X_PROTO=
 # CHOOSE ONE: False, True
 # DEFAULT: False
 # NOPAQUE_TRANSKRIBUS_ENABLED=
 # READ-COOP account data: https://readcoop.eu/
 # NOPAQUE_READCOOP_USERNAME=
 # NOPAQUE_READCOOP_PASSWORD=