DRAFT: add docker-compose, dockerfile, and quadlet service files for service.

.config/containers/systemd/hackspace-mgmt.container

@@ -0,0 +1,27 @@
+# documentation: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
+
+[Unit]
+Description=The hackspace-Mgmt container
+After=local-fs.target
+
+# Works if both quadlet services are on the SAME PC!
+After=postgres-mgmt.container
+Requires=postgres-mgmt.container
+
+[Container]
+Image=hackspace-mgmt_app:latest
+# don't think we need an Exec= command
+Annotation="run.oci.keep_original_groups=1"
+UserNS=keep-id
+PublishPort=5000:5000  # change the first port to whatever you want it to be :).
+# HostName=name
+# IP=10.0.0.1
+# IPv6=2001::1
+# DNS=
+# DNSOption=
+# DNSSearch=
+Environment=DATABASE_URI="postgresql+psycopg2://postgres:postgres@localhost:5432/hackspace"
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target

.config/containers/systemd/postgres-mgmt.container

@@ -0,0 +1,39 @@
+# documentation: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
+
+[Unit]
+Description=The postgres container for sensitive data from hackspace-Mgmt
+After=local-fs.target
+# May want to edit the After line to be e.g. after Postgres is available on other PC.
+
+[Container]
+Image=postgres:18
+
+# Apparently needed?
+Annotation="run.oci.keep_original_groups=1"
+UserNS=keep-id
+
+PublishPort=5432:5432  # need to change external port (left side)
+# HostName=name
+# IP=10.0.0.1
+# IPv6=2001::1
+# DNS=
+# DNSOption=
+# DNSSearch=
+
+# First try with these environment variables:
+Environment=POSTGRES_HOST=localhost
+Environment=POSTGRES_USER=postgres
+Environment=POSTGRES_PASSWORD=postgres
+Environment=POSTGRES_DB=hackspace
+
+# Then replace PASSWORD and try again:
+# Secret=POSTGRES_PASSWORD,type=env,target=POSTGRES_PASSWORD
+
+Volume=/srv/USER/data/postgres:/var/lib/postgresql
+Volume=/home/USER/hackspace-mgmt/migration:/docker-entrypoint-initdb.d:ro 
+
+# NETWORK_MODE: HOST  <- MAY BE NEEDED?
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target

Dockerfile

@@ -0,0 +1,13 @@
+# syntax=docker/dockerfile:1
+
+FROM python:latest
+# WORKDIR /app
+COPY . .
+# RUN apt-get update && apt-get install -y python3.11 python3-pip
+ENV PIP_ROOT_USER_ACTION=ignore
+RUN pip install -r requirements.txt
+ENV FLASK_APP hackspace_mgmt:create_app
+#ENV FLASK_ENV development
+EXPOSE 5000
+#CMD ["flask"]
+ENTRYPOINT ["flask", "run", "--host=0.0.0.0", "--debug"]

docker-compose.yml

@@ -0,0 +1,57 @@
+version: '3.8'
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+      # dockerfile: .devcontainer/Dockerfile
+    ports:
+      - "5000:5000"
+    depends_on:
+      - db
+    # volumes:
+    #   - ../..:/workspaces:cached
+
+    # Overrides default command so things don't shut down after the process ends.
+    # command: sleep infinity
+
+    # Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.
+    # network_mode: service:db
+    network_mode: host
+    # Use "forwardPorts" in **devcontainer.json** to forward an app port locally.
+    # (Adding the "ports" property to this file will not forward from a Codespace.)
+
+# DB_17 is provided as a means to stand up a postgres_17 database. I would hope we'll move to postgres_18 eventually.
+  # db_17:
+  #   image: postgres:17
+  #   restart: unless-stopped
+  #   volumes: 
+  #     - postgres-data:/var/lib/postgresql/data
+  #     - ./migration:/docker-entrypoint-initdb.d:ro  # This mounts the hacksapce-mgmt/migration folder to the postgresql container and initialises the hackspace database with all required tables using inserted scripts.
+  #   environment:
+  #     POSTGRES_HOST: localhost
+  #     POSTGRES_USER: postgres
+  #     POSTGRES_DB: hackspace
+  #     POSTGRES_PASSWORD: postgres  # pass in a secret here.
+  #   ports:
+  #     - 5432:5432
+  #   network_mode: host
+
+  db:
+    image: postgres:18
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql
+      - ./migration:/docker-entrypoint-initdb.d:ro  # This mounts the hacksapce-mgmt/migration folder to the postgresql container and initialises the hackspace database with all required tables using inserted scripts.
+    environment:
+      POSTGRES_HOST: localhost
+      POSTGRES_USER: postgres
+      POSTGRES_DB: hackspace
+      POSTGRES_PASSWORD: postgres  # pass in a secret here.
+    ports:
+      - 5432:5432
+    network_mode: host
+
+volumes:
+  postgres-data:

docs/01_dev_environment.md

@@ -4,7 +4,7 @@ This is a somewhat straightforward python Flask app, backed by a Postgres databa
 
 The repository has a dev container configured which you can use if you like.
 
-Requiments:
+Requirements:
 - Python 3.9+
 - PostgreSQL 14+ - installed as part of the devcontainer if you are using it.
 - Some ability to run Postgres queries directly - pgAdmin is a good GUI option, while `psql` is a good CLI - both are bundled with Postgres
@@ -15,10 +15,13 @@ Most of us use VsCode as a lightweight IDE.
 
 ### Database Setup
 
+1. if you've run postgres in a container, first execute in to the container with `podman exec -it container_name sh` then become the postgres user with `su - postgres`. This wil then allow you to move on to the next step.
 1. Connect to the database using `psql postgres` or using pgAdmin.
 2. Create a database called `hackspace`. In psql, you can run the query `CREATE DATABASE hackspace;` (don't forget the semi-colon!).
 3. Under the `hackspace-mgmt/migration` folder is a bunch of SQL scripts. Run these, in order, against the new hackspace database. In pgAdmin, you would right click on the database and open the `Query` tool. Then copy-paste in the contents of each file and run them one-by-one.
 
+if you've connected to psql in a container, run each of these commands in a series: `postgres@564b3daf528f:/testdata/migration$ psql -d hackspace < 19_address_not_null.sql `
+
 If you had to change the username, then you'll want to create a postgres user. You can do this by right-clicking the server and then _Create->Login/Group role_. Name the role `postgres`, then on the _Priveleges_ tab, enable _Can Login_ and _Superuser_ (this isn't recommended for production, but fine for development).
 
 ### Webserver Setup

docs/03_dockerfile.md

@@ -0,0 +1,35 @@
+# Podman
+build with `podman build -t hackspace-mgmt:latest .`
+
+run with `podman run --name hs-mgmt --network host --rm localhost/hackspace-mgmt:latest`
+
+access on your web browser at `localhost:5000/admin`
+
+# Podman-compose
+run `podman-compose up [--build]`
+access on your web browser at `localhost:5000/admin`
+
+# Quadlet
+Copy the hackspace-mgmt.container file from `./quadlet/` to one of the locations mentioned below.
+do a systemctl daemon-reload (whether as a root or as a `--user`)
+do a systemctl start  hackspace-mgmt.service (whether as a root or as a `--user`)
+`systemctl [--user] status hackspace-mgmt.service` and `podman ps -a` to determine status.
+access on your web browser at `localhost:5000/admin`
+### Quadlet notes
+
+https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/assembly_porting-containers-to-systemd-using-podman_building-running-and-managing-containers
+
+Create the <CTRNAME>.container unit file in one of the following directories:
+
+    For root users: /usr/share/containers/systemd/ or /etc/containers/systemd/
+    For rootless users: $HOME/.config/containers/systemd/, $XDG_CONFIG_HOME/containers/systemd/, /etc/containers/systemd/users/$(UID), or /etc/containers/systemd/users/ 
+
+The orchestration technology used in production is quadlet https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
+The two important settings for allowing the container to use the peer authentication with postgress are:
+
+```
+[container]
+Annotation="run.oci.keep_original_groups=1"
+UserNS=keep-id
+```
+access on your web browser at `localhost:5000/admin`

hackspace_mgmt/__init__.py

@@ -9,6 +9,8 @@ def create_app(test_config=None):
     app.config.from_mapping(
         SECRET_KEY="dev",
         SQLALCHEMY_DATABASE_URI="postgresql+psycopg2://postgres:postgres@localhost:5432/hackspace",
+        # note USERNAME AND PASSWORD NEED TO CHANGE HERE
+        # SQLALCHEMY_DATABASE_URI=os.getenv('DATABASE_URL'),
         STORAGE_LOGIN_SECRET="dev",
         STORAGE_APP_URL="http://example.com"
     )

hackspace_mgmt/admin/__init__.py

@@ -1,8 +1,9 @@
 from flask_admin import Admin
+from flask_admin.theme import Bootstrap4Theme
 
 from . import machine, induction, firmware_update, card, bulk_card, member, label, quiz, audit
 
-admin = Admin(None, 'Hackspace Management Admin', template_mode='bootstrap4', endpoint="admin", url="/admin")
+admin = Admin(None, 'Hackspace Management Admin', theme=Bootstrap4Theme(), endpoint="admin", url="/admin")
 
 machine.create_views(admin)
 induction.create_views(admin)
@@ -12,4 +13,4 @@
 member.create_views(admin)
 label.create_views(admin)
 quiz.create_views(admin)
-audit.create_views(admin)
+audit.create_views(admin)