# How to deploy

!!! info "This is how **we** deploy"

    This page describes how the main instance is deployed, and is mainly meant as a
    way to share the knowledge. You can obviously do things differently.

## Services

"La chariotte" uses different domains:

- **docs.chariotte.fr**, the docs you are reading now. It's handled by [readthedocs.org](https://readthedocs.org).
- **chariotte.fr**, the main instance. It's deployed on Alwaysdata
- **blog.chariotte.fr**, our blog. It's [a static website](https://gitlab.com/la-chariotte/la-chariotte.gitlab.io) deployed on Gitlab pages.

## The main instance

### Alwaysdata, our hosting provider

[Alwaysdata](https://www.alwaysdata.com) offers [a free plan for open source
projects](https://www.alwaysdata.com/en/open-source/), which we are using for
the main instance of la chariotte.

Thanks to them for supporting open source!

### Getting access

To get access, you'll need to generate an ssh keypair, and give your public key to a known admin.

```bash
ssh-keygen
```

This will generate a private a public key. You need to share the **public** key.
On unix systems, it's stored under `~/.ssh/id_rsa.pub` by default.

### Connecting to ssh

Once your key is generated and you're known to the server, you can connect there.

```bash
ssh chariotte@ssh-chariotte.alwaysdata.net
```

### Configuration file

The chariotte application is run by [uwsgi](https://uwsgi-docs.readthedocs.io/
en/latest/), managed by AlwaysData.

The production settings are stored in `~/ la_chariotte/prod_settings.py`, and
the secrets are defined in the admin console.

Here are the settings, with some comments that might be useful.

```python title="prod_settings.py"
SECRET_KEY = "YOUR SECRET KEY HERE, used to hash the passwords. CHANGE IT."

# We're connecting to a psql server, AD manages the access and the backups.
DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.postgresql",
        "NAME": "chariotte_prod",
        "USER": "chariotte_prod",
        "PASSWORD": "",
        "HOST": "host",
    }
}

ALLOWED_HOSTS = ["chariotte.fr",]
DEBUG = False

# We're sending mails using AD infrastructure
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_FROM = 'notification@chariotte.fr'
EMAIL_HOST = 'smtp-chariotte.alwaysdata.net'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'notification@chariotte.fr'
EMAIL_HOST_PASSWORD = "XXX"
EMAIL_USE_TLS = True

DEFAULT_FROM_EMAIL = os.getenv(
    "DJANGO_DEFAULT_FROM_EMAIL", "La Chariotte <notification@chariotte.fr>"
)

CONTACT_MAIL = "contact@chariotte.fr"

# We're collecting the static files on this specific folder.
STATIC_ROOT = "/home/chariotte/static/"
```

We're using sentry (sentry.io) to be alerted when an error happens on the server

```python title="prod_settings.py"
import sentry_sdk

sentry_sdk.init(
    dsn="PUT YOUR DSN HERE",
    # Set traces_sample_rate to 1.0 to capture 100%
    # of transactions for performance monitoring.
    traces_sample_rate=1.0,
    # Set profiles_sample_rate to 1.0 to profile 100%
    # of sampled transactions.
    # We recommend adjusting this value in production.
    profiles_sample_rate=1.0,
)
```

### The different sites

In the AD console, here are the defined sites:

- `app.chariotte.fr`, redirecting to `chariotte.fr`
- `chariotte.fr/static`, hosting the static files, it just serves the collected static files stored in `/static/`
- `chariotte.fr`, the main website, defined in the next section

`chariotte.fr` is configured as a Python WSGI app:

- application path: `/la_chariotte/la_chariotte/wsgi.py`
- working directory: `/la_chariotte`
- venv location: `/venv`

Environment variables:

```
DJANGO_SETTINGS_MODULE=prod_settings
```

### How to deploy

To deploy a new version, we'll need to:

- get the new code
- update the database
- collect the static files
- restart the daemon

Here's how:

```bash
# Activate the venv
source venv/bin/activate
cd la_chariotte

# Get the code
git fetch
git checkout tag # if we're using a tag, otherwise, just checkout the main branch

python manage.py updatedb
python manage.py collectstatic
```

Then you'll need to restart the server from AD's interface.

### What about SSL certificates?

The SSL certificates are issued directly by AlwaysData (they use [Let's Encrypt]
(https://letsencrypt.org/) behind the scenes)

## Mails

Mails are hosted by alwaysdata, as part of their opensource plan.