From 742d527ffab976f9487eb841d5cab183c7a49775 Mon Sep 17 00:00:00 2001
From: Daniel Egger <daniel.egger@gmail.com>
Date: Wed, 24 Aug 2022 15:07:02 +0200
Subject: [PATCH] VBV-133: Aufbau Stage- und Prod-Umgebung auf CapRover

---
 README.md                      |  17 +++++++++++++
 caprover_create_app.py         |  43 ++++++++++++++++++++++++---------
 caprover_deploy.sh             |  15 ++++++------
 env_secrets/caprover.env       | Bin 1470 -> 0 bytes
 env_secrets/caprover_dev.env   | Bin 0 -> 2020 bytes
 env_secrets/caprover_prod.env  | Bin 0 -> 2286 bytes
 env_secrets/caprover_stage.env | Bin 0 -> 2299 bytes
 git-crypt-encrypted-files.txt  |   8 ++++--
 server/config/settings/base.py |   2 +-
 9 files changed, 64 insertions(+), 21 deletions(-)
 delete mode 100644 env_secrets/caprover.env
 create mode 100644 env_secrets/caprover_dev.env
 create mode 100644 env_secrets/caprover_prod.env
 create mode 100644 env_secrets/caprover_stage.env

diff --git a/README.md b/README.md
index 7c082496..5ec75e70 100644
--- a/README.md
+++ b/README.md
@@ -71,11 +71,28 @@ npm install
 
 ## Deployment to CapRover
 
+### CapRover Dev (vbv-lernwelt.control.iterativ.ch)
+
 ```
 # run deploy script
+./caprover_deploy.sh vbv-lernwelt
+
+# of vbv-lernwelt is default value
 ./caprover_deploy.sh
 ```
 
+### CapRover Stage (myvbv-stage.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv-stage
+```
+
+### CapRover Prod (myvbv.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv
+```
+
 ## IntelliJ Configuration
 
 * In the .idea/vbv_lernwelt.iml file change the module type to "PYTHON_MODULE".
diff --git a/caprover_create_app.py b/caprover_create_app.py
index 6d776d48..870bdc35 100644
--- a/caprover_create_app.py
+++ b/caprover_create_app.py
@@ -3,7 +3,7 @@ import sys
 
 from environs import Env
 
-# TODO: I use a locally patched caprover api for no
+# TODO: I use a locally patched caprover api for now
 sys.path.append(r'/Users/daniel/workspace/iterativ-caprover/Caprover-API')
 from caprover_api import caprover_api
 
@@ -12,7 +12,8 @@ logging.basicConfig(level=logging.DEBUG)
 
 
 env = Env()
-env.read_env("./env_secrets/caprover.env")
+env.read_env("./env_secrets/caprover_stage.env", recurse=False, override=True)
+app_name = "myvbv-stage"
 
 cap = caprover_api.CaproverAPI(
     dashboard_url=env.str('CAPROVER_DOMAIN'),
@@ -25,7 +26,7 @@ db_name = env.str('POSTGRES_DB')
 
 cap.deploy_one_click_app(
     one_click_app_name='postgres',
-    namespace='vbv-lernwelt',
+    namespace=app_name,
     # check https://github.com/caprover/one-click-apps/blob/master/public/v4/apps/postgres.yml
     app_variables={
         '$$cap_postgres_version': '14.2',
@@ -37,23 +38,43 @@ cap.deploy_one_click_app(
 )
 
 cap.create_and_update_app(
-    app_name='vbv-lernwelt',
+    app_name=app_name,
     enable_ssl=True,
     force_ssl=True,
     expose_as_web_app=True,
     image_name='docker.io/iterativ/vbv-lernwelt-django',
     environment_variables={
         # 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
-        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
-        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
-        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
-        'IT_DJANGO_DEBUG': 'false',
-        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
-        'IT_APP_ENVIRONMENT': 'caprover',
-        'POSTGRES_HOST': 'srv-captain--vbv-lernwelt-postgres-db',
+        'IT_APP_ENVIRONMENT': env.str('IT_APP_ENVIRONMENT'),
+
+        'POSTGRES_HOST': f'srv-captain--{app_name}-postgres-db',
         'POSTGRES_PORT': 5432,
         'POSTGRES_DB': db_name,
         'POSTGRES_USER': db_user,
         'POSTGRES_PASSWORD': db_pass,
+
+        'IT_ALLOW_LOCAL_LOGIN': env.str('IT_ALLOW_LOCAL_LOGIN'),
+
+        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
+        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
+        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
+
+        'IT_DJANGO_DEBUG': 'false',
+        'IT_SERVE_VUE': 'false',
+
+        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
+
+        'IT_OAUTH_CLIENT_NAME': env.str('IT_OAUTH_CLIENT_NAME'),
+        'IT_OAUTH_CLIENT_ID': env.str('IT_OAUTH_CLIENT_ID'),
+        'IT_OAUTH_CLIENT_SECRET': env.str('IT_OAUTH_CLIENT_SECRET'),
+        'IT_OAUTH_ACCESS_TOKEN_URL': env.str('IT_OAUTH_ACCESS_TOKEN_URL'),
+        'IT_OAUTH_AUTHORIZE_URL': env.str('IT_OAUTH_AUTHORIZE_URL'),
+        'IT_OAUTH_API_BASE_URL': env.str('IT_OAUTH_API_BASE_URL'),
+        'IT_OAUTH_LOCAL_DIRECT_URI': env.str('IT_OAUTH_LOCAL_DIRECT_URI'),
+        'IT_OAUTH_TENANT_ID': env.str('IT_OAUTH_TENANT_ID'),
+        'IT_OAUTH_SCOPE': env.str('IT_OAUTH_SCOPE'),
+        'IT_OAUTH_SERVER_METADATA_URL': env.str('IT_OAUTH_SERVER_METADATA_URL'),
+        'IT_OAUTH_TOKEN_NAME': env.str('IT_OAUTH_TOKEN_NAME'),
+        'IT_OAUTH_LOGOUT_URL': env.str('IT_OAUTH_LOGOUT_URL'),
     },
 )
diff --git a/caprover_deploy.sh b/caprover_deploy.sh
index 8b026264..0f99b4b4 100755
--- a/caprover_deploy.sh
+++ b/caprover_deploy.sh
@@ -6,18 +6,19 @@ LATEST="${REPO}:latest"
 BUILD_TIMESTAMP=$( date '+%F_%H:%M:%S' )
 VERSION_TAG="${REPO}:$VERSION"
 
+APP_NAME=${1:-vbv-lernwelt}
+
+echo "Deploy to $APP_NAME"
+
 # script should fail when any process returns non zero code
 set -ev
 
 # create client
 npm run build
 
-## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
-
 # create and push new docker container
-docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT=$(git log -1 --format=%h) .
-
-
-#deploy to caprover, explicitly use the version tag... so if there is a mismach you get an error message
-caprover deploy -h https://captain.control.iterativ.ch -a vbv-lernwelt -i docker.io/"$VERSION_TAG"
+## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
+docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT="$(git log -1 --format=%h)" .
 
+#deploy to caprover, explicitly use the version tag... so if there is a mismatch you get an error message
+caprover deploy -h https://captain.control.iterativ.ch -a "$APP_NAME" -i docker.io/"$VERSION_TAG"
diff --git a/env_secrets/caprover.env b/env_secrets/caprover.env
deleted file mode 100644
index 738c5c3f72aee2fde0ca9281f717700706269337..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1470
zcmV;v1wr}%M@dveQdv+`0O__L?wUFXNyNUimMyhIg|y018LuFXR81t}Wwe{a>iAo%
znkUhB?_5$Y<t5>PO{WPw8<S?9suQfrhoHL_^}f7722lm)+1dPE3!*55-80Bv$Za}o
zSg=yjl7Ym53cWN?Tx+^YQfuWbd(~#vEl&uN=FQk`$p!-gZ8CSw7z7G5RtyllgR0lb
zhhD*=ptR8}s9vmub#NG-L9klM4YsG;9eT-!sK~We=SLB^dY4>nZBV`Jc|orv6x83F
z3zTI8dS0HnlGPy<m#|EUOUMJkL33K6LVZ4?EI?N5_b}U#iQSA36d$A|xFM%F?t?<8
zVv!v&1r6pI-s7<hH(2oQ4FgAo!L$mg)B@jaby?O%4;I<xC=N>YB6QtM6lYdqvd(@^
z8$GLiF+g<z-2+PW6e0O%^Ht4f4(eyroADy}^M?=q^tz_wSvpSwZb^pL0JnCu<#E8!
zgv30XdmQOUD@+<KY2>`u`tEoOq`(!h=hv%&`NJLCDi9$n*^fYzkp$({aq<J4aF%A8
zgRbib4T}z$Pi8dphOe|Ogy?9_voSB4;mCHF$s(lF;Sf9>kj)C7j2{UrIl|#*kaX5*
zdnk=ajB`0k%&#&+MD$mgV8bryas2&zq9eX=dJ3O+HQh^I<OoKH0@K+~)z8a-H%6R<
z=j7iOKDBv;(WnJ8YVY6x19b=K(#98cA3Gd_Fh+y5Sm?rUiGx6n`<nLZC~r@%8Yc#k
zw1MhS_fCe^i26o$oxoFw$Nf4E->O6^Yx$RxVVCe=#|HD^keVPFa7|ME@KaTZsK*-(
zjV+q<X@!~5sb;dLUqB~&s|>R}wOF8i{E~kv{%iCyqX1X>nvBS~*To*=+_?hke8t=&
zvSY-UBnU!>HJPw4hG57~n^ofY@uXj&SJIL&S9+-+;SRx`AG@dP%YHEQvP_{Fv8jf%
z;V}p*OMRA(2!H4Qb(Ldp1%DJc!D7U#RhsP7*ZKsI5N_5EV{0h>6+wemH)+BX<iu9c
zFD~{&#n{>9%7LR-IywBGXVU_Ec{oa1jKdyQ3rcqcLd$KwXiN2h|8;TxXOoT>t;lBI
zG4*+CoE&sJav{EQg`4@9_5?t69CBsHfw9yNwN7b1v6U<yg>BrpHT#2M%Z+hvnv();
zhr@j5&Y+59^H1&ma7r=Bm?WI(oX^<vpY5vZP$j9KRr|X1n8fd>)g&rV5w|Q)ElUwk
z8fYHe1af2%E5t80ied5gd#3qf-hU*OGCi^^%f<3}Z-^ESQ;rsoS=Q1mojVnn=Yw)L
z;0+z*TyNGaKBK+HN+|}hVs3ZqHiM}}H!8MnGQSXumGoM7nl_V)G2=+5EWmMPT#|)(
z>rzh0`MH=YfRI4vV@4WRLf=xc`?-Q=6IH-&i8uTu4-bw(Rod<+&Wzl}rEz>)k4>aB
zps5!`6OV$-KZC|o7Yd~J`SvFHCy2SIj^sMWZGQEt^7Jx)EB((MB)rE@8$U?wuHCh2
zs9^4rf)cfFFJBKaljNniF?{D9{A8YDAJNpU`S)h4$u1;-v+Y-_U|Lpu`ZCNzaA%Jn
z7%H>q_8=Nr%*oIbNrx0kTLm}-PR)CM8<~87KA3vgcx-g$zu1Z_n}+h%4<xB*zp_p|
zYN;crV2Gd}ni1B-T*g*8=L1pUUd?t!!h`Zl%%PTbj*ZOQUxVj4RP{HZ^}4i*c-CB-
zkoF?T=)@#x4r13%<3QlU^y5v<2`koPq&CZ7^=!Hy=5Ua=xEluN>C4WGW$H-|OqGnG
zAf8her-r4cOHKR<lx#*Bl{wk-W%CY5#pWCu1j9sjv}#_M2P4h)XpN%fDa$0Vh#cOu
zl8oQ8hgE;}n5bPK2>-OI5%^`-Ew?`O<gp?)RBre?vQozwiCVnA88%&3buJ&Qym^3(
Y8RD?Rv8^IyX8H3;ch573`YU$-Ox`!)YXATM

diff --git a/env_secrets/caprover_dev.env b/env_secrets/caprover_dev.env
new file mode 100644
index 0000000000000000000000000000000000000000..4551800db0af9a47626bfd6477ec19c2115636ce
GIT binary patch
literal 2020
zcmV<A2OIbRM@dveQdv+`0IcOV-QI4L+8$_wG-enhGlg0*?MA2UqRpUaKM|d??d3sM
ziCTR64}vwpa_w@dWp6oAhF~{6;Ix<(iy&6Sep7N&A&N+QX?$bi<%zZL4hPzua}#}n
z?8{3+D8xyLgs)<~CW!5`eBFWrl{IlRlMDYiXZ}A6U7w1}$o&<MeK@LB{1yAf&+@V=
z2TlUy>~01=Bm^Q1pCJi)mU{F!u=24`+GI3QA3`#<-QHOM0$W%q{!8?b6O=))D+E}3
z5x&E)rgkg3JjI|V;i_}<YB)0k2+~DVIRV7YgEY<MgS_r?!iEQ`Ll%<57(2R{`Xo8{
zQPcxkB;Q5|{rVO`1FgsK&qB4y33jExoJ>E@M?d`M1}0k(OMq^iLxy(EN!8CisN>mD
z+B+b@od5hYGm+6(G-l6aP^(F04omnuJ~QiN_zrLtZ7WtS5mLf+pfwqO7Nt&kIPueU
zSk#0vUf(M(Aw>}R(nsj%@O^)}^-m+;m(Hwy0{|N1BfPzc-|{eA$j$eUWz;0gP%gtc
zUyJSoaS@Xs8+DXSSiTh4Yxg~h(Fn}9CWd)QsB$roWM<*_><z>i8MH&Wdz#?`kFQ$T
zN=E$o4#Ae_OWQu1&Eucx%6X1TmvcPWie24Vl3=?+dxl@&E|!OFBSHJM*gQ*Ququ$d
zh^)T1<2k^rZaHnZd|r2Wjq5hUmNeJg3nY-k-;*%XPW5t=XrCjxlZxvN-WOB>9Y7yP
zypp?NMf2%Oe|o4sQQu0`RM);FbY)s&S&8(Ya$d9XjaiHFc<|la&bJutgzBDX%Mlt9
z&{gY|qS+G9?rm+D&C7txvej~+QcUqAnq8-$IX9Z&J%5HDPQ|Dkau}TIxEN0prGhq(
ze*!B;tCx+6wWieWa}8GvG>PA!+jzW}L^}#SXbR6f^*FGn`KIC0skG9Tf7S|`;k49H
zUK^R+q8e0;lbg@LM}3Hb5rc)^rhc;Uvac7>W1jq5Esl**b=uuLb<vOn=Eq9XwU%L0
zGBl|AfFE&c74l-KXJV^s-7=5-zTv+6b8k$L9Az{vmoU&{9P+k?_;eA>R}4w<a^j(d
z>S}}+JO3n;+<`;3^=mo2Iv|PwJiNW}EpOZzPs3QIL4sa>(0;<Qe#xKZy5tT}rx{!R
zO<4+Co&;LG6w%x;fREM7gWfxDNJV#2gPu~5NRDMC_utL9p7Ls|=x`B8{Q&(gw4rBZ
zSYQi_58n`)b=Hi{;*Pn;sIa&-8{ZD9+W>hfDBRzOv7ucyomFS5f({RJr^Npba^XN2
zyv_&n=2?%%pYM3YOyM756PA0Z-98cr!qT4u)OjCZXgP>j*j|xjqf$tf<SY6}?mRS{
z;H1}qI<0a+a+cf$JL2lEw;x=$NlDVt9#T+WNVRgfw!jhyVUw+=O9%f3@2!=_?pCV~
zbn11JGk`|Jd1Vuw{YZ-+)I!u!5dy*TIb@z7JODLmB_XgB^S0Ll#fP=$e?P`8>}Vpm
zjR_UPX1MQTVtRDcy>uCF%s{V<4`JGX-$m<m!Q)=fFAE60RxPDMq|p<iU#$MEk__41
zfzXi2O?i}h)Bu{SFS{DE*F<&}%#I6LSeD7byd=!Uic}`fH@~J_*4wo&a}Es|A`5<)
z5v@=caxL~)zIXk4EoPhRrZBA9{CaA1JkS=>W}<$Qa5vt$9wtr}V_#NUI*p(F^N%?I
z&)c{3>0qm#(z$QA&DbLJ-8jx9>tiRu<oiup$G7V9eVzQJI=KH_KHy+AcvJrR^|{e=
zlOv~#;{63NVpCSdq9+saca^xdf@fdOcs4^7Zsk<t2AP0?B`x@|@wAD@p3ZN1Y%hC|
zr`P)e!uBQkvt(#bIu?U`8@Ht(^Tg-<B>pA>AAYjGDKuDMee)%%7eW)i2D4aRYd`mQ
z@axCKN5RuDYXfp4Hx9qcv4!uQ7pa=ADiH#dtd*RG+W4abrVyxSh0*WVuLnn5&QPn7
z5i$d-3)V?amr!sUr8Jb4*8wQbG=ti&7dbv8vK0cGW-k^PMTNqVu=Ux3FFmxIZekAf
z{U)l4Ca)lN9bVf&{h$=s&FG;wFJ`(}Y0mDF=l0Dymyk(U*bGs4JJaw<fZ4hbjmZ0p
z;RcJUavAZL^y=~d+|F12mvE}`M!FoUqOQ&0+*|GTDciBM?jRHe$d<d}G{Vw0#XfOl
z?;#}`4a!&i_bKG#%D3*|pr5(V0m)RNOKR-KPo*fi#3rysJ4I%w@6cwY#PTA!{~LF6
zVWMk_Kbah&5|i%h8(9#uR!=L$lhPnHtv$8o5~WBi!CKhlE}5xv>}*6#TouV`?%}<D
znDeWH5<ZK{=J`+D0FET$ZSL`^q#`XZCo-R({ZQ`M5YrFhEqt+zHR`{FcregDhTk&`
z>_{7!6os1~*?&NrPPi@MH@DKLqLslwWhVGSndl8Nt?bCLI@5RTaNJ-$WhVA)+?!54
z-{2^1;+6E02i!*mSgrirF76@#s~+F~3V9K~%+IZ{8%)OwJ(_HY0VjE%djIZ+ma%?D
zkOTCWoYhqT^X*=Fx3<y3XrecE^%ZQ9^U1D7y$oE2#r=S&v@ZQ{Ejs|U9rN`*-vsya
zn~vHizgCPvbz3cBt!a}Gi)vFn++1vN3HZ<ddGtJPFz*>&e;eV8yewIj;GE#6h8%cb
C^aWu6

literal 0
HcmV?d00001

diff --git a/env_secrets/caprover_prod.env b/env_secrets/caprover_prod.env
new file mode 100644
index 0000000000000000000000000000000000000000..32320d96f0416454bc586f7274f2306bf5181de9
GIT binary patch
literal 2286
zcmV<K2od)HM@dveQdv+`00d>N7*a|?98<GxJ)8+t59N6j9|5D*_N>E9$bBxIZ=yB7
z+<~Wte~_QG98qWc(;zr%OF!^17*u$467~zEYf6pnD)-L*)RP#U<?F$UDHsIjp4@Jg
zIm(arC^(Q-NA@qeaJ+}OtDPN&|J!lpm$E1AHAk3-8hO%Frraj9oO&D>+z_nD&+SHY
zhO~(L>IOf&g|;Us1i`pUaJvPx>-`Yg+NUN@4-ro>)elzt`<10_H_)|6){Sz69=IS>
z>5^v^_u@9<5EhU#8F;0Hgt*&AL3>0vr4kjQqV`IM0WI&HY57@;<$rb+?t9>&urz)s
zo+oN-Z3ziDyfF31%eG5qI77vi9l5OpzdM75#^&tZ5TP_eoMKeH=@_+FeVfdQX-V%>
zrkhPU^4aK5`JW-`-L7aRz!%7}%B}%g`zW+Fk*?GajDvY|EI)VD&e$H2Y@Q7{$81+L
zpPdD<!4CmEG#~Fbc4~^`c(=AP%1zSJVo<b^yA<JWIkv&zDkIZo<$A9uW}ock+9*IO
z@6mR3N#HiBz)T~35R8g~%2?0xKP%{j2hnmJ?8hAI+_8NwM-5n}tcqj=;AC&+^bg`9
zF^CFn7^#T;)WYOP=)~0*$Y9Vx^Ufj3RvXo>2mL)zr4)r&=CmxKmfv1F;V!t;0xK2r
z6;rRfB^llQVvwlij?oXZiDU(CCgrvn0@4%YlNy-+G6z}4PGel%_9ggb$jZR5uI<0w
zuar((4GV|^-vb@qi#tll?v1?T!e>12P+zkiUgk5lnUCXZ`yO)oncVo!sY-!}3G3z`
zk!Lc9xP}$m*I+1PtY9rO(To1?yb#<&ooa~oq?%vtckYdT*%BE#wn;e8OOoiz`FA-G
zgyZA9au5ocQp5uxHsP3XCeDm>9<AEr^nx#W?fl_n_6>AeD=KZc+un$MnKM`-HMtHJ
zx}_dbYQffZO54kALjosjB(5<2QL~!yZy;MR-^G33Ktj@_w|Jnk@)={LpCIa+Q}P+?
zPR6osAu*8+=kK7+s3oc+Q4pZ0i>QAo4&3>isHmKVU3Z<3iZBRbI?{<h6=b4{7y|Uw
zgLdDbQh94;y0Z$z;PLmDS0d)&@XoC0otW+4GXlGf`8U-l5YOCNa%ZAOe(!PPIZcWP
zkz5q2^W1A?J@(FX(~xIE0OG1FK^-1IyB18haj{<TNrr?(+f(B#(KwO#kwMNlA6;;s
zMJV21dwsIk!Oh;o8-U_?*AmXimt~M9f_%2;IQG>xnOkdz->021Rp8SMG?fxpn3~FY
z0Pu_(%9-iZ=9VPgiUv4uJBx9z5Cp?XQ{cxNQfn>>U=u$CfY>5DyItv`3*M}jT%r9?
zrK&4)sHFECZIZ=#DrAV@_4RBd_1rvalp%@%s}@#IyQvZ7vz)1_$m&k>Ncv!X_z?ld
z=bconi>0WL_|LVzC<tx*w|Jd>p7;>oM}b>R4bxM5b+tTyneVF7*>k%3o;*L()+{LA
z!wi%aa6$>bWoob(<v(6}Znb0{rG1ZVzOne2fqAW@yYy02CHBLhG9KDdlX_zRp0Nq^
z93pxTojH$H^hhhHS~a7LN{UUT6SlJh#|F;3scGbAjnv|d(^a{GV~T{#ms?yByfN%n
z>Ahy%&U}&WxlDlLs_i>-Fv`x3B|!iSc?6!XObymioP&>_5H;<QN-&@0-5BiV`Q)%E
zNf*JNsU-c4#vFti*bRrBNEmw#Xy%(Lob%N80~IK<skb}RzyXUFFbleo75jfaEn7rm
zpzxApauG-R<q$Gp`wyf%sD;P*AM22ydX=-&QcK{?nM%sC3&X+x15>&{_|v6GHM*xf
zW-nLU&vhNRe03CAV>t+@$$)#U>gJOZGQ->*Q4<vMHAKBT+IbO80=_Eo?krh6&j(M5
zK)pOyh?;>4!Mu`)ZmQkhFp3tBIwwCpZAufYCfPZTH{v0I;GH^}BLp_!t*EiM0dE=^
zX#lt$=Ly6{!a+j#E@f~TV}f<2q$aTE?7K98f1PgrLm=)yh==#?&GZYQeGg}f)3*u`
zqFouBIyOmOEF3&YiM!)NQCy%#6{BN~W7a{nEO_^cxQtj7b2j+kT_o=rZwaGqnzI-S
zD}q9gg$m@b5Vx%KJ@@^^4PQPsRR-wHBbEJ_KHi=&<gzqxyi_wmL8GGbhF^qChcjib
zPL)p=$+XQRHq|hGQQ6+Rit>^*c^!Lr7Ij?PQoCTPWG_SLs?X04#%SF0PA7X?S--*V
zaQ+|e@bY(_JKg3{Q7+OgZ_(;M{d$cAH$k|3Ak7M&*pR&P2Jx(Cfy#5*3RP<TbV4B!
zz00#ia-+@jW@frEfeis%iX(?{R_QR}#-yb-&a0xZ0uSV9Iqy{`cLF-~_qXu0a}sL(
z=SqI92WR`HCgWel$-wN5Z4F={>+$5gt3iLLU=^t(f3Ti%qKvmCW8P2E!x7CRG!%(W
zCClHaNw_s9?Iste#PeA7*^tdg%6m$>Xa7c8ue~9H>Dl~LW(+NcCc#l~SOEV)je$A~
z&d=5z3ZO~ks^lTRCJS?U*i5k6Gq+=3cUU!IuJWl1ZsNR+@A6r_SpA#mMt<k~K)ml5
z;r$AeNAl3>p{Aw!;?bPtU_1Av^wbaSGo5rmZM#G<qej+hM^6wzxF~Q5`FdP$uFkE<
zE;*+l?k01f<M_Y{BcZC0J@%wus<)ec3n9Tq$B~Gg|0$Ni>KF+W>JS?PW!EQov+`tv
zgwJ@L<25&=_jG?-3kzcFPs>c8WV*jtBv7uK*&rx8Ni)&j{w|7rp@LfP;k0i>d}1Kv
zR%)Y{cXcO|n9W|JpMaR*qQ*jo&;R6L4S{714`ldG&q<7xiKm=xy<2*fE((s_E1Q1(
z;^A!3){ezx%kctO#*c_!f9+YQA(Hig&#5XqOK)*`zBJn9y8@Ae1-^M49*+Rb`we(j
zgd@uQAs8X)Wth@^-B4v?>mu^qikd)C#lz!JodHv3+}8(OmUb0pLTSs)>EYTun1C>U
I%H+8N7)d*bzW@LL

literal 0
HcmV?d00001

diff --git a/env_secrets/caprover_stage.env b/env_secrets/caprover_stage.env
new file mode 100644
index 0000000000000000000000000000000000000000..d0b3898005fd356570f7cb76da1ec60e43664b07
GIT binary patch
literal 2299
zcmV<X2n6>4M@dveQdv+`0F6mm<zt>`7C9kxS;lN75wT`Klv3VeQtI&5sUjGt(+L@f
z+z6v*9q{qM-h<04Pq7J(xer9ehk_<pn&RU>!$xVIf0esC1y(|-*Crh~T?;zZc-S8r
zyXhj1g;gR-m<`g#;6qZ!XSUl?tJSCyOstp)p`Y@>Ny>wK5RD~{WiqbWwXT@r-z=dS
zX#jhbm^EG_d~_`)-@msvgmk0pW)JS)Cj>q~*BGZUzAL7BIKj2TlaC@K;7>(cklL@|
z^eQ(sW0TVQcKy0ihO!$8t23~%Dhoay2Q>fUclHz1V}0tDmBSq;T&v<B0Jlm-k#*J#
zxXuCis%Wr)aq5%_+NnJre6+{go^_Cw{qERf6zJ=G;coKlG|nt5G(ceR5HwbSU9}=o
z&e|w%rgl2rIzM3aMZF{v=Lq0m-)0U_wRjVeG~9hS3T>$AuDAC_duNZc^#{u@DS#Jn
zaT72uV^4UetV)S`SzM_ff;((8gRFVUad0UBJ}I%IqFrUvK(`btS8DD1l>#=eS-~z2
z`K6?rD{c{*i_zebT_qzU+rqr=NcB9ri+8Zjyy&RfaV&6<bXb(YWxT<(^lSXGQAiWe
zxNG=4k-s4B2>t@s2tK@E`#`;HURP`@Igup!{!U6mSYHDZ$%uTg@3C?U>X21PQ#D%O
zJG{`2s{}Ce(XsN0d8AW<#Jru<DF1QH0J=Npp{`v)Y9_P}Z1uZv<6I=)S<i}`_R5}F
z$}_PCoFofhC8%COIh^#pC}OD7T=8lyeWuh1u|r{ZaWwdXJa{_M6E-DLuy++T?u98F
zkMrvWbdUa&89vz_4>B{EPk}^^d3YH-Tw$u~8gyI~X3aBU?@{0sK#bn}Z^!d*j&yWj
zjK+uVT#4LAaD9;9p~Y(Y;W5=IOKe|`-C#8aeQ4$y16${FZy8i1_C2WJO6Gc~v$J2B
zR<J_tvzOi)C3o)e?jJgqR`lUfsg~<&{4uXHTPe&Fb1X@E!?4;onP=)HX@y&4o<IJA
zLu{BG{Low-CoS%=w5XxZ$y>Q(K}C}U0}i7>k)LHye8Rouued4q`^_8?imE?!)QGkQ
zS_PllKb?Z}%Z#g=3-<z48lYnB160g0QqI|PSB^t%5XO%xv6WnBcS8_aT~ok`OIV+6
z>2^=V8S4vbSaGVQxLn`I+o~)zmu`3X(@f2h)gaZD>Asi)1P^7{@sAyx1}`P)X(t#9
z7x~ULOG_tE;F{#M@d9ZU+n3O1>3J8+N=$TPNstcDlP!QiW_IHNHz2w9T0f4f&^55C
zyyEG<BQ5$2Ono;@od;;X)fJTXo;^DP(;60hW;2?mW6lVTP=cc9T@&x#b1Jbw6&AGE
zeIrmXF7K|;58=uWrabNU<dgS|b`b<>4zJ~BeZwWGihb6QDR-UBf%de>#PQWz?$Aqs
zHH+7}u&(oV)?6*mnAWQW5~L<!?;@M6brQ2PRT0fAL!%k4l(<gtZr=hGT5iTkIX=p|
z6)C#NxAurt@La5S@Q@7sIz#4+;0UK;C5Pf}82G65dXD&4s>)E-QS>uiu*9g%<pR5Z
zHiT9OgX`<>6=<$o7)hBcT&p0TdHON57pasENCVHBN2_AmMv4dHyb+(fUt8#_b~gu>
z;z?bEXst~Fr)8Dzi<I_7hv$Volp>t$#}!{N*r4;<1l6aX*CIl?E0bmq<6SoWxDkH{
z^yluLI7}2zn@i*YmVcB;%*Jo%w&uKP+s2Q_C8{MyeD{pGpT*viNMs6A;(S~A>fBbA
z<Mg|%33<pYlRv~Wqzj5p-1IZ;<<tSYXKJ*3B8`Sx8dN<uU-4cY0`tT_pn*Z6Qt~}H
zX`F;(Cl9>*tzPK3a!8eNNsVy#8RRFXO;&b<fN3P65FT*KLyOj=C#0haAi(u-OC7w6
z*2-XbFen{q3RayW>D0mZ!Jmy*Eqa`&_BMGY(3jIv%<id5z^XDKljp%f^ECG%9GIw#
zvFV6s)j4x8;SiW&Oco#ZZqD_j$S;te9ApUDnHS{L{)H{P(_+vRI=Fn6Dqyc}xV*{+
zo$pC|Hl9j_zv$5jl9bFD)`5B@!P9{|)y@VS*JpYsxzuY5Kg33*I834-u5k=rGqA#^
zKYtvh`4P^P`d(X77dh!vDU{&eC{n90*8RdntjHZ6A-U$3wee&jrw_*|S$5zg66mp#
zS8j9j1D#&TW)=xG<$+oz3(0L{zBj>dIakFFO+L*`rB4QAA4O`w*WHxo-V|$*8KxPH
zW*LHox{Sfv!{<nXDAEh{W0Ckp1sMpKm=~=Lc&qIib}Cv;%y5~()6hugM!P)+a4(D7
zqdJBs2zTK0B?kme2|8QLLw0_*B$~JPEVG-8W<AMBO?}-(P(C@siz;cS7UC>dh2XfI
zf25ZW(`<Zyn_yX?bw&Jmadr`3=?)3(SM}_E8YOh9f^6d~{mesL@gj$tn3Yy33ylAK
zi-DYTRL)IIc$|w9J?d2JX}+B8ojM)y(YH5UDfOfD-LoNjEdaSl%s&|Dj?6tYVnOY-
z#fzJkwgrfqdg7lqKJen%`9-TSOt0;1U@MbrxXhM!&I_WBC;jMF2t$>-Hp$Z0bd6G^
zXR*Oy+^h_A9&(|>$;Gsd8%TF1_U67+<U%8e0&hKw?Ul^qXu_ICx3<3*ko}uu=2o5`
z3B4OB@=5!B3tK;Wp)NW$nat(Lg3MwjFOMtQ+n$!w#WdSHfZ)$6wx3`+)f&TvcYEf`
z;H))*CD;vw`K3VEIp7e%g#AD2O&e;vhOKXA_C?IK<Ib02vlqAKVcH}kazEhZmM1^t
z=n_1_f+kQiHof2Q^asA2cY#OG`r}ZcyIx<_re&-G<k-V$ZtULnZ>`lll1<THAmTRd
ziD7mMpx-i4W>0R?Hx<*U!{N_a@iVtyHqnF6mo!)OMGuU2_&E@_QB3Vp`o#CJ@KQ~Q
z(4dnSm%e^g+v+F)W%iSlz!cK3c-0It>@90w#BVy%u-x9wpr^!EU-XYfMOB5*JE|y^
VOFO@_1G}j&zrId(;2!?`ag!}df+qj~

literal 0
HcmV?d00001

diff --git a/git-crypt-encrypted-files.txt b/git-crypt-encrypted-files.txt
index dd4c2af7..1720be9a 100644
--- a/git-crypt-encrypted-files.txt
+++ b/git-crypt-encrypted-files.txt
@@ -1,3 +1,7 @@
-    encrypted: env_secrets/caprover.env
-    encrypted: env_secrets/production.env
+    encrypted: env_secrets/caprover_dev.env
+    encrypted: env_secrets/caprover_prod.env
+    encrypted: env_secrets/caprover_stage.env
+    encrypted: env_secrets/local_chrigu.env
+    encrypted: env_secrets/local_daniel.env
     encrypted: env_secrets/local_lorenz.env
+    encrypted: env_secrets/production.env
diff --git a/server/config/settings/base.py b/server/config/settings/base.py
index b6315517..9fd92a30 100644
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@@ -574,7 +574,7 @@ if APP_ENVIRONMENT == "development":
     # https://django-extensions.readthedocs.io/en/latest/installation_instructions.html#configuration
     INSTALLED_APPS += ["django_extensions"]  # noqa F405
 
-if APP_ENVIRONMENT in ["production", "caprover"]:
+if APP_ENVIRONMENT in ["production", "caprover"] or APP_ENVIRONMENT.startswith("caprover"):
     # SECURITY
     # ------------------------------------------------------------------------------
     # https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header