Configuration

Fujin uses a fujin.toml file at the root of your project for configuration. Below are all available configuration options.

app

The name of your project or application. Must be a valid Python package name.

version

The version of your project to build and deploy. If not specified, automatically parsed from pyproject.toml under project.version.

python_version

The Python version for your virtualenv. If not specified, automatically parsed from .python-version file. This is only required if the installation mode is set to python-package

requirements

Optional path to your requirements file. This will only be used when the installation mode is set to python-package

versions_to_keep

The number of versions to keep on the host. After each deploy, older versions are pruned based on this setting. By default, it keeps the latest 5 versions, set this to None to never automatically prune.

build_command

The command to use to build your project’s distribution file.

distfile

Path to your project’s distribution file. This should be the main artifact containing everything needed to run your project on the server. Supports version placeholder, e.g., dist/app_name-{version}-py3-none-any.whl

installation_mode

Indicates whether the distfile is a Python package or a self-contained executable. The possible values are python-package and binary. The binary option disables specific Python-related features, such as virtual environment creation and requirements installation. fujin will assume the provided distfile already contains all the necessary dependencies to run your program.

release_command

Optional command to run at the end of deployment (e.g., database migrations) before your application is started.

secrets

Optional secrets configuration. If set, fujin will load secrets from the specified secret management service. Check out the secrets page for more information.

adapter

The secret management service to use. The currently available options are bitwarden, 1password, doppler

password_env

Environment variable containing the password for the service account. This is only required for certain adapters.

Webserver

Web server configurations.

type

The reverse proxy implementation to use. Available options:

  • fujin.proxies.caddy (default)

  • fujin.proxies.nginx

  • fujin.proxies.dummy (disables proxy)

upstream

The address where your web application listens for requests. Supports any value compatible with your chosen web proxy:

  • HTTP address (e.g., localhost:8000 )

  • Unix socket caddy (e.g., unix//run/project.sock )

  • Unix socket nginx (e.g., http://unix:/run/project.sock )

certbot_email

Required when Nginx is used as a proxy to obtain SSL certificates.

statics

Defines the mapping of URL paths to local directories for serving static files. The syntax and support for static file serving depend on the selected reverse proxy. The directories you map should be accessible by the web server, meaning with read permissions for the www-data group; a reliable choice is /var/www.

Example:

fujin.toml
[webserver]
upstream = "unix//run/project.sock"
type = "fujin.proxies.caddy"
statics = { "/static/*" = "/var/www/myproject/static/" }

processes

A mapping of process names to commands that will be managed by the process manager. Define as many processes as needed, but when using any proxy other than fujin.proxies.dummy, a web process must be declared.

Example:

fujin.toml
[processes]
web = ".venv/bin/gunicorn myproject.wsgi:application"

Note

Commands are relative to your app_dir. When generating systemd service files, the full path is automatically constructed. Refer to the apps_dir setting on the host to understand how app_dir is determined. Here are the templates for the service files:

Host Configuration

ip

The IP address or anything that resolves to the remote host IP’s. This is use to communicate via ssh with the server, if omitted it’s value will default to the one of the domain_name.

domain_name

The domain name pointing to this host. Used for web proxy configuration.

user

The login user for running remote tasks. Should have passwordless sudo access for optimal operation.

Note

You can create a user with these requirements using the fujin server create-user command.

envfile

Path to the production environment file that will be copied to the host.

env

A string containing the production environment variables, ideal for scenarios where most variables are retrieved from secrets and you prefer not to use a separate file.

Important

envfile and env are mutually exclusive—you can define only one.

apps_dir

Base directory for project storage on the host. Path is relative to user’s home directory. Default: .local/share/fujin. This value determines your project’s app_dir, which is {apps_dir}/{app}.

password_env

Environment variable containing the user’s password. Only needed if the user cannot run sudo without a password.

ssh_port

SSH port for connecting to the host. Default to 22.

key_filename

Path to the SSH private key file for authentication. Optional if using your system’s default key location.

aliases

A mapping of shortcut names to Fujin commands. Allows you to create convenient shortcuts for commonly used commands.

Example:

fujin.toml
[aliases]
console = "app exec -i shell_plus" # open an interactive django shell
dbconsole = "app exec -i dbshell" # open an interactive django database shell
shell = "server exec --appenv -i bash" # SSH into the project directory with environment variables loaded

hooks

Run custom scripts at specific points with hooks. Check out the hooks page for more information.

Example

This is a minimal working example.

app = "fujin-cli"
build_command = "uv build && uv pip compile pyproject.toml -o requirements.txt"
distfile = "dist/bookstore-{version}-py3-none-any.whl"
requirements = "requirements.txt"
release_command = "bookstore migrate"
installation_mode = "python-package"
python_version = "3.12"

[webserver]
upstream = "unix//run/bookstore.sock"
type = "fujin.proxies.caddy"

[processes]
web = ".venv/bin/gunicorn bookstore.wsgi:application --bind unix//run/bookstore.sock"

[aliases]
shell = "server exec --appenv -i bash"

[host]
user = "root"
domain_name = "bookstore.com"
envfile = ".env.prod"
app = "bookstore"
version = "0.0.1"
build_command = "just build-bin"
distfile = "dist/bin/bookstore-{version}"
release_command = "bookstore migrate"
installation_mode = "binary"

[webserver]
upstream = "localhost:8000"
type = "fujin.proxies.caddy"

[processes]
web = "bookstore prodserver"

[aliases]
shell = "server exec --appenv -i bash"

[host]
user = "root"
domain_name = "bookstore.com"
envfile = ".env.prod"