ConfigLMM 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8e1dcd8d8d61d199700f39e2298c45ffaedfcb12822a833ebd16423120c4526c
+  data.tar.gz: ea7e2be4c9ea59a2babe325a8d63c1440aae67f147106d4b30e17839c0d6abda
+SHA512:
+  metadata.gz: 32fcd1db26c56ce7787a4515ce1d653cf96cf9a812f56ac7bcaa94465bcad4fa0a3082f2420cf6bdea7ae7b8e6229c8d416b3be7e4157eb37d3ea11cd4c7a42c
+  data.tar.gz: fcd652884fe0f191739e830315da87f066507fd719e38b60bdfeb35030116de97ac9eaabf913b9e75f2e33c95a85dafc77539eba985be6968a80f136d545c186

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.yardopts

@@ -0,0 +1,4 @@
+--markup markdown
+bin/*.rb
+-
+*.md

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2024-06-06
+
+- Initial release

data/Examples/Android.mm.yaml

@@ -0,0 +1,8 @@
+Phone:
+    Type: Android
+    Settings:
+        HomeScreen: With App drawer
+    Apps:
+        - Duolingo
+    Remove:
+        - CandyCrush

data/Examples/Apps/Blog.mm.yaml

@@ -0,0 +1,7 @@
+_CONTEXT_:
+    Dislikes:
+        - Big Tech
+
+Blog:
+    Type: CloudBlog
+    Feature: User Management

data/Examples/Apps/Jellyfin.mm.yaml

@@ -0,0 +1,3 @@
+Jellyfin:
+    Type: Jellyfin
+    Domain: jellyfin.example.org

data/Examples/Implemented.mm.yaml

@@ -0,0 +1,155 @@
+
+# https://porkbun.com/
+Porkbun:
+    Type: PorkbunDNS
+    DNS:
+        example.org:
+            '@': A=@me # `@me` means use current hosts external IP
+
+# https://www.tonic.to/
+Tonic:
+    Type: TonicDNS
+    Domain: example.to
+    Nameservers:
+        ns.example.org: 192.168.5.5
+
+# https://www.powerdns.com/
+PowerDNS:
+    Type: PowerDNS
+    # Location: pdns://dns.example.org:8081/
+    # Location: ssh://server/?host=localhost&port=8081
+    Location: ssh://server/
+    Settings:
+        version-string: anonymous
+        api: yes
+        expand-alias: yes
+        resolver: 127.0.0.53
+        default-soa-content: ns.example.org. contact.example.org. 0 10800 3600 604800 3600
+    DNS:
+        example.org:
+            '@': A=@me
+            ns: A=192.168.5.5
+
+# https://www.godaddy.com/
+GoDaddy:
+    Type: GoDaddyDNS
+    DNS:
+        example.org:
+            '@': A=@me
+            Wiki: CNAME=@ # `@` means point it to the domain root (ie. example.org)
+            ipv6:
+                - AAAA=2606:2800:21f:cb07:6820:80da:af6b:8b2c
+                - AAAA=2606:2800:21f:cb07:6820:80da:af6b:0153
+
+Linux:
+    Type: Linux
+    Hosts:
+        127.0.0.1:
+            - example.org
+
+# https://www.arubanetworks.com/
+ArubaInstant:
+    Type: ArubaInstant
+    Location: user@aruba.example.org
+    CertificateName: Aruba
+
+# https://github.com/JustArchiNET/ArchiSteamFarm
+ArchiSteamFarm:
+    Type: ArchiSteamFarm
+    Domain: ASF.example.org
+
+# https://bitmagnet.io/
+Bitmagnet:
+    Type: Bitmagnet
+    Domain: bitmagnet.example.org
+
+# https://github.com/gollum/gollum
+Gollum:
+    Type: Gollum
+    Domain: gollum.example.org
+
+# https://grafana.com/
+Grafana:
+    Type: NginxProxy
+    Domain: grafana.example.org
+    Proxy: unix:/run/grafana/grafana.sock
+    Private: yes
+
+# https://ipfs.tech/
+IPFS:
+    Type: IPFS
+    Domain: IPFS.example.org
+
+# https://www.influxdata.com/
+InfluxDB:
+    Type: InfluxDB
+    Domain: influx.example.org
+
+# https://github.com/Jackett/Jackett/
+Jackett:
+    Type: Jackett
+    Domain: jackett.example.org
+
+# https://jellyfin.org/
+Jellyfin:
+    Type: Jellyfin
+    Domain: jellyfin.example.org
+
+# https://github.com/mastodon/mastodon
+Mastodon:
+    Type: Mastodon
+    Domain: mastodon.example.org
+
+# https://matrix.org/
+Matrix:
+    Type: Matrix
+    Domain: matrix.example.org
+
+# https://www.netdata.cloud/
+Netdata:
+    Type: Netdata
+    Domain: netdata.example.org
+
+# https://nextcloud.com/
+Nextcloud:
+    Type: Nextcloud
+    Domain: nextcloud.example.org
+
+# https://www.odoo.com/
+Odoo:
+    Type: Odoo
+    Domain: odoo.example.org
+
+# https://pterodactyl.io/
+Pterodactyl:
+    Type: Pterodactyl
+    Domain: pterodactyl.example.org
+
+# https://pterodactyl.io/
+Wings:
+    Type: Wings
+    Domain: wings.example.org
+
+# https://www.qbittorrent.org/
+qBittorrent:
+    Type: NginxProxy
+    Domain: qBittorrent.example.org
+    Proxy: http://127.0.0.1:7777
+    Private: yes
+
+# https://github.com/AnalogJ/scrutiny
+Scrutiny:
+    Type: NginxProxy
+    Domain: scrutiny.example.org
+    Proxy: http://127.0.0.1:7080
+    Private: yes
+
+# https://app.lizardbyte.dev/Sunshine/
+Sunshine:
+    Type: Sunshine
+    Domain: sunshine.example.org
+
+# https://github.com/dani-garcia/vaultwarden
+Vaultwarden:
+    Type: Vaultwarden
+    Domain: vaultwarden.example.org

data/Examples/Keys.ini

@@ -0,0 +1,7 @@
+ARUBA_INSTANT_PASSWORD=
+GITHUB_TOKEN=
+GODADDY_SECRET=
+PORKBUN_API_KEY=
+PORKBUN_SECRET_API_KEY=
+POWERDNS_API_KEY=
+TONIC_PASSWORD=

data/Examples/Linux.mm.yaml

@@ -0,0 +1,16 @@
+Linux:
+    Type: ArchLinux
+    Apps:
+        - fish
+        - vim
+    Users:
+        - user1:
+            Admin: Yes
+            Shell: fish
+        - user2:
+            Admin: Yes
+            Shell: fish
+            Comment: Other user
+    Hosts:
+        127.0.0.1:
+            - example.org

data/Examples/Windows.mm.yaml

@@ -0,0 +1,11 @@
+Computer:
+    Type: Windows
+    Managed: yes
+    Apps:
+        - Steam
+        - Fortnite
+        - Roblox
+        - Minecraft
+        - Firefox
+    Remove:
+        - Chrome

data/Examples/configlmmAuth.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage $0 <cmd> <key file> <config file>"
+    exit 1
+fi
+
+cmd="$1"
+keysFile="$2"
+configFile="$3"
+
+if [ ! -f "$keysFile" ]; then
+    echo "Provided key file '$keysFile' doesn't exist!"
+    exit 1
+fi
+
+if [[ ${keysFile:0:2} != "./" ]]; then
+    keysFile="./$keysFile"
+fi
+
+export $(grep -v '^#' "$keysFile" | xargs -d '\n')
+
+echo "Deploying..."
+
+ruby configlmm $cmd $configFile
+

data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb

@@ -0,0 +1,38 @@
+
+upstream archi_steam_farm {
+    server 127.0.0.1:1242;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    root        /opt/ArchiSteamFarm-bin/www;
+
+    access_log  /var/log/nginx/ArchiSteamFarm.access.log;
+    error_log   /var/log/nginx/ArchiSteamFarm.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location ~* /Api/NLog {
+        proxy_pass http://archi_steam_farm;
+
+        include config/proxy.conf;
+    }
+
+    location / {
+        proxy_pass http://archi_steam_farm;
+
+        include config/proxy.conf;
+    }
+}

data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb

@@ -0,0 +1,19 @@
+
+module ConfigLMM
+    module LMM
+        class ArchiSteamFarm < Framework::NginxApp
+
+            def actionArchiSteamFarmBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'ArchiSteamFarm', id, target, state, context, options)
+            end
+
+            def actionArchiSteamFarmDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/IPFS/IPFS.conf.erb

@@ -0,0 +1,44 @@
+
+upstream ipfs_api {
+    server 127.0.0.1:5001;
+}
+
+upstream ipfs_gateway {
+    server 127.0.0.1:5080;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/ipfs.access.log;
+    error_log   /var/log/nginx/ipfs.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    rewrite ^/$ /webui/ last;
+
+    location / {
+        proxy_pass http://ipfs_gateway;
+        proxy_read_timeout 180s;
+
+        include config-lmm/proxy.conf;
+    }
+
+    location ~ ^/(webui|api)/ {
+        proxy_pass http://ipfs_api;
+
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/IPFS/IPFS.lmm.rb

@@ -0,0 +1,23 @@
+
+module ConfigLMM
+    module LMM
+        class IPFS < Framework::NginxApp
+
+            def actionIPFSBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'IPFS', id, target, state, context, options)
+            end
+
+            def actionIPFSDiff(id, target, activeState, context, options)
+                # TODO
+            end
+
+            def actionIPFSDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb

@@ -0,0 +1,34 @@
+
+upstream influxdb {
+    server 127.0.0.1:8086;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/influxdb.access.log;
+    error_log   /var/log/nginx/influxdb.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass http://influxdb;
+        include config-lmm/proxy.conf;
+    }
+
+    location /api {
+        proxy_pass http://influxdb;
+        include config-lmm/proxy.conf;
+    }
+}

data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb

@@ -0,0 +1,19 @@
+
+module ConfigLMM
+    module LMM
+        class InfluxDB < Framework::NginxApp
+
+            def actionInfluxDBBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'InfluxDB', id, target, state, context, options)
+            end
+
+            def actionInfluxDBDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Jackett/Jackett.conf.erb

@@ -0,0 +1,38 @@
+
+upstream jackett {
+    server 127.0.0.1:9117;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/jackett.access.log;
+    error_log   /var/log/nginx/jackett.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass http://jackett;
+
+        include config-lmm/proxy.conf;
+    }
+
+    location /api/v2.0/ {
+        proxy_read_timeout 10m;
+        proxy_pass http://jackett;
+
+        include config/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Jackett/Jackett.lmm.rb

@@ -0,0 +1,19 @@
+
+module ConfigLMM
+    module LMM
+        class Jackett < Framework::NginxApp
+
+            def actionJackettBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Jackett', id, target, state, context, options)
+            end
+
+            def actionJackettDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb

@@ -0,0 +1,59 @@
+
+
+upstream jellyfin {
+    server 127.0.0.1:8096;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/jellyfin.access.log;
+    error_log   /var/log/nginx/jellyfin.error.log;
+
+    include config-lmm/errors.conf;
+    include config-lmm/ssl.conf;
+
+    location = / {
+        return 302 /web/;
+    }
+
+    # Don't expose this publicly
+    location = /Startup/ {
+        return 401;
+    }
+
+    location / {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://jellyfin;
+
+        include config-lmm/proxy.conf;
+
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+    }
+
+    location = /web/ {
+        proxy_pass http://jellyfin/web/index.html;
+        include config-lmm/proxy.conf;
+    }
+
+    location /socket {
+        # Proxy Jellyfin Websockets traffic
+        proxy_pass http://jellyfin;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb

@@ -0,0 +1,23 @@
+
+module ConfigLMM
+    module LMM
+        class Jellyfin < Framework::NginxApp
+
+            def actionJellyfinBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Jellyfin', id, target, state, context, options)
+            end
+
+            def actionJellyfinDiff(id, target, activeState, context, options)
+                # TODO
+            end
+
+            def actionJellyfinDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Mastodon/Mastodon.conf.erb

@@ -0,0 +1,81 @@
+
+upstream mastodon {
+    server unix:///run/mastodon.sock fail_timeout=0;
+}
+
+upstream mastodon-streaming {
+    # Instruct nginx to send connections to the server with the least number of connections
+    # to ensure load is distributed evenly.
+    least_conn;
+
+    server 127.0.0.1:4000 fail_timeout=0;
+    # Uncomment these lines for load-balancing multiple instances of streaming for scaling,
+    # this assumes your running the streaming server on ports 4000, 4001, and 4002:
+    # server 127.0.0.1:4001 fail_timeout=0;
+    # server 127.0.0.1:4002 fail_timeout=0;
+}
+
+# proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/mastodon.access.log;
+    error_log   /var/log/nginx/mastodon.error.log;
+
+    client_max_body_size 99M;
+
+    include config-lmm/errors.conf;
+
+    # proxy_redirect off;
+    # proxy_cache CACHE;
+    # proxy_cache_valid 200 7d;
+    # proxy_cache_valid 410 24h;
+    # proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    # add_header X-Cached $upstream_cache_status;
+
+    root /var/lib/mastodon/public;
+
+    location / {
+        try_files $uri @mastodon;
+    }
+
+    location @mastodon {
+        proxy_pass http://mastodon;
+        include config-lmm/proxy.conf;
+    }
+
+    location ~ ^/assets|avatars|emoji|headers|packs|shortcuts|sounds/ {
+
+        add_header Cache-Control "public, max-age=2419200, must-revalidate";
+        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+        try_files $uri =404;
+    }
+
+    location ~ ^/system/ {
+        add_header Cache-Control "public, max-age=2419200, immutable";
+        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+        #add_header X-Content-Type-Options nosniff;
+        add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
+        try_files $uri =404;
+    }
+
+    location ^~ /api/v1/streaming {
+
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_pass http://mastodon-streaming;
+        include config-lmm/proxy.conf;
+    }
+
+}