ConfigLMM 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e1dcd8d8d61d199700f39e2298c45ffaedfcb12822a833ebd16423120c4526c
-  data.tar.gz: ea7e2be4c9ea59a2babe325a8d63c1440aae67f147106d4b30e17839c0d6abda
+  metadata.gz: a8ee6e7ca0b1e3cf4dd9e1007aa696d763ab522c2c1cfc4a401e55ccdeefc4e3
+  data.tar.gz: 71c10651774b7c6ce347cf3fe9bc2df08ca388244ad8cf0cdbaa77c1f8beb1a7
 SHA512:
-  metadata.gz: 32fcd1db26c56ce7787a4515ce1d653cf96cf9a812f56ac7bcaa94465bcad4fa0a3082f2420cf6bdea7ae7b8e6229c8d416b3be7e4157eb37d3ea11cd4c7a42c
-  data.tar.gz: fcd652884fe0f191739e830315da87f066507fd719e38b60bdfeb35030116de97ac9eaabf913b9e75f2e33c95a85dafc77539eba985be6968a80f136d545c186
+  metadata.gz: 17cc1304b94186312fd2c25779234ba4c0354c8dfcc971eeff5d000ebdb1d29138f7decfa5f175f154cbc1174d6e3b5ef3f7077caa8013d53a493c8c2a7ccf7d
+  data.tar.gz: 50b169c6147cbd7b02da3e0fc3b264b09271bb83813330196a546da4d976c5071b2d53e534e47512fca85927ea5201e1f085b10601febcfaacf0d41ffec7c362

data/CHANGELOG.md

@@ -1,5 +1,36 @@
-## [Unreleased]
+
+## [0.2.0] - 2024-07-19
+
+- openSUSE - https://www.opensuse.org/
+- libvirt - https://libvirt.org/
+- More Linux configs (including SSH)
+- postfix - https://www.postfix.org/
+- PostgreSQL - https://www.postgresql.org/
 
 ## [0.1.0] - 2024-06-06
 
 - Initial release
+- PorkbunDNS - https://porkbun.com/
+- TonicDNS - https://www.tonic.to/
+- PowerDNS - https://www.powerdns.com/
+- GoDaddy - https://www.godaddy.com/
+- Linux
+- ArubaInstant - https://www.arubanetworks.com/
+- ArchiSteamFarm - https://github.com/JustArchiNET/ArchiSteamFarm
+- Bitmagnet - https://bitmagnet.io/
+- Gollum - https://github.com/gollum/gollum
+- Grafana - https://grafana.com/
+- IPFS - https://ipfs.tech/
+- InfluxDB - https://www.influxdata.com/
+- Jackett - https://github.com/Jackett/Jackett/
+- Jellyfin - https://jellyfin.org/
+- Mastodon - https://github.com/mastodon/mastodon
+- Matrix - https://matrix.org/
+- Netdata - https://www.netdata.cloud/
+- Nextcloud - https://nextcloud.com/
+- Odoo - https://www.odoo.com/
+- Pterodactyl - https://pterodactyl.io/
+- qBittorrent - https://www.qbittorrent.org/
+- Scrutiny - https://github.com/AnalogJ/scrutiny
+- Sunshine - https://app.lizardbyte.dev/Sunshine/
+- Vaultwarden - https://github.com/dani-garcia/vaultwarden

data/Examples/Implemented.mm.yaml

@@ -43,9 +43,32 @@ GoDaddy:
 
 Linux:
     Type: Linux
+    Location: qemu:///session
+    AlternativeLocation: ssh://example.org/
+    Distro: openSUSE Leap
+    CPU: 2
+    RAM: 4 GiB
+    Storage: 30 GiB
+    Domain: example.org
     Hosts:
         127.0.0.1:
             - example.org
+    Apps:
+        - sshd
+        - fish
+        - vim
+    Users:
+        root:
+            Shell: fish
+            AuthorizedKeys:
+                - ~/.ssh/id_ed25519.pub
+    SSH:
+        Config:
+            Example:
+                User: root
+                HostName: example.org
+    Sysctl:
+        vm.overcommit_memory: 1
 
 # https://www.arubanetworks.com/
 ArubaInstant:
@@ -63,6 +86,10 @@ Bitmagnet:
     Type: Bitmagnet
     Domain: bitmagnet.example.org
 
+Dovecot:
+    Type: Dovecot
+    Location: ssh://example.org/
+
 # https://github.com/gollum/gollum
 Gollum:
     Type: Gollum
@@ -120,6 +147,20 @@ Odoo:
     Type: Odoo
     Domain: odoo.example.org
 
+# https://www.postfix.org/
+Postfix:
+    Type: Postfix
+    Location: ssh://example.org/
+    AlternativePort: 2525
+    ForwardAll: example.com
+    Settings:
+        inet_interfaces: $myhostname, localhost
+
+PostgreSQL:
+    Type: PostgreSQL
+    Location: ssh://example.org/
+    ListenAll: yes
+
 # https://pterodactyl.io/
 Pterodactyl:
     Type: Pterodactyl
@@ -149,6 +190,11 @@ Sunshine:
     Type: Sunshine
     Domain: sunshine.example.org
 
+# https://valkey.io/ (Redis fork)
+Valkey:
+    Type: Valkey
+    Location: ssh://example.org/
+
 # https://github.com/dani-garcia/vaultwarden
 Vaultwarden:
     Type: Vaultwarden

data/Examples/Keys.ini

@@ -1,6 +1,8 @@
 ARUBA_INSTANT_PASSWORD=
 GITHUB_TOKEN=
 GODADDY_SECRET=
+LINUX_ROOT_PASSWORD=
+LINUX_ROOT_PASSWORD_HASH=
 PORKBUN_API_KEY=
 PORKBUN_SECRET_API_KEY=
 POWERDNS_API_KEY=

data/Examples/Linux.mm.yaml

@@ -1,16 +1,27 @@
 Linux:
-    Type: ArchLinux
+    Type: Linux
+    Distro: ArchLinux
     Apps:
         - fish
         - vim
     Users:
-        - user1:
+        user1:
             Admin: Yes
             Shell: fish
-        - user2:
+            AuthorizedKeys:
+                - ~/.ssh/id_ed25519.pub
+        user2:
             Admin: Yes
             Shell: fish
             Comment: Other user
+    Domain: example.org
     Hosts:
         127.0.0.1:
             - example.org
+    SSH:
+        Config:
+            Example:
+                User: root
+                HostName: example.org
+    Sysctl:
+        vm.overcommit_memory: 1

data/Plugins/Apps/Dovecot/Dovecot.lmm.rb

@@ -0,0 +1,17 @@
+
+module ConfigLMM
+    module LMM
+        class Dovecot < Framework::Plugin
+            PACKAGE_NAME = 'Dovecot'
+            SERVICE_NAME = 'dovecot'
+
+            def actionDovecotDeploy(id, target, activeState, context, options)
+                plugins[:Linux].ensurePackage(PACKAGE_NAME, target['Location'])
+                plugins[:Linux].ensureServiceAutoStart(SERVICE_NAME, target['Location'])
+                plugins[:Linux].startService(SERVICE_NAME, target['Location'])
+            end
+
+        end
+
+    end
+end

data/Plugins/Apps/Nginx/config-lmm/errors.conf

@@ -21,7 +21,7 @@ error_page 521 /_errors_/HTTP521.$errorExtension;
 error_page 533 /_errors_/HTTP533.$errorExtension;
 
 location /_errors_/ {
-    include config/public.conf;
+    include config-lmm/public.conf;
 
     alias /srv/http/errors/;
     internal;

data/Plugins/Apps/Nginx/config-lmm/security.conf

@@ -0,0 +1,4 @@
+
+# Security / XSS Mitigation Headers
+add_header X-Frame-Options "DENY";
+add_header X-Content-Type-Options "nosniff";

data/Plugins/Apps/Postfix/Postfix.lmm.rb

@@ -0,0 +1,76 @@
+
+module ConfigLMM
+    module LMM
+        class Postfix < Framework::Plugin
+            PACKAGE_NAME = 'Postfix'
+            SERVICE_NAME = 'postfix'
+            MASTER_FILE = '/etc/postfix/master.cf'
+            MAIN_FILE = '/etc/postfix/main.cf'
+            TRANSPORT_FILE = '/etc/postfix/transport'
+
+            def actionPostfixDeploy(id, target, activeState, context, options)
+                plugins[:Linux].ensurePackage(PACKAGE_NAME, target['Location'])
+                plugins[:Linux].ensureServiceAutoStart(SERVICE_NAME, target['Location'])
+
+                deploySettings(target, target['Location'], options)
+
+                plugins[:Linux].startService(SERVICE_NAME, target['Location'])
+            end
+
+            def deploySettings(target, location, options)
+                if location && location != '@me'
+                    if target['AlternativePort']
+                        updateRemoteFile(location, MASTER_FILE, options, true) do |fileLines|
+                            fileLines << "#{target['AlternativePort']}      inet  n       -       n       -       -       smtpd\n"
+                        end
+                    end
+                    self.class.sshStart(location) do |ssh|
+                        domain = self.class.sshExec!(ssh, "hostname --fqdn").strip
+                        command = "sed -i 's|^myhostname = .*|myhostname = #{domain}|' #{MAIN_FILE}"
+                        command = "sed -i 's|^#myhostname = virtual.domain.tld|myhostname = #{domain}|' #{MAIN_FILE}"
+                        self.class.sshExec!(ssh, command)
+                    end
+                    if target['Settings']
+                        target['Settings'].each do |name, value|
+                            self.class.sshStart(location) do |ssh|
+                                command = "sed -i 's|^#{name} =.*|#{name} = #{value}|' #{MAIN_FILE}"
+                                self.class.sshExec!(ssh, command)
+                            end
+                        end
+                    end
+                    if target['ForwardAll']
+                        updateRemoteFile(location, TRANSPORT_FILE, options, true) do |fileLines|
+                            hostname, port = target['ForwardAll'].split(':')
+                            hostname = '[' + hostname + ']'
+                            line = '* smtp:' + hostname
+                            line += ':' + port if port
+                            fileLines << line + "\n"
+                        end
+                        self.class.sshStart(location) do |ssh|
+                            self.class.sshExec!(ssh, "postmap #{TRANSPORT_FILE}")
+                        end
+                    end
+                else
+                    if target['AlternativePort']
+                        updateLocalFile(MASTER_FILE, options, true) do |fileLines|
+                            fileLines << "#{target['AlternativePort']}      inet  n       -       n       -       -       smtpd\n"
+                        end
+                    end
+                    if target['Settings']
+                        target['Settings'].each do |name, value|
+                            `sed -i 's|^#{name} =.*|#{name} = #{value}|' #{MAIN_FILE}`
+                        end
+                    end
+                    if target['ForwardAll']
+                        updateLocalFile(TRANSPORT_FILE, options, true) do |fileLines|
+                            fileLines << '* smtp:[' + target['ForwardAll'] + "]\n"
+                        end
+                        `postmap #{TRANSPORT_FILE}`
+                    end
+                end
+            end
+
+        end
+
+    end
+end

data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb

@@ -0,0 +1,76 @@
+
+require_relative '../../OS/Linux/Linux.lmm.rb'
+
+module ConfigLMM
+    module LMM
+        class PostgreSQL < Framework::LinuxApp
+            PACKAGE_NAME = 'PostgreSQL'
+            SERVICE_NAME = 'postgresql'
+            USER_NAME = 'postgres'
+
+            HBA_FILE = 'data/pg_hba.conf'
+            CONFIG_FILE = 'data/postgresql.conf'
+
+            def actionPostgreSQLDeploy(id, target, activeState, context, options)
+                self.ensurePackage(PACKAGE_NAME, target['Location'])
+                self.ensureServiceAutoStart(SERVICE_NAME, target['Location'])
+
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                    if target['ListenAll']
+                        cmd = "sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             0.0.0.0/0               scram-sha-256|'"
+                        dir = updateConfigOverSSH(uri, cmd)
+                        updateRemoteFile(uri, dir + CONFIG_FILE, options, false) do |configLines|
+                            configLines << "listen_addresses = '*'\n"
+                        end
+                    else
+                        cmd = "sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             127.0.0.1/32            scram-sha-256|'"
+                        updateConfigOverSSH(uri, cmd)
+                    end
+                else
+                    dir = pgsqlDir(self.class.distroID)
+                    if target['ListenAll']
+                        `sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             0.0.0.0/0            scram-sha-256|' #{dir + HBA_FILE}`
+                        updateLocalFile(dir + CONFIG_FILE, options) do |configLines|
+                            configLines << "listen_addresses = '*'"
+                        end
+                    else
+                        `sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             127.0.0.1/32            scram-sha-256|' #{dir + HBA_FILE}`
+                    end
+                end
+
+                self.startService(SERVICE_NAME, target['Location'])
+            end
+
+            def updateConfigOverSSH(uri, cmd)
+                dir = ''
+                self.class.sshStart(uri) do |ssh|
+                    distroID = self.class.distroIDfromSSH(ssh)
+                    dir = pgsqlDir(distroID)
+                    self.class.sshExec!(ssh, cmd + ' ' + dir + HBA_FILE)
+                end
+                dir
+            end
+
+            def self.createUserAndDBOverSSH(user, password, ssh)
+                self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createuser #{user}'", true)
+                self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createdb --owner=#{user} #{user}'", true)
+                cmd = " su --login #{USER_NAME} --command ' psql -c \"ALTER USER #{user} WITH PASSWORD \\'#{password}\\';\"'"
+                self.sshExec!(ssh, cmd)
+            end
+
+            def pgsqlDir(distroID)
+                if distroID == 'opensuse-leap'
+                    '/var/lib/pgsql/'
+                elsif distroID == 'arch'
+                    '/var/lib/postgres/'
+                else
+                    raise Framework::PluginProcessError.new("Unknown Linux Distro: #{distroID}!")
+                end
+            end
+
+        end
+
+    end
+end

data/Plugins/Apps/Valkey/Valkey.lmm.rb

@@ -0,0 +1,55 @@
+
+module ConfigLMM
+    module LMM
+        class Valkey < Framework::LinuxApp
+            PACKAGE_NAME = 'Valkey'
+            CONFIG_FILE = '/etc/redis/redis.conf'
+            PID_FILE = '/run/redis/redis.pid'
+
+            def actionValkeyDeploy(id, target, activeState, context, options)
+                self.ensurePackage(PACKAGE_NAME, target['Location'])
+
+                serviceName = 'redis'
+
+                if target['Location'] && target['Location'] != '@me'
+                    self.class.sshStart(target['Location']) do |ssh|
+                        distroId = self.class.distroIDfromSSH(ssh)
+                        if distroId == SUSE_ID
+                            serviceName = 'redis@redis'
+                            self.class.sshExec!(ssh, "touch #{CONFIG_FILE}")
+
+                            target['Settings'] ||= {}
+                            target['Settings']['pidfile'] = PID_FILE
+                            target['Settings']['supervised'] = 'systemd'
+                            target['Settings']['dir'] = '/var/lib/redis/default/'
+                        end
+
+                        if target['Settings']
+                            updateRemoteFile(ssh, CONFIG_FILE, options, false) do |configLines|
+                                target['Settings'].each do |name, value|
+                                    configLines << "#{name} #{value}\n"
+                                end
+                                configLines
+                            end
+                        end
+                    end
+                else
+                    if target['Settings']
+                        `touch #{CONFIG_FILE}`
+                        updateLocalFile(CONFIG_FILE, options) do |configLines|
+                            target['Settings'].each do |name, value|
+                                configLines << "#{name} #{value}\n"
+                            end
+                            configLines
+                        end
+                    end
+                end
+
+                self.ensureServiceAutoStart(serviceName, target['Location'])
+                self.startService(serviceName, target['Location'])
+            end
+
+        end
+
+    end
+end

data/Plugins/OS/Linux/Distributions.yaml

@@ -0,0 +1,6 @@
+
+opensuse-leap:
+    Name: openSUSE Leap
+    InstallPackage: zypper install --no-confirm
+    AutoStartService: systemctl enable
+    StartService: systemctl start