ConfigLMM 0.1.0

data/Plugins/Apps/Odoo/Odoo.lmm.rb

@@ -0,0 +1,23 @@
+
+module ConfigLMM
+    module LMM
+        class Odoo < Framework::NginxApp
+
+            def actionOdooBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Odoo', id, target, state, context, options)
+            end
+
+            def actionOdooDiff(id, target, activeState, context, options)
+                # TODO
+            end
+
+            def actionOdooDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb

@@ -0,0 +1,50 @@
+
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/pterodactyl.access.log;
+    error_log   /var/log/nginx/pterodactyl.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    root /usr/share/webapps/pterodactyl/public/;
+    index index.php;
+
+    # allow larger file uploads and longer script runtimes
+    client_max_body_size 100m;
+    client_body_timeout 120s;
+
+    sendfile off;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+     location ~ \.php$ {
+         fastcgi_pass   unix:/run/php-fpm/php-fpm-pterodactyl.sock;
+         include        fastcgi.conf;
+         fastcgi_param HTTP_PROXY "";
+         fastcgi_buffer_size 16k;
+         fastcgi_buffers 4 16k;
+
+         fastcgi_send_timeout 300;
+         fastcgi_read_timeout 300;
+    }
+
+    location ~ /\.ht {
+        include config-lmm/private.conf;
+    }
+}

data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb

@@ -0,0 +1,30 @@
+
+module ConfigLMM
+    module LMM
+        class Pterodactyl < Framework::NginxApp
+
+            def actionPterodactylBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Pterodactyl', id, target, state, context, options)
+            end
+
+            def actionPterodactylDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+            def actionWingsBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Wings', id, target, state, context, options)
+            end
+
+            def actionWingsDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+        end
+
+    end
+end

data/Plugins/Apps/Pterodactyl/Wings.conf.erb

@@ -0,0 +1,38 @@
+
+upstream wings {
+    server 127.0.0.1:1200;
+}
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/wings.access.log;
+    error_log   /var/log/nginx/wings.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass http://wings;
+
+        include config/proxy.conf;
+    }
+
+    location ~ \/ws$ {
+        proxy_pass http://wings;
+
+        include config/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Sunshine/Sunshine.conf.erb

@@ -0,0 +1,31 @@
+
+upstream sunshine {
+    server 127.0.0.1:47990 fail_timeout=0;
+}
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/sunshine.access.log;
+    error_log   /var/log/nginx/sunshine.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass https://sunshine;
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Sunshine/Sunshine.lmm.rb

@@ -0,0 +1,21 @@
+
+require 'fileutils'
+
+module ConfigLMM
+    module LMM
+        class Sunshine < Framework::NginxApp
+
+            def actionSunshineBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Sunshine', id, target, state, context, options)
+            end
+
+            def actionSunshineDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb

@@ -0,0 +1,48 @@
+
+upstream vaultwarden {
+    server 127.0.0.1:8000;
+}
+
+upstream vaultwarden-websocket {
+    server 127.0.0.1:3012;
+}
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    <% if config['Private'] %>
+        include config-lmm/private.conf;
+    <% end %>
+
+    access_log  /var/log/nginx/vaultwarden.access.log;
+    error_log   /var/log/nginx/vaultwarden.error.log;
+
+    client_max_body_size 200M;
+
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass http://vaultwarden;
+        include config-lmm/proxy.conf;
+    }
+
+    location /notifications/ {
+        proxy_pass http://vaultwarden-websocket/;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        include config-lmm/proxy.conf;
+    }
+
+}

data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb

@@ -0,0 +1,25 @@
+
+require 'fileutils'
+
+module ConfigLMM
+    module LMM
+        class Vaultwarden < Framework::NginxApp
+
+            def actionVaultwardenBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'Vaultwarden', id, target, state, context, options)
+            end
+
+            def actionVaultwardenDiff(id, target, activeState, context, options)
+                # TODO
+            end
+
+            def actionVaultwardenDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb

@@ -0,0 +1,35 @@
+
+upstream bitmagnet {
+    server 127.0.0.1:3333;
+}
+
+server {
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/bitmagnet.access.log;
+    error_log   /var/log/nginx/bitmagnet.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        proxy_pass http://bitmagnet;
+        include config-lmm/proxy.conf;
+    }
+
+    location = /graphql {
+        proxy_read_timeout 10m;
+        proxy_pass http://bitmagnet;
+        include config-lmm/proxy.conf;
+    }
+}

data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb

@@ -0,0 +1,19 @@
+
+module ConfigLMM
+    module LMM
+        class Bitmagnet < Framework::NginxApp
+
+            def actionBitmagnetBuild(id, target, state, context, options)
+                writeNginxConfig(__dir__, 'bitmagnet', id, target, state, context, options)
+            end
+
+            def actionBitmagnetDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    deployNginxConfig(id, target, activeState, context, options)
+                    activeState['Location'] = '@me'
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/gollum/config.ru

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'gollum/app'
+
+gollum_path = File.expand_path(File.dirname(__FILE__)) + '/repo'
+
+wiki_options = {:universal_toc => false}
+Precious::App.set(:gollum_path, gollum_path)
+Precious::App.set(:default_markup, :markdown) # set your favorite markup language
+Precious::App.set(:wiki_options, wiki_options)
+run Precious::App

data/Plugins/Apps/gollum/gollum.conf.erb

@@ -0,0 +1,41 @@
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        listen       <%= config['Port'] %> ssl;
+        listen  [::]:<%= config['Port'] %> ssl;
+        http2 on;
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    root               <%= config['Root'] %>;
+    passenger_app_root /srv/gollum;
+
+    try_files    $uri @Passenger;
+
+    access_log  /var/log/nginx/gollum.access.log;
+    error_log   /var/log/nginx/gollum.error.log;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    <% if config['CertName'] %>
+        ssl_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/<%= config['CertName'] %>/privkey.pem";
+        ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
+    <% end %>
+
+    location @Passenger {
+        passenger_enabled on;
+        passenger_min_instances 1;
+        rails_env production;
+
+        #passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
+        #limit_req zone=one burst=5;
+    }
+}

data/Plugins/Apps/gollum/gollum.lmm.rb

@@ -0,0 +1,52 @@
+
+module ConfigLMM
+    module LMM
+        class Gollum < Framework::NginxApp
+
+            NAME = 'gollum'
+            GOLLUM_PATH = '/srv/gollum'
+
+            def actionGollumBuild(id, target, activeState, context, options)
+                if !target['Root'] && (!target['Location'] || target['Location'] == '@me')
+                    target['Root'] = File.dirname(`gem which gollum`.strip) + '/gollum/public'
+                end
+                writeNginxConfig(__dir__, NAME, id, target, activeState, context, options)
+                targetDir = options['output'] + GOLLUM_PATH
+                mkdir(targetDir, options['dry'])
+                copy(__dir__ + '/config.ru', targetDir, options['dry'])
+                `git init #{targetDir}/repo`
+            end
+
+            def actionGollumRefresh(id, target, activeState, context, options)
+                # Would need to parse deployed config to implement
+            end
+
+            def actionGollumDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    targetDir = GOLLUM_PATH
+                    mkdir(targetDir, options['dry'])
+                    deployNginxConfig(id, target, activeState, context, options)
+                    copy(options['output'] + GOLLUM_PATH + '/config.ru', GOLLUM_PATH, options['dry'])
+                    copyNotPresent(options['output'] + GOLLUM_PATH + '/repo', GOLLUM_PATH, options['dry'])
+                    chown('http', 'http', GOLLUM_PATH, options['dry'])
+                    activeState['Location'] = '@me'
+                else
+                    # TODO
+                end
+            end
+
+            def cleanup(configs, state, context, options)
+                items = state.selectType(:Gollum)
+                items.each do |id, item|
+                    if !configs.key?(id)
+                        if item['Location'] == '@me'
+                            cleanupNginxConfig(NAME, id, state, context, options)
+                        else
+                            # TODO
+                        end
+                    end
+                end
+            end
+        end
+    end
+end

data/Plugins/OS/Linux.lmm.rb

@@ -0,0 +1,64 @@
+
+module ConfigLMM
+    module LMM
+        class Linux < Framework::Plugin
+
+            HOSTS_FILE = '/etc/hosts'
+            HOSTS_SECTION_BEGIN = "# -----BEGIN CONFIGLMM-----\n"
+            HOSTS_SECTION_END   = "# -----END CONFIGLMM-----\n"
+
+            def actionLinuxBuild(id, target, activeState, context, options)
+                if target['Hosts']
+                    hosts  = "#\n"
+                    hosts += "# /etc/hosts: static lookup table for host names\n"
+                    hosts += "#\n\n"
+                    hosts += "#<ip-address>   <hostname.domain.org>   <hostname>\n"
+                    hosts += "127.0.0.1       localhost\n"
+                    hosts += "::1             localhost\n\n"
+                    hosts += HOSTS_SECTION_BEGIN
+                    target['Hosts'].each do |ip, entries|
+                        hosts += ip.ljust(16) + entries.join(' ') + "\n"
+                    end
+                    hosts += HOSTS_SECTION_END
+
+                    mkdir(options['output'] + '/etc', options[:dry])
+                    fileWrite(options['output'] + HOSTS_FILE, hosts, options[:dry])
+                end
+            end
+
+            def actionLinuxDeploy(id, target, activeState, context, options)
+                if !target['Location'] || target['Location'] == '@me'
+                    if target['Hosts']
+                        hostsLines = File.read(HOSTS_FILE).lines
+                        sectionBeginIndex = hostsLines.index(HOSTS_SECTION_BEGIN)
+                        sectionEndIndex = hostsLines.index(HOSTS_SECTION_END)
+                        if sectionBeginIndex.nil?
+                            linesBefore = hostsLines
+                            linesBefore << "\n"
+                            linesBefore << HOSTS_SECTION_BEGIN
+                            linesAfter = [HOSTS_SECTION_END]
+                            linesAfter << "\n"
+                        else
+                            linesBefore = hostsLines[0..sectionBeginIndex]
+                            if sectionEndIndex.nil?
+                                linesAfter = [HOSTS_SECTION_END]
+                                linesAfter << "\n"
+                            else
+                                linesAfter = hostsLines[sectionEndIndex..hostsLines.length]
+                            end
+                        end
+
+                        hostsLines = linesBefore
+                        target['Hosts'].each do |ip, entries|
+                            hostsLines << ip.ljust(16) + entries.join(' ') + "\n"
+                        end
+                        hostsLines += linesAfter
+
+                        fileWrite(HOSTS_FILE, hostsLines.join(), options[:dry])
+                    end
+                end
+            end
+
+        end
+    end
+end

data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb

@@ -0,0 +1,144 @@
+
+require 'expect'
+require 'securerandom'
+require 'socket'
+require 'pty'
+require 'tty-which'
+require 'webrick'
+
+module ConfigLMM
+    module LMM
+        class ArubaInstant < Framework::SSH
+
+            CERT_BASE = '/etc/letsencrypt/live/'
+            HTTP_PORT = 6582
+
+            def actionArubaInstantDeploy(id, target, activeState, context, options)
+                if !target['Location']
+                    raise Framework::PluginProcessError.new(id + ': Location must be provided!')
+                end
+                if target['CertificateName']
+                    fullchain = CERT_BASE + target['CertificateName'] + '/fullchain.pem'
+                    privkey = CERT_BASE + target['CertificateName'] + '/privkey.pem'
+                    if !File.exist?(fullchain) || !File.exist?(privkey)
+                        prompt.error('Couldn\'t find certificate!')
+                        prompt.error("Looked at #{fullchain} and #{privkey}")
+                        raise Framework::PluginProcessError.new(id + ': Certificate not found!')
+                    end
+                    certData = File.read(fullchain)
+                    certData += File.read(privkey)
+                    certFileName = SecureRandom.hex(10)
+                    File.write(options['output'] + '/' + certFileName, certData)
+
+                    httpThread = Thread.new do
+                        server = WEBrick::HTTPServer.new(Port: HTTP_PORT,
+                                                         DocumentRoot: options['output'],
+                                                         Logger: WEBrick::Log.new("/dev/null"),
+                                                         AccessLog: [])
+                        server.start
+                    end
+
+                    ourIP = Socket.ip_address_list.select { |addr| addr.ipv4_private? }.first.ip_address
+
+                    firewallcmd = TTY::Which.which("firewall-cmd")
+                    if firewallcmd
+                        `#{firewallcmd} --add-port #{HTTP_PORT}/tcp >/dev/null 2>&1`
+                    end
+
+                    creds = parseLocation(target['Location'])
+                    password = ENV['ARUBA_INSTANT_PASSWORD']
+
+                    # Couldn't get it working with net-ssh gem so using `ssh` as workaround
+                    # Net::SSH.start(creds[:hostname], creds[:user], password: password, port: creds[:port]) do |ssh|
+                    PTY.spawn("ssh -o NumberOfPasswordPrompts=1 -o HostKeyAlgorithms=ssh-rsa #{creds[:user]}@#{creds[:hostname]}") do |reader, writer, pid|
+                        reader.expect(/password:/) do |result|
+                            writer.puts(password)
+                        end
+
+                        output = ''
+                        lastWrite = nil
+                        error = nil
+                        thread = Thread.new do
+                            reader.each do |line|
+                                output += line
+                                lastWrite = Time.now.to_f
+                            end
+                        rescue SystemCallError => err
+                            # Most likely wrong password
+                            error = err
+                        end
+                        while lastWrite.nil? || Time.now.to_f - lastWrite < 5 # It takes while to respond
+                            sleep(0.2)
+                            if error
+                                raise Framework::PluginProcessError.new(id + ': ' + error.message)
+                            end
+                        end
+                        output = ''
+                        lastWrite = nil
+                        writer.puts('show version')
+                        while lastWrite.nil? || Time.now.to_f - lastWrite < 2
+                            sleep(0.2)
+                        end
+                        thread.terminate
+                        if output.include?('ArubaOS')
+                            result = output.match(/MODEL: (\d+)., Version ([\d\.]+)/)
+                            prompt.say("ArubaOS Version: #{result[2]}")
+                            prompt.say("MODEL: #{result[1]}")
+                            if result[1] == '275'
+                                output = ''
+                                lastWrite = nil
+                                # See Aruba Instant 8.x Command-Line Interface Reference Guide
+                                # download-cert ui <url> format pem [psk <psk>]
+                                writer.puts("download-cert ui http://#{ourIP}:#{HTTP_PORT}/#{certFileName}")
+                                thread = Thread.new do
+                                    reader.each do |line|
+                                        output += line
+                                        lastWrite = Time.now.to_f
+                                        prompt.say(line)
+                                    end
+                                end
+                                while lastWrite.nil? || Time.now.to_f - lastWrite < 4
+                                    sleep(0.2)
+                                end
+                                thread.terminate
+                                if output.include?('error')
+                                    message = 'Something went wrong! :('
+                                    prompt.error(message)
+                                    raise Framework::PluginProcessError.new(id + ': ' + message)
+                                end
+                            else
+                                message = 'Not risking with untested device! Please test and submit PR! :)'
+                                prompt.error(message)
+                                raise Framework::PluginProcessError.new(id + ': ' + message)
+                            end
+                        else
+                            message = 'This is not Aruba device!'
+                            prompt.error(message)
+                            raise Framework::PluginProcessError.new(id + ': ' + message)
+                        end
+                        reader.close
+                        writer.close
+                    rescue Framework::PluginProcessError => error
+                        `#{firewallcmd} --remove-port #{HTTP_PORT}/tcp` if firewallcmd
+                        raise error
+                    end
+                    httpThread.terminate
+                    `#{firewallcmd} --remove-port #{HTTP_PORT}/tcp` if firewallcmd
+                end
+            end
+
+            def authenticate(actionMethod, target, activeState, context, options)
+                if ENV['ARUBA_INSTANT_PASSWORD'].to_s.empty? || ENV['ARUBA_INSTANT_PASSWORD'].to_s.empty?
+                    prompt.error('Set your Aruba Instant SSH password to ARUBA_INSTANT_PASSWORD as Environment Variable')
+                    raise Framework::PluginPrerequisite.new('Need ARUBA_INSTANT_PASSWORD')
+                else
+                    if !target['Location']
+                        raise Framework::PluginProcessError.new('Location must be provided!')
+                    end
+                    checkSSHAuth!(target['Location'], ENV['ARUBA_INSTANT_PASSWORD'])
+                end
+                true
+            end
+        end
+    end
+end