ConfigLMM 0.3.0 → 0.5.0

data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb

@@ -1,76 +1,138 @@
 
 require_relative '../../OS/Linux/Linux.lmm.rb'
+require_relative 'Connection'
 
 module ConfigLMM
     module LMM
         class PostgreSQL < Framework::LinuxApp
             PACKAGE_NAME = 'PostgreSQL'
-            SERVICE_NAME = 'postgresql'
+            SERVICE_NAME = :postgresql
             USER_NAME = 'postgres'
+            PORT = '5432'
 
             HBA_FILE = 'data/pg_hba.conf'
             CONFIG_FILE = 'data/postgresql.conf'
 
             def actionPostgreSQLDeploy(id, target, activeState, context, options)
-                self.ensurePackage(PACKAGE_NAME, target['Location'])
-                self.ensureServiceAutoStart(SERVICE_NAME, target['Location'])
-                self.startService(SERVICE_NAME, target['Location'])
-
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-
-                    self.class.sshStart(uri) do |ssh|
-                        self.updateSettingsOverSSH(target, ssh, options)
-                        self.class.sshExec!(ssh, "su --login #{USER_NAME} --command 'pg_ctl reload'")
-                        self.class.createUsersOverSSH(target, ssh)
-                        self.class.createDatabasesOverSSH(target, ssh)
-                        self.class.createPublicationsOverSSH(target, ssh)
-                        self.class.createSubscriptionsOverSSH(target, ssh)
+                target['Deploy'] = !!(target['ListenAll'] || target['Listen'] || target['Settings']) unless target.key?('Deploy')
+
+                withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        self.class.withConnection({}, linuxConnection) do |postgres|
+                            if target['Deploy']
+                                linuxConnection.ensurePackage(PACKAGE_NAME, options)
+                                linuxConnection.ensureServiceAutoStart(SERVICE_NAME, options)
+
+                                # So that OpenTelemetry can read logs
+                                linuxConnection.createDirs(options, '/var/log/postgresql')
+                                linuxConnection.exec("chown postgres:postgres /var/log/postgresql", false, options)
+                                linuxConnection.exec("chmod 750 /var/log/postgresql", false, options)
+
+                                replicate(target, linuxConnection, postgres, context, options)
+                                linuxConnection.startService(SERVICE_NAME, options)
+
+                                updateSettings(target, linuxConnection, postgres, options)
+
+                                if activeState['Status'] == State::STATUS_DEPLOYED
+                                    linuxConnection.withUserShell(USER_NAME) do |shellConnection|
+                                        shellConnection.exec("pg_ctl reload -D #{postgres.pgsqlDir}data", false, options)
+                                    end
+                                else
+                                    # Restart only on first deploy
+                                    linuxConnection.restartService(SERVICE_NAME, options)
+                                end
+                            end
+
+                            createUsers(target, postgres, context, options)
+                            createDatabases(target, postgres, context, options)
+                            createPublications(target, postgres, context, options)
+                            createSubscriptions(target, postgres, context, options)
+                        end
                     end
-                else
-                    `pg_ctl reload`
                 end
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:PostgreSQL, configs, state, context, options) do |item, id, state, context, options, connection|
+                    withConnection(item['Config']['Location'], item['Config']) do |connection|
+                        Linux.withConnection(connection) do |linuxConnection|
+                            if item['Deploy']
+                                linuxConnection.stopService(SERVICE_NAME, options)
+                                linuxConnection.disableService(SERVICE_NAME, options)
+                                linuxConnection.removePackage(PACKAGE_NAME, options)
+
+                                state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
 
+                                if options[:destroy]
+                                    linuxConnection.deleteUserAndGroup(USER_NAME, options)
+
+                                    state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                                end
+                            end
+                        end
+                    end
+                end
             end
 
-            def updateListenLocal(target)
-                dir = pgsqlDir(self.class.distroID)
-                if target['ListenAll']
-                    `sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             0.0.0.0/0            scram-sha-256|' #{dir + HBA_FILE}`
-                    updateLocalFile(dir + CONFIG_FILE, options) do |configLines|
-                        configLines << "listen_addresses = '*'\n"
+            def replicate(target, linuxConnection, postgres, context, options)
+                if target['Replicate']
+                    if !linuxConnection.filePresent?(postgres.pgsqlDir + "data")
+                        linuxConnection.withUserShell(USER_NAME) do |shellConnection|
+                            connection = Framework::Variables.stringEval(target['Replicate']['Connection'], context)
+                            extra = ''
+                            if target['Replicate']['Slot']
+                                extra = "--create-slot --slot=#{target['Replicate']['Slot'].downcase}"
+                            end
+                            shellConnection.exec("pg_basebackup --dbname=#{connection.shellescape} --write-recovery-conf #{extra} --pgdata #{postgres.pgsqlDir}data", false, options)
+                        end
                     end
-                else
-                    `sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             127.0.0.1/32            scram-sha-256|' #{dir + HBA_FILE}`
                 end
             end
 
-            def updateSettingsOverSSH(target, ssh, options)
-                dir = nil
+            def updateSettings(target, linuxConnection, postgres, options)
                 settingLines = []
                 hbaLines = []
                 if target['ListenAll']
                     cmd = "sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             0.0.0.0/0               scram-sha-256|'"
-                    dir = updateConfigOverSSH(ssh, cmd)
+                    postgres.connection.exec(cmd + ' ' + postgres.pgsqlDir + HBA_FILE, false, options)
                     settingLines << "listen_addresses = '*'\n"
-                    Framework::LinuxApp.firewallAddPortOverSSH('5432/tcp', ssh)
+                    postgres.connection.firewallAddPort('5432/tcp', options)
                 elsif target['Listen'] && !target['Listen'].empty?
                     cmd = "sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             127.0.0.1/32            scram-sha-256|'"
-                    dir = updateConfigOverSSH(ssh, cmd)
+                    postgres.connection.exec(cmd + ' ' + postgres.pgsqlDir + HBA_FILE, false, options)
 
                     ips = target['Listen'].map { |addr| addr.split('/').first }.join(',')
                     settingLines << "listen_addresses = '#{ips}'\n"
 
                     target['Listen'].each do |addr|
                         if addr != 'localhost' && !addr.start_with?('127.0.0.1') && !addr.start_with?('::1')
+                            addr += '/0' if addr == '0.0.0.0'
+                            addr += '/32' if addr =~ /^\d+\.\d+\.\d+\.\d+$/
                             hbaLines << "host    all             all             #{addr}            scram-sha-256\n"
                         end
                     end
                 else
                     cmd = "sed -i 's|^host    all             all             127.0.0.1/32            ident|host    all             all             127.0.0.1/32            scram-sha-256|'"
-                    dir = updateConfigOverSSH(ssh, cmd)
+                    postgres.connection.exec(cmd + ' ' + postgres.pgsqlDir + HBA_FILE, false, options)
                 end
+                if target['AllowReplication']
+                    addresses = target['AllowReplication']
+                    addresses = [addresses] unless addresses.is_a?(Array)
+                    addresses.each do |addr|
+                        addr += '/0' if addr == '0.0.0.0'
+                        addr += '/32' if addr =~ /^\d+\.\d+\.\d+\.\d+$/
+                        hbaLines << "host    replication     all             #{addr}            scram-sha-256\n"
+                    end
+                end
+                postgres.connection.exec('sed -i "s|^log_destination|#log_destination|" ' + postgres.pgsqlDir + CONFIG_FILE, false, options)
+                postgres.connection.exec('sed -i "s|^logging_collector|#logging_collector|" ' + postgres.pgsqlDir + CONFIG_FILE, false, options)
+                postgres.connection.exec('sed -i "s|^log_directory|#log_directory|" ' + postgres.pgsqlDir + CONFIG_FILE, false, options)
+                postgres.connection.exec('sed -i "s|^log_file_mode|#log_file_mode|" ' + postgres.pgsqlDir + CONFIG_FILE, false, options)
+                settingLines << "log_destination = 'jsonlog'\n"
+                settingLines << "logging_collector = on\n"
+                settingLines << "log_directory = '/var/log/postgresql'\n"
+                settingLines << "log_file_mode = 0640\n"
+
                 #if !target['Publications'].to_h.empty?
                 #    target['Settings'] ||= {}
                 #    target['Settings']['wal_level'] = 'logical'
@@ -79,41 +141,39 @@ module ConfigLMM
                     settingLines << "#{name} = #{value}\n"
                 end
                 if !hbaLines.empty?
-                    updateRemoteFile(ssh, dir + HBA_FILE, options, false) do |configLines|
+                    postgres.connection.updateFile(postgres.pgsqlDir + HBA_FILE, options, false) do |configLines|
                         configLines += hbaLines
                     end
                 end
                 if !settingLines.empty?
-                    updateRemoteFile(ssh, dir + CONFIG_FILE, options, false) do |configLines|
+                    postgres.connection.updateFile(postgres.pgsqlDir + CONFIG_FILE, options, false) do |configLines|
                         configLines += settingLines
                     end
                 end
             end
 
-            def self.createUsersOverSSH(target, ssh)
+            def createUsers(target, postgres, context, options)
                 target['Users'].to_a.each do |user, info|
-                    self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createuser #{user}'", true)
-                    if !info['Password'].to_s.empty?
-                        password = self.loadVariable(info['Password'], target).to_s
-                        if !password.empty?
-                            sql = "ALTER USER #{user} WITH PASSWORD '#{password}'"
-                            self.executeSQL(sql, nil, ssh)
-                        end
+                    password = info['Password'].to_s
+                    if !password.empty?
+                        password = Framework::Variables.parse(info['Password'], context).to_s
                     end
-                    if info['Replication'] && info['Replication'] != 'no'
-                        self.executeSQL("ALTER USER #{user} REPLICATION", nil, ssh)
-                        self.executeSQL("GRANT pg_read_all_data TO #{user}", nil, ssh)
+                    postgres.createUser(user, password, options)
+
+                    if info['Replication']
+                        postgres.grantReplication(user)
                     end
                 end
             end
 
-            def self.createDatabasesOverSSH(target, ssh)
+            def createDatabases(target, postgres, context, options)
                 target['Databases'].to_a.each do |db, info|
-                    self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createdb #{db}'", true)
+                    owner = info['Owner'] ? info['Owner'] : nil
+                    postgres.createDB(db, owner, options)
                 end
             end
 
-            def self.createPublicationsOverSSH(target, ssh)
+            def createPublications(target, postgres, context, options)
                 return if target['Publications'].to_h.empty?
 
                 target['Publications'].each do |name, data|
@@ -122,104 +182,149 @@ module ConfigLMM
                         # TODO
                     elsif data['Tables'] == 'All'
                         sql = "CREATE PUBLICATION #{name} FOR ALL TABLES"
-                        self.executeSQL(sql, data['Database'], ssh, true)
+                        postgres.exec(sql, data['Database'], true, [], options)
                     else
                         raise "Invalid Tables field: #{data['Tables']}"
                     end
                 end
             end
 
-            def self.createSubscriptionsOverSSH(target, ssh)
+            def createSubscriptions(target, postgres, context, options)
                 return if target['Subscriptions'].to_h.empty?
 
                 target['Subscriptions'].each do |name, data|
                     data['Database'] = name unless data['Database']
                     data['Publication'] = name unless data['Publication']
-                    connection = self.loadVariable(data['Connection'], target).to_s
+                    connection = Framework::Variables.stringEval(data['Connection'], context)
 
                     authParams = '--host=' + connection.match('host=([^ ]+)')[1]
                     authParams += ' --username=' + connection.match('user=([^ ]+)')[1]
                     password = connection.match('password=([^ ]+)')[1]
 
-                    self.importRemoteSchemaOverSSH(name, data['Database'], password, authParams, ssh)
+                    importRemoteSchema(name, data['Database'], password, authParams, postgres, options)
 
                     sql = "CREATE SUBSCRIPTION #{name} CONNECTION '#{connection}' PUBLICATION #{data['Publication']}"
-                    self.executeSQL(sql, data['Database'], ssh, true)
+                    message = postgres.exec(sql, data['Database'], true, [], options)
+                    # 'ERROR:  subscription "$NAME" already exists' - is fine
+                    # but other errors aren't like ERROR:  could not create replication slot "$NAME": ERROR:  replication slot "$NAME" already exists
+                    if message.include?('ERROR') && !(message.include?('subscription') && message.include?('already exists'))
+                        raise message
+                    end
                 end
             end
 
-            def self.importRemoteSchemaOverSSH(sourceDB, targetDB, password, authParams, ssh)
-                self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createdb #{targetDB}'", true)
-                cmd = " su --login #{USER_NAME} --command 'PGPASSWORD=#{password} pg_dump --schema-only --no-owner --dbname=#{sourceDB} #{authParams} | psql --dbname=#{targetDB}'"
-                self.sshExec!(ssh, cmd)
+            def importRemoteSchema(sourceDB, targetDB, password, authParams, postgres, options)
+                postgres.createDB(targetDB, nil, options)
+                postgres.connection.exec(" PGPASSWORD=#{password} pg_dump --schema-only --no-owner --dbname=#{sourceDB} #{authParams} | psql --dbname=#{targetDB}", false, { **options, hide: true })
             end
 
-            def updateConfigOverSSH(ssh, cmd)
-                dir = ''
-                distroID = self.class.distroID(ssh)
-                dir = pgsqlDir(distroID)
-                self.class.sshExec!(ssh, cmd + ' ' + dir + HBA_FILE)
-                dir
+            def self.defaults(settings)
+                settings['HostName'] = 'localhost' unless settings['HostName']
+                settings['Port'] = PORT unless settings['Port']
             end
 
+            def self.withConnection(settings, linuxConnection)
+                if settings.nil? || settings['HostName'].nil? || settings['HostName'] == 'localhost' || settings['HostName'].start_with?('/')
+                    settings ||= {}
+                    settings = settings.dup
+                    settings.delete('HostName')
+                    settings.delete('Port')
+                    linuxConnection.withUserShell(USER_NAME) do |shellConnection|
+                        yield(PostgreSQLConnection.new(shellConnection, settings))
+                    end
+                else
+                    IO::Connection.tunnel("ssh://#{settings['HostName']}/", {}, {}, linuxConnection.prompt, linuxConnection.logger) do |connection|
+                        Linux.withConnection(connection) do |linuxConnection|
+                            linuxConnection.withUserShell(USER_NAME) do |shellConnection|
+                                yield(PostgreSQLConnection.new(shellConnection, settings))
+                            end
+                        end
+                    end
+                end
+            end
+
+            # DEPRECATED
+            def self.createRemoteUserAndDB(settings, user, password, connection)
+                self.executeRemotely(settings, connection) do |connection|
+                    self.createUserAndDB(user, password, connection)
+                end
+            end
+
+            # DEPRECATED
             def self.createRemoteUserAndDBOverSSH(settings, user, password, ssh)
-                    self.executeRemotelyOverSSH(settings, ssh) do |ssh|
-                        self.createUserAndDBOverSSH(user, password, ssh)
+                self.executeRemotely(settings, ssh) do |connection|
+                    self.createUserAndDBOverSSH(user, password, connection)
+                end
+            end
+
+            # DEPRECATED
+            def self.dropUserAndDB(settings, user, connection, dry)
+                self.executeRemotely(settings, connection) do |connection|
+                    connection.exec("su --login #{USER_NAME} --command 'dropdb #{user}'", true, dry)
+                    connection.exec("su --login #{USER_NAME} --command 'dropuser #{user}'", true, dry)
+                end
+            end
+
+            # DEPRECATED
+            def self.createExtensions(settings, db, extensions, connectionOrSSH)
+                self.executeRemotely(settings, ssh) do |connection|
+                    extensions.each do |extension|
+                        self.executeSQL("CREATE EXTENSION #{extension}", db, connection, true)
                     end
+                end
             end
 
-            def self.executeRemotelyOverSSH(settings, ssh)
-                settings['HostName'] = 'localhost' unless settings['HostName']
+            # DEPRECATED
+            def self.executeRemotely(settings, connectionOrSSH = nil)
+                prompt = TTY::Prompt.new
+                logger = TTY::Logger.new
+                self.defaults(settings)
                 if settings['HostName'] == 'localhost'
-                    yield(ssh)
+                    connection = connectionOrSSH
+                    if connectionOrSSH.nil?
+                        connection = IO::Connection.new(:Local, IO::Local.new(prompt, logger), prompt, logger)
+                    elsif !connectionOrSSH.is_a?(IO::Connection)
+                        connection = IO::Connection.new(:SSH, IO::SSH.new(prompt, logger, connectionOrSSH), prompt, logger)
+                    end
+                    yield(connection)
                 else
                     self.sshStart("ssh://#{settings['HostName']}/") do |ssh|
-                        yield(ssh)
+                        yield(IO::Connection.new(:SSH, IO::SSH.new(prompt, logger, ssh), prompt, logger))
                     end
                 end
             end
 
-            def self.createUserAndDBOverSSH(user, password, ssh)
-                self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createuser #{user}'", true)
-                self.sshExec!(ssh, "su --login #{USER_NAME} --command 'createdb --owner=#{user} #{user}'", true)
-                if password
-                    sql = "ALTER USER #{user} WITH PASSWORD '#{password}'"
-                    self.executeSQL(sql, nil, ssh)
-                end
+            # DEPRECATED
+            def self.createUserAndDB(user, password, connection)
+                self.createUserAndDBOverSSH(user, password, connection)
             end
 
-            def self.importSQL(owner, db, sqlFile, ssh = nil)
-                if ssh
-                    self.sshExec!(ssh, "echo \"SET ROLE '#{owner}';\" > /tmp/postgres_import.sql")
-                    self.sshExec!(ssh, "cat #{sqlFile} >> /tmp/postgres_import.sql")
-                    cmd = "su --login #{USER_NAME} --command 'psql #{db} < /tmp/postgres_import.sql'"
-                    self.sshExec!(ssh, cmd)
+            # DEPRECATED
+            def self.createUserAndDBOverSSH(user, password, connectionOrSSH)
+                if connectionOrSSH.is_a?(IO::Connection)
+                    connectionOrSSH.exec("su --login #{USER_NAME} --command 'createuser #{user}'", true)
+                    connectionOrSSH.exec("su --login #{USER_NAME} --command 'createdb --locale=C --template=template0 --owner=#{user} #{user}'", true)
                 else
-                    # TODO
+                    self.sshExec!(connectionOrSSH, "su --login #{USER_NAME} --command 'createuser #{user}'", true)
+                    self.sshExec!(connectionOrSSH, "su --login #{USER_NAME} --command 'createdb --locale=C --template=template0 --owner=#{user} #{user}'", true)
                 end
-            end
-
-            def self.executeSQL(sql, db, ssh = nil, allowFailure = false)
-                if ssh
-                    db = 'postgres' unless db
-                    cmd = " su --login #{USER_NAME} --command ' psql --dbname=#{db} --command=\"#{sql.gsub("'", "\\\\'")};\"'"
-                    self.sshExec!(ssh, cmd, allowFailure)
-                else
-                    # TODO
+                if password
+                    sql = "ALTER USER #{user} WITH PASSWORD '#{password}'"
+                    self.executeSQL(sql, nil, connectionOrSSH)
                 end
             end
 
-            def pgsqlDir(distroID)
-                if distroID == 'opensuse-leap'
-                    '/var/lib/pgsql/'
-                elsif distroID == 'arch'
-                    '/var/lib/postgres/'
+            # DEPRECATED
+            def self.executeSQL(sql, db, connectionOrSSH = nil, allowFailure = false, options = [], dry = false)
+                db = 'postgres' unless db
+                cmd = " su --login #{USER_NAME} --command ' psql #{options.join(' ')} --dbname=#{db} --command=\"#{sql.gsub("'", "'\"'\"'")};\"'"
+                if connectionOrSSH.is_a?(IO::Connection)
+                    connectionOrSSH.exec(cmd, allowFailure, dry)
                 else
-                    raise Framework::PluginProcessError.new("Unknown Linux Distro: #{distroID}!")
+                    self.exec(cmd, connectionOrSSH, allowFailure, dry)
                 end
             end
 
         end
-
     end
 end

data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb

@@ -14,9 +14,6 @@ server {
 
     server_name <%= config['Domain'] %>;
 
-    access_log  /var/log/nginx/pterodactyl.access.log;
-    error_log   /var/log/nginx/pterodactyl.error.log;
-
     include config-lmm/private.conf;
     include config-lmm/errors.conf;
 

data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb

@@ -10,7 +10,6 @@ module ConfigLMM
             def actionPterodactylDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end
 
@@ -21,7 +20,6 @@ module ConfigLMM
             def actionWingsDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end
         end

data/Plugins/Apps/Pterodactyl/Wings.conf.erb

@@ -17,9 +17,6 @@ server {
 
     server_name <%= config['Domain'] %>;
 
-    access_log  /var/log/nginx/wings.access.log;
-    error_log   /var/log/nginx/wings.error.log;
-
     include config-lmm/private.conf;
     include config-lmm/errors.conf;
 

data/Plugins/Apps/RVM/RVM.lmm.rb

@@ -0,0 +1,57 @@
+
+module ConfigLMM
+    module LMM
+        class RVM < Framework::Plugin
+
+            LATEST_RUBY_VERSION = '3.4.1'
+
+            def actionRVMDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        installPackages(linuxConnection, target, options)
+                        installRVM(linuxConnection, true, target, options)
+                        if target['User']
+                            linuxConnection.exec("usermod --append --groups rvm #{target['User']}")
+                        end
+                        installGems(linuxConnection, target, options)
+                    end
+                end
+            end
+
+            def installPackages(connection, target, options)
+                packages = target['Packages'].to_a
+                if !packages.empty?
+                    connection.ensurePackages(packages, options)
+                end
+            end
+
+            def installRVM(connection, installDeps, target, options)
+                if !connection.hasBinaries?('rvm', options)
+                    # Needs dirmngr
+                    # connection.exec('gpg2 --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB', false, options)
+
+                    connection.exec('curl -sSL https://rvm.io/mpapis.asc | gpg --import -', false, options)
+                    connection.exec('curl -sSL https://rvm.io/pkuczynski.asc | gpg --import -', false, options)
+                    extra = ''
+                    if !installDeps
+                        extra = ' --autolibs=read-fail'
+                    end
+                    connection.exec("curl --silent --show-error --location https://get.rvm.io | bash -s stable --ruby=#{LATEST_RUBY_VERSION}#{extra}", false, options)
+                    installFishFunction(connection, target, options)
+                end
+            end
+
+            def installFishFunction(connection, target, options)
+                connection.exec('curl --silent --show-error --location --create-dirs --output /etc/fish/conf.d/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish', false, options)
+                connection.fileAppend("/etc/fish/conf.d/rvm.fish", 'rvm default', options)
+            end
+
+            def installGems(connection, target, options)
+                gems = target['Gems'].to_a.join(' ')
+                if !gems.empty?
+                    connection.exec("gem install #{gems}", false, options)
+                end
+            end
+        end
+    end
+end

data/Plugins/Apps/Roundcube/Roundcube.conf.erb

@@ -0,0 +1,72 @@
+
+upstream roundcube
+{
+<% if config['Server'] %>
+    server <%= config['Server'] %>;
+<% else %>
+    server unix:/run/php-fpm/roundcube.sock;
+<% end %>
+}
+
+server
+{
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        <% if config['NginxVersion'] >= 1.25 %>
+            listen <%= config['Port'] %> ssl;
+            listen [::]:<%= config['Port'] %> ssl;
+            http2 on;
+            http3 on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":<%= config['Port'] %>"; ma=86400';
+        <% else %>
+            listen <%= config['Port'] %> ssl http2;
+            listen [::]:<%= config['Port'] %> ssl http2;
+        <% end %>
+
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    index index.php;
+    root /usr/share/webapps/roundcubemail;
+
+    include config-lmm/private.conf;
+    include config-lmm/errors.conf;
+
+    location / {
+        try_files $uri $uri/ $uri/index.php;
+    }
+
+    location ~ \.php$
+    {
+        fastcgi_pass roundcube;
+        include fastcgi.conf;
+
+        try_files $uri =404;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+
+        fastcgi_intercept_errors off;
+    }
+
+    location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$
+    {
+        deny all;
+    }
+
+    location ~ ^/(bin|SQL)/
+    {
+        deny all;
+    }
+
+    location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$
+    {
+        access_log        off;
+        expires           360d;
+    }
+}