RubyGems - ConfigLMM - Versions diffs - 0.3.0 → 0.5.0 - Mend

ConfigLMM 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +70 -0
data/CNAME +1 -0
data/Examples/.lmm.state.yaml +159 -0
data/Examples/ConfigLMM.mm.yaml +32 -0
data/Examples/Implemented.mm.yaml +252 -4
data/Examples/SmallBusiness.mm.yaml +492 -0
data/Plugins/Apps/Answer/answer.lmm.rb +165 -0
data/Plugins/Apps/Answer/answer@.service +40 -0
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb +0 -3
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb +0 -1
data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +20 -0
data/Plugins/Apps/Authentik/Authentik-Server.container +7 -1
data/Plugins/Apps/Authentik/Authentik-Worker.container +7 -1
data/Plugins/Apps/Authentik/Authentik.conf.erb +18 -6
data/Plugins/Apps/Authentik/Authentik.lmm.rb +232 -45
data/Plugins/Apps/BookStack/BookStack.conf.erb +38 -0
data/Plugins/Apps/BookStack/BookStack.container +20 -0
data/Plugins/Apps/BookStack/BookStack.lmm.rb +91 -0
data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +9 -19
data/Plugins/Apps/ClickHouse/ClickHouse.container +28 -0
data/Plugins/Apps/ClickHouse/ClickHouse.lmm.rb +113 -0
data/Plugins/Apps/ClickHouse/Config/listen.yaml +2 -0
data/Plugins/Apps/ClickHouse/Config/logger.yaml +8 -0
data/Plugins/Apps/ClickHouse/Config/zookeepers.yaml +5 -0
data/Plugins/Apps/ClickHouse/Connection.rb +96 -0
data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +22 -0
data/Plugins/Apps/Discourse/Discourse.conf.erb +38 -0
data/Plugins/Apps/Discourse/Discourse.container +21 -0
data/Plugins/Apps/Discourse/Discourse.lmm.rb +156 -0
data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +87 -52
data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext-Queue.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext.container +23 -0
data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +204 -0
data/Plugins/Apps/ERPNext/ERPNext.network +12 -0
data/Plugins/Apps/ERPNext/sites/apps.json +10 -0
data/Plugins/Apps/ERPNext/sites/apps.txt +3 -0
data/Plugins/Apps/ERPNext/sites/common_site_config.json +11 -0
data/Plugins/Apps/GitLab/GitLab.container +9 -2
data/Plugins/Apps/GitLab/GitLab.lmm.rb +52 -33
data/Plugins/Apps/Homepage/Homepage.conf.erb +86 -0
data/Plugins/Apps/Homepage/Homepage.container +19 -0
data/Plugins/Apps/Homepage/Homepage.lmm.rb +54 -0
data/Plugins/Apps/IPFS/IPFS.conf.erb +0 -3
data/Plugins/Apps/IPFS/IPFS.lmm.rb +0 -1
data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb +0 -3
data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb +0 -1
data/Plugins/Apps/Jackett/Jackett.conf.erb +0 -3
data/Plugins/Apps/Jackett/Jackett.lmm.rb +0 -1
data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb +0 -3
data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb +0 -1
data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +78 -0
data/Plugins/Apps/LetsEncrypt/hooks/dovecot.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/nginx.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/postfix.sh +2 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.service +7 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.timer +12 -0
data/Plugins/Apps/LetsEncrypt/rfc2136.ini +11 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.container +21 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb +34 -0
data/Plugins/Apps/Lobsters/Containerfile +81 -0
data/Plugins/Apps/Lobsters/Lobsters-Tasks.container +26 -0
data/Plugins/Apps/Lobsters/Lobsters.conf.erb +99 -0
data/Plugins/Apps/Lobsters/Lobsters.container +27 -0
data/Plugins/Apps/Lobsters/Lobsters.lmm.rb +196 -0
data/Plugins/Apps/Lobsters/crontab +3 -0
data/Plugins/Apps/Lobsters/database.yml +26 -0
data/Plugins/Apps/Lobsters/entrypoint.sh +30 -0
data/Plugins/Apps/Lobsters/generateCredentials.rb +19 -0
data/Plugins/Apps/Lobsters/lobsters-cron.sh +25 -0
data/Plugins/Apps/Lobsters/lobsters-daily.sh +23 -0
data/Plugins/Apps/Lobsters/puma.rb +49 -0
data/Plugins/Apps/MariaDB/Connection.rb +55 -0
data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +122 -0
data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container +22 -0
data/Plugins/Apps/Mastodon/Mastodon-Streaming.container +20 -0
data/Plugins/Apps/Mastodon/Mastodon.conf.erb +34 -45
data/Plugins/Apps/Mastodon/Mastodon.container +28 -0
data/Plugins/Apps/Mastodon/Mastodon.lmm.rb +240 -5
data/Plugins/Apps/Mastodon/configlmm.rake +30 -0
data/Plugins/Apps/Mastodon/entrypoint.sh +16 -0
data/Plugins/Apps/Matrix/Element.container +19 -0
data/Plugins/Apps/Matrix/Matrix.conf.erb +47 -9
data/Plugins/Apps/Matrix/Matrix.lmm.rb +119 -5
data/Plugins/Apps/Matrix/Synapse.container +22 -0
data/Plugins/Apps/Matrix/config.json +50 -0
data/Plugins/Apps/Matrix/homeserver.yaml +70 -0
data/Plugins/Apps/Matrix/log.config +30 -0
data/Plugins/Apps/Netdata/Netdata.conf.erb +0 -3
data/Plugins/Apps/Netdata/Netdata.lmm.rb +0 -1
data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +3 -4
data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +155 -48
data/Plugins/Apps/Nextcloud/autoconfig.php +13 -0
data/Plugins/Apps/Nextcloud/config.php +10 -1
data/Plugins/Apps/Nextcloud/nextcloudcron.service +8 -0
data/Plugins/Apps/Nextcloud/nextcloudcron.timer +10 -0
data/Plugins/Apps/Nginx/Connection.rb +93 -0
data/Plugins/Apps/Nginx/conf.d/configlmm.conf +54 -4
data/Plugins/Apps/Nginx/conf.d/languages.conf +21 -0
data/Plugins/Apps/Nginx/config-lmm/errors.conf +33 -22
data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf +20 -0
data/Plugins/Apps/Nginx/config-lmm/proxy.conf +6 -2
data/Plugins/Apps/Nginx/main.conf.erb +7 -3
data/Plugins/Apps/Nginx/nginx.conf +2 -2
data/Plugins/Apps/Nginx/nginx.lmm.rb +103 -81
data/Plugins/Apps/Nginx/proxy.conf.erb +24 -6
data/Plugins/Apps/Odoo/Odoo.conf.erb +0 -3
data/Plugins/Apps/Odoo/Odoo.container +7 -1
data/Plugins/Apps/Odoo/Odoo.lmm.rb +4 -5
data/Plugins/Apps/Ollama/Ollama.container +26 -0
data/Plugins/Apps/Ollama/Ollama.lmm.rb +73 -0
data/Plugins/Apps/OpenTelemetry/Config/config.yaml +704 -0
data/Plugins/Apps/OpenTelemetry/OpenTelemetry.lmm.rb +154 -0
data/Plugins/Apps/OpenVidu/Ingress.container +23 -0
data/Plugins/Apps/{GitLab/GitLab.conf.erb → OpenVidu/OpenVidu.conf.erb} +8 -3
data/Plugins/Apps/OpenVidu/OpenVidu.container +21 -0
data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +94 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +32 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.container +20 -0
data/Plugins/Apps/OpenVidu/ingress.yaml +10 -0
data/Plugins/Apps/OpenVidu/livekit.yaml +13 -0
data/Plugins/Apps/PHP-FPM/Connection.rb +91 -0
data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +31 -4
data/Plugins/Apps/Peppermint/Peppermint.conf.erb +2 -9
data/Plugins/Apps/Peppermint/Peppermint.container +7 -1
data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +29 -33
data/Plugins/Apps/Perplexica/Perplexica.container +25 -0
data/Plugins/Apps/Perplexica/Perplexica.lmm.rb +92 -0
data/Plugins/Apps/Perplexica/config.toml +26 -0
data/Plugins/Apps/Podman/Connection.rb +24 -0
data/Plugins/Apps/Podman/Podman.lmm.rb +80 -0
data/Plugins/Apps/Podman/storage.conf +6 -0
data/Plugins/Apps/Postfix/Postfix.lmm.rb +249 -145
data/Plugins/Apps/PostgreSQL/Connection.rb +97 -0
data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +204 -99
data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb +0 -3
data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb +0 -2
data/Plugins/Apps/Pterodactyl/Wings.conf.erb +0 -3
data/Plugins/Apps/RVM/RVM.lmm.rb +57 -0
data/Plugins/Apps/Roundcube/Roundcube.conf.erb +72 -0
data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +141 -0
data/Plugins/Apps/SSH/SSH.lmm.rb +9 -15
data/Plugins/Apps/SearXNG/SearXNG.container +22 -0
data/Plugins/Apps/SearXNG/SearXNG.lmm.rb +79 -0
data/Plugins/Apps/SearXNG/limiter.toml +40 -0
data/Plugins/Apps/SearXNG/settings.yml +2 -0
data/Plugins/Apps/SigNoz/Config/alerts.yml +11 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-config.yaml +110 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-opamp-config.yaml +1 -0
data/Plugins/Apps/SigNoz/Config/prometheus.yml +18 -0
data/Plugins/Apps/SigNoz/SigNoz-Collector.container +23 -0
data/Plugins/Apps/SigNoz/SigNoz-Migrator.container +17 -0
data/Plugins/Apps/SigNoz/SigNoz.conf.erb +61 -0
data/Plugins/Apps/SigNoz/SigNoz.container +26 -0
data/Plugins/Apps/SigNoz/SigNoz.lmm.rb +319 -0
data/Plugins/Apps/Solr/log4j2.xml +89 -0
data/Plugins/Apps/Solr/solr.lmm.rb +82 -0
data/Plugins/Apps/Sunshine/Sunshine.conf.erb +0 -3
data/Plugins/Apps/Sunshine/Sunshine.lmm.rb +0 -1
data/Plugins/Apps/Tunnel/tunnel.lmm.rb +59 -0
data/Plugins/Apps/Tunnel/tunnelTCP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelTCP.socket +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.socket +9 -0
data/Plugins/Apps/UVdesk/UVdesk.conf.erb +0 -3
data/Plugins/Apps/Umami/Umami.container +19 -0
data/Plugins/Apps/Umami/Umami.lmm.rb +108 -0
data/Plugins/Apps/Valkey/Valkey.lmm.rb +64 -20
data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +9 -6
data/Plugins/Apps/Vaultwarden/Vaultwarden.container +7 -1
data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +67 -28
data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +39 -0
data/Plugins/Apps/Wiki.js/Wiki.js.container +20 -0
data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +55 -0
data/Plugins/Apps/YaCy/YaCy.conf.erb +93 -0
data/Plugins/Apps/YaCy/YaCy.container +21 -0
data/Plugins/Apps/YaCy/YaCy.lmm.rb +160 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.container +24 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.lmm.rb +68 -0
data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb +0 -3
data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb +0 -1
data/Plugins/Apps/gollum/gollum.conf.erb +40 -4
data/Plugins/Apps/gollum/gollum.container +10 -1
data/Plugins/Apps/gollum/gollum.lmm.rb +56 -47
data/Plugins/Apps/llama.cpp/llama.cpp.container +28 -0
data/Plugins/Apps/llama.cpp/llama.cpp.lmm.rb +90 -0
data/Plugins/Apps/vLLM/vLLM.container +32 -0
data/Plugins/Apps/vLLM/vLLM.lmm.rb +89 -0
data/Plugins/OS/General/Utils.lmm.rb +26 -0
data/Plugins/OS/Linux/Connection.rb +472 -0
data/Plugins/OS/Linux/Debian/preseed.cfg.erb +81 -0
data/Plugins/OS/Linux/Distributions.yaml +32 -0
data/Plugins/OS/Linux/Flavours.yaml +24 -0
data/Plugins/OS/Linux/Grub/grub.cfg +10 -0
data/Plugins/OS/Linux/HTTP.rb +32 -0
data/Plugins/OS/Linux/Linux.lmm.rb +708 -174
data/Plugins/OS/Linux/Packages.yaml +67 -3
data/Plugins/OS/Linux/Proxmox/answer.toml.erb +30 -0
data/Plugins/OS/Linux/Services.yaml +8 -0
data/Plugins/OS/Linux/Shell.rb +70 -0
data/Plugins/OS/Linux/Syslinux/default +8 -0
data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +93 -40
data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +3 -0
data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb +29 -3
data/Plugins/OS/Linux/systemd/systemd.lmm.rb +13 -11
data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb +6 -5
data/Plugins/Platforms/GitHub.lmm.rb +73 -28
data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +10 -7
data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb +402 -0
data/Plugins/Platforms/Proxmox/XTerm.rb +321 -0
data/Plugins/Platforms/libvirt/libvirt.lmm.rb +41 -15
data/Plugins/Platforms/porkbun.lmm.rb +12 -2
data/Plugins/Platforms/porkbun_spec.rb +2 -2
data/Plugins/Services/DNS/AmberBit.lmm.rb +1 -1
data/Plugins/Services/DNS/ArubaItDNS.lmm.rb +1 -1
data/Plugins/Services/DNS/NICLV.lmm.rb +1 -1
data/Plugins/Services/DNS/PowerDNS.lmm.rb +130 -41
data/Plugins/Services/DNS/tonic.lmm.rb +22 -12
data/bootstrap.sh +41 -3
data/lib/ConfigLMM/Framework/plugins/dns.rb +4 -3
data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +187 -144
data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +54 -6
data/lib/ConfigLMM/Framework/plugins/plugin.rb +68 -140
data/lib/ConfigLMM/Framework/plugins/store.rb +4 -4
data/lib/ConfigLMM/Framework/variables.rb +75 -0
data/lib/ConfigLMM/Framework.rb +1 -0
data/lib/ConfigLMM/cli.rb +13 -5
data/lib/ConfigLMM/commands/cleanup.rb +1 -0
data/lib/ConfigLMM/commands/configsCommand.rb +38 -5
data/lib/ConfigLMM/commands/diff.rb +33 -9
data/lib/ConfigLMM/context.rb +22 -3
data/lib/ConfigLMM/io/configList.rb +85 -7
data/lib/ConfigLMM/io/connection.rb +143 -0
data/lib/ConfigLMM/io/dhcp.rb +330 -0
data/lib/ConfigLMM/io/http.rb +78 -0
data/lib/ConfigLMM/io/local.rb +207 -0
data/lib/ConfigLMM/io/pxe.rb +92 -0
data/lib/ConfigLMM/io/ssh.rb +156 -0
data/lib/ConfigLMM/io/tftp.rb +105 -0
data/lib/ConfigLMM/io.rb +2 -0
data/lib/ConfigLMM/secrets/envStore.rb +39 -0
data/lib/ConfigLMM/secrets/fileStore.rb +43 -0
data/lib/ConfigLMM/state.rb +12 -3
data/lib/ConfigLMM/version.rb +2 -1
data/lib/ConfigLMM.rb +1 -0
data/{Examples → scripts}/configlmmAuth.sh +7 -5
metadata +257 -9

data/Plugins/Apps/GitLab/GitLab.lmm.rb CHANGED Viewed

@@ -1,40 +1,46 @@
 module ConfigLMM
     module LMM
-        class GitLab < Framework::NginxApp
+        class GitLab < Framework::Plugin
             HOME_DIR = '/var/lib/gitlab'
+            IMAGE_ID = 'docker.io/gitlab/gitlab-ce:latest'
             def actionGitLabDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
-                    self.class.sshStart(uri) do |ssh|
-                        self.prepareConfig(target, ssh)
-                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
-                        self.class.sshExec!(ssh, "mkdir -p #{HOME_DIR}/config")
-                        self.class.sshExec!(ssh, "mkdir -p #{HOME_DIR}/logs")
-                        self.class.sshExec!(ssh, "mkdir -p #{HOME_DIR}/data")
-                        self.class.sshExec!(ssh, "mkdir -p #{HOME_DIR}/backups")
+                        linuxConnection.createDirs(options, "#{HOME_DIR}/config", "#{HOME_DIR}/logs", "#{HOME_DIR}/data", "#{HOME_DIR}/backups")
                         path = '/etc/containers/systemd'
-                        ssh.scp.upload!(__dir__ + '/GitLab.container', path)
-                        self.class.sshExec!(ssh, "systemctl daemon-reload")
-                        self.class.sshExec!(ssh, "systemctl start GitLab")
+                        linuxConnection.upload(__dir__ + '/GitLab.container', path, options)
+                        if !target.key?('Proxy') || target['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                nginxConnection.provisionProxy('http://127.0.0.1:18100', 'GitLab', target, activeState, context, options)
+                            end
+                        elsif target.key?('Proxy') && target['Proxy'] == false
+                            linuxConnection.fileReplace("#{path}/GitLab.container", 'PublishPort=127.0.0.1:18100:', 'PublishPort=0.0.0.0:18100:', options)
+                            linuxConnection.firewallAddPort('18100/tcp', options)
+                        end
-                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
-                        self.writeNginxConfig(__dir__, 'GitLab', id, target, state, context, options)
-                        self.deployNginxConfig(id, target, activeState, context, options)
-                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+                        linuxConnection.reloadServiceManager(options)
+                        linuxConnection.restartService('GitLab', options)
-                        configFile = '/var/lib/gitlab/config/gitlab.rb'
-                        while !self.class.remoteFilePresent?(configFile, ssh)
-                            sleep(2)
+                        configFile = HOME_DIR + '/config/gitlab.rb'
+                        if options['dry']
+                            linuxConnection.filePresent?(configFile, options)
+                        else
+                            counter = 200
+                            while !linuxConnection.filePresent?(configFile, options)
+                                counter -= 1
+                                raise "Timeout while waiting for #{configFile}!" if counter <= 0
+                                sleep(2)
+                            end
                         end
-                        updateRemoteFile(ssh, configFile, options, true) do |fileLines|
+                        linuxConnection.updateFile(configFile, options, true) do |fileLines|
                             fileLines << "external_url 'https://#{target['Domain']}'\n"
                             fileLines << "letsencrypt['enable'] = false\n"
                             fileLines << "nginx['listen_port'] = 80\n"
@@ -44,9 +50,9 @@ module ConfigLMM
                             fileLines << "mattermost_nginx['listen_port'] = 80\n"
                             fileLines << "mattermost_nginx['listen_https'] = false\n"
                             if target['SMTP']
-                                fileLines << "gitlab_rails['smtp_address'] = '#{target['SMTP']['HostName']}'\n"
+                                fileLines << "gitlab_rails['smtp_address'] = '#{target['SMTP']['Host']}'\n"
                                 fileLines << "gitlab_rails['smtp_port'] = '#{target['SMTP']['Port']}'\n"
-                                fileLines << "gitlab_rails['smtp_user_name'] = '#{target['SMTP']['User']}'\n"
+                                fileLines << "gitlab_rails['smtp_user_name'] = '#{target['SMTP']['Username']}'\n"
                                 if target['SMTP']['TLS']
                                     fileLines << "gitlab_rails['smtp_tls'] = true\n"
                                     fileLines << "gitlab_rails['smtp_openssl_verify_mode'] = 'peer'\n"
@@ -54,18 +60,31 @@ module ConfigLMM
                             end
                         end
-                        self.class.sshExec!(ssh, "systemctl restart GitLab")
+                        linuxConnection.restartService('GitLab', options)
                     end
-                else
-                    # TODO
                 end
             end
-            def prepareConfig(target, ssh)
-              raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
-              Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
-              self.class.prepareNginxConfig(target, ssh)
+            def cleanup(configs, state, context, options)
+                cleanupType(:GitLab, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        if item['Config']['Proxy'].nil? || item['Config']['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                nginxConnection.cleanupConfig('GitLab', context, options)
+                                nginxConnection.reload(options)
+                            end
+                        end
+                        linuxConnection.firewallRemovePort('18100/tcp', options)
+                        linuxConnection.stopService('GitLab', options)
+                        linuxConnection.rm('/etc/containers/systemd/GitLab.container', options[:dry])
+                        linuxConnection.exec("podman rmi #{IMAGE_ID}", true, options)
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+                        if options[:destroy]
+                            connection.rm('/var/lib/gitlab', options[:dry])
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
+                    end
+                end
             end
         end

data/Plugins/Apps/Homepage/Homepage.conf.erb ADDED Viewed

@@ -0,0 +1,86 @@
+server {
+    <% if config['NginxVersion'] >= 1.25 %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl;
+            listen  [::]:<%= config['Port'] %> ssl;
+            include config-lmm/ssl.conf;
+        <% end %>
+        http2 on;
+        http3 on;
+        quic_retry on;
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+    <% else %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl http2;
+            listen  [::]:<%= config['Port'] %> ssl http2;
+            include config-lmm/ssl.conf;
+        <% end %>
+    <% end %>
+    server_name <%= config['Domain'] %>;
+    <% if config['AuthentikDomain'].nil? %>
+        include config-lmm/private.conf;
+    <% end %>
+    include config-lmm/errors.conf;
+    <% if config['CertName'] %>
+        ssl_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/<%= config['CertName'] %>/privkey.pem";
+        ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
+    <% end %>
+    location / {
+        proxy_pass <%= config['Server'] %>;
+        <% if config['AuthentikDomain'] %>
+            error_page       401 = @authenticate;
+            include config-lmm/errors.conf;
+            auth_request     /outpost.goauthentik.io/auth/nginx;
+            # translate headers from the outposts back to the actual upstream
+            auth_request_set $authentik_username $upstream_http_x_authentik_username;
+            auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+            auth_request_set $authentik_email $upstream_http_x_authentik_email;
+            auth_request_set $authentik_name $upstream_http_x_authentik_name;
+            auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+            proxy_set_header REMOTE_USER $authentik_username;
+            proxy_set_header REMOTE_GROUPS $authentik_groups;
+            proxy_set_header REMOTE_EMAIL $authentik_email;
+            proxy_set_header REMOTE_NAME $authentik_name;
+            proxy_set_header REMOTE_UID $authentik_uid;
+        <% end %>
+        include config-lmm/proxy.conf;
+    }
+    <% if config['AuthentikDomain'] %>
+        location /outpost.goauthentik.io {
+            proxy_pass              https://<%= config['AuthentikDomain'] %>/outpost.goauthentik.io;
+            proxy_ssl_protocols     TLSv1.2 TLSv1.3;
+            proxy_set_header        X-Authentik-Host $host;
+            proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
+            proxy_pass_request_body off;
+            proxy_set_header        Content-Length "";
+        }
+        location @authenticate {
+            internal;
+            return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+        }
+    <% end %>
+}

data/Plugins/Apps/Homepage/Homepage.container ADDED Viewed

@@ -0,0 +1,19 @@
+[Unit]
+Description=Homepage container
+After=local-fs.target
+[Container]
+ContainerName=Homepage
+Image=ghcr.io/gethomepage/homepage:latest
+PublishPort=127.0.0.1:13400:3000
+LogDriver=journald
+AutoUpdate=registry
+Volume=/var/lib/homepage/config:/app/config
+[Service]
+TimeoutStartSec=3min
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Homepage/Homepage.lmm.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module ConfigLMM
+    module LMM
+        class Homepage < Framework::Plugin
+            NAME = 'Homepage'
+            USER = 'homepage'
+            HOME_DIR = '/var/lib/homepage'
+            def actionHomepageBuild(id, target, activeState, context, options)
+                Nginx.withConnection(local) do |nginxConnection|
+                    nginxConnection.writeConfig(__dir__, NAME, target, state, context, options)
+                end
+            end
+            def actionHomepageDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        if !target.key?('Proxy') || target['Proxy'] != 'only'
+                            Podman.ensurePresent(linuxConnection, options)
+                            Podman.createUser(USER, HOME_DIR, 'Homepage', linuxConnection, options)
+                            linuxConnection.withUserShell(USER) do |shell|
+                                shell.createDirs(options, '~/config')
+                            end
+                            configPath = './Homepage'
+                            configPath = target['ConfigPath'] if target['ConfigPath']
+                            Dir[configPath + '/*'].each do |file|
+                                linuxConnection.upload(file, HOME_DIR + '/config/', options)
+                            end
+                            path = Podman.containersPath(HOME_DIR)
+                            linuxConnection.upload(__dir__ + '/Homepage.container', path, options)
+                            if target.key?('Proxy') && target['Proxy'] == false
+                                linuxConnection.exec("sed -i 's|PublishPort=127.0.0.1:13400:|PublishPort=0.0.0.0:13400:|' #{path}/Homepage.container", false, options)
+                                linuxConnection.firewallAddPort('13400/tcp', options)
+                            end
+                            linuxConnection.reloadUserServices(USER, options)
+                            linuxConnection.restartUserService(USER, 'Homepage', options)
+                        end
+                        if !target.key?('Proxy') || !!target['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                target['ConfigName'] = target['Name']
+                                nginxConnection.provision(__dir__, NAME, target, activeState, context, options)
+                            end
+                        end
+                    end
+                end
+            end
+        end
+    end
+end

data/Plugins/Apps/IPFS/IPFS.conf.erb CHANGED Viewed

@@ -20,9 +20,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/ipfs.access.log;
-    error_log   /var/log/nginx/ipfs.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/IPFS/IPFS.lmm.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module ConfigLMM
             def actionIPFSDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb CHANGED Viewed

@@ -16,9 +16,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/influxdb.access.log;
-    error_log   /var/log/nginx/influxdb.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module ConfigLMM
             def actionInfluxDBDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Jackett/Jackett.conf.erb CHANGED Viewed

@@ -16,9 +16,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/jackett.access.log;
-    error_log   /var/log/nginx/jackett.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/Jackett/Jackett.lmm.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module ConfigLMM
             def actionJackettDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb CHANGED Viewed

@@ -17,9 +17,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/jellyfin.access.log;
-    error_log   /var/log/nginx/jellyfin.error.log;
     include config-lmm/errors.conf;
     include config-lmm/ssl.conf;

data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module ConfigLMM
             def actionJellyfinDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb ADDED Viewed

@@ -0,0 +1,78 @@
+module ConfigLMM
+    module LMM
+        class LetsEncrypt < Framework::LinuxApp
+            PACKAGE_NAME = 'CertBotNginx'
+            CONFIG_DIR = '/etc/letsencrypt/'
+            def actionLetsEncryptDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
+                        linuxConnection.upload(__dir__ + '/rfc2136.ini', CONFIG_DIR, options)
+                        linuxConnection.upload(__dir__ + '/renew-certificates.service', '/etc/systemd/system/', options)
+                        linuxConnection.upload(__dir__ + '/renew-certificates.timer', '/etc/systemd/system/', options)
+                        linuxConnection.createDirs(options, CONFIG_DIR + "renewal-hooks/deploy")
+                        target['Hooks'].to_a.each do |hook|
+                            linuxConnection.upload(__dir__ + '/hooks/' + hook + '.sh', "#{CONFIG_DIR}renewal-hooks/deploy/", options)
+                        end
+                        linuxConnection.exec("chmod +x #{CONFIG_DIR}renewal-hooks/deploy/*.sh", false, options)
+                        linuxConnection.fileReplace(CONFIG_DIR + 'rfc2136.ini', '\$IP', target['DNS']['IP'] , options)
+                        secretId, secretName = target['DNS']['SecretId'].to_s.split('.')
+                        key = nil
+                        key = context.secrets.load(secretId, secretName) if secretId && secretName
+                        key = context.secrets.load('LETSENCRYPT', 'DNS_SECRET') if key.nil?
+                        raise Framework::PluginProcessError.new('LetsEncrypt missing RFC2136 TSIG key! Specify DNS.SecretId or LETSENCRYPT_DNS_SECRET env variable') unless key
+                        linuxConnection.fileReplace(CONFIG_DIR + 'rfc2136.ini', '\$SECRET', key, options)
+                        linuxConnection.setPrivate(CONFIG_DIR + 'rfc2136.ini', options)
+                        if target['Domain']
+                            createCertificate('Wildcard', target['Domain'], target, linuxConnection, options)
+                        end
+                        target['Certificates'].to_h.each do |name, domains|
+                            createCertificate(name, domains, target, linuxConnection, options)
+                        end
+                        linuxConnection.reloadServiceManager(options)
+                        linuxConnection.ensureServiceAutoStart('renew-certificates.timer', options)
+                        linuxConnection.startService('renew-certificates.timer', options)
+                        target['Hooks'].to_a.each do |hook|
+                            linuxConnection.exec("#{CONFIG_DIR}renewal-hooks/deploy/#{hook}.sh", false, options)
+                        end
+                    end
+                end
+            end
+            def createCertificate(name, domains, target, connection, options)
+                return if connection.fileLink?("#{CONFIG_DIR}live/#{name}/fullchain.pem", options)
+                connection.exec("rm -rf #{CONFIG_DIR}live/#{name}", false, options)
+                domainList = []
+                domains = [domains] unless domains.is_a?(Array)
+                domains.each do |domain|
+                    domainList << '--domains "' + Addressable::IDNA.to_ascii(domain) + '"'
+                    if addBaseDomain?(domain, domains)
+                        domainList << '--domains "' + Addressable::IDNA.to_ascii(domain[2..-1]) + '"'
+                    end
+                end
+                extra = ''
+                extra = '--dns-rfc2136-propagation-seconds ' + target['DNS']['Propagation'].to_s if target['DNS']['Propagation']
+                connection.exec("certbot certonly --dns-rfc2136 --dns-rfc2136-credentials=#{CONFIG_DIR}rfc2136.ini #{extra} --non-interactive --agree-tos --email #{target['EMail']} --cert-name '#{name}' #{domainList.join(' ')}", false, options)
+            end
+            def addBaseDomain?(domain, domains)
+                return false unless domain.start_with?('*.')
+                match = '*.' + domain[2..-1].split('.')[1..].join('.')
+                return false if match == '*.' || domains.any? { |d| d.casecmp?(match) }
+                true
+            end
+        end
+    end
+end

data/Plugins/Apps/LetsEncrypt/hooks/dovecot.sh ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/sh
2	+ systemctl reload dovecot

data/Plugins/Apps/LetsEncrypt/hooks/nginx.sh ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/sh
2	+ systemctl reload nginx

data/Plugins/Apps/LetsEncrypt/hooks/postfix.sh ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/sh
2	+ systemctl reload postfix

data/Plugins/Apps/LetsEncrypt/renew-certificates.service ADDED Viewed

@@ -0,0 +1,7 @@
+[Unit]
+Description=Renew certificates
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew

data/Plugins/Apps/LetsEncrypt/renew-certificates.timer ADDED Viewed

@@ -0,0 +1,12 @@
+[Unit]
+Description=Renew certificates
+[Timer]
+OnCalendar=*-*-1/2 04:20
+AccuracySec=12h
+RandomizedDelaySec=24h
+Persistent=true
+[Install]
+WantedBy=timers.target

data/Plugins/Apps/LetsEncrypt/rfc2136.ini ADDED Viewed

@@ -0,0 +1,11 @@
+# Target DNS server
+dns_rfc2136_server = $IP
+# Target DNS port
+dns_rfc2136_port = 53
+# TSIG key name
+dns_rfc2136_name = configlmm.
+# TSIG key secret
+dns_rfc2136_secret = $SECRET
+# TSIG key algorithm
+dns_rfc2136_algorithm = HMAC-SHA512

data/Plugins/Apps/LibreTranslate/LibreTranslate.container ADDED Viewed

@@ -0,0 +1,21 @@
+[Unit]
+Description=LibreTranslate container
+After=local-fs.target
+[Container]
+ContainerName=LibreTranslate
+Image=docker.io/libretranslate/libretranslate:latest
+Exec=--host 0.0.0.0 $ARGS
+PublishPort=127.0.0.1:15100:5000
+UserNS=keep-id:uid=1032,gid=1032
+Volume=/var/lib/libretranslate/.local:/home/libretranslate/.local
+LogDriver=journald
+AutoUpdate=registry
+[Service]
+TimeoutStartSec=32min
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module ConfigLMM
+    module LMM
+        class LibreTranslate < Framework::Plugin
+            USER = 'libretranslate'
+            HOME_DIR = '/var/lib/libretranslate'
+            def actionLibreTranslateDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        Podman.ensurePresent(linuxConnection, options)
+                        Podman.createUser(USER, HOME_DIR, 'LibreTranslate', linuxConnection, options)
+                        path = Podman.containersPath(HOME_DIR)
+                        linuxConnection.upload(__dir__ + '/LibreTranslate.container', path, options)
+                        args = ['--metrics']
+                        linuxConnection.fileReplace("#{path}/LibreTranslate.container", '\$ARGS', args.join(' '), options)
+                        if target['Listen']
+                            linuxConnection.fileReplace("#{path}/LibreTranslate.container", '127.0.0.1', target['Listen'], options)
+                        end
+                        linuxConnection.reloadUserServices(USER, options)
+                        linuxConnection.restartUserService(USER, 'LibreTranslate', options)
+                    end
+                end
+            end
+        end
+    end
+end

data/Plugins/Apps/Lobsters/Containerfile ADDED Viewed

@@ -0,0 +1,81 @@
+# Use an official Ruby image as a base
+ARG RUBY_VERSION
+FROM ruby:${RUBY_VERSION} AS base
+# Install base packages
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 mariadb-client sendmail vim && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+# Latest releases available at https://github.com/aptible/supercronic/releases
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.33/supercronic-linux-amd64 \
+    SUPERCRONIC_SHA1SUM=71b0d58cc53f6bd72cf2f293e09e294b79c666d8 \
+    SUPERCRONIC=supercronic-linux-amd64
+RUN curl -fsSLO "$SUPERCRONIC_URL" \
+ && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+ && chmod +x "$SUPERCRONIC" \
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+ENV BUNDLE_DEPLOYMENT="1" BUNDLE_PATH="/usr/local/bundle" BUNDLE_WITHOUT="development"
+# Throw-away build stage to reduce size of final image
+FROM base AS build
+# Install packages needed to build gems
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libyaml-dev pkg-config && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+# Set working directory
+WORKDIR /lobsters
+COPY . .
+# Install application gems
+RUN bundle install && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+RUN mkdir -p /srv/lobste.rs/log && \
+    ln -sf /lobsters /srv/lobste.rs/http
+# Temporary generate secrets
+RUN RAILS_ENV=production ./bin/rails credentials:edit
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE_DUMMY=1 RAILS_ENV=production ./bin/rails assets:precompile
+# Remove secrets
+RUN rm -rf ./config/credentials.yml.enc ./config/master.key ./config/database.yml ./tmp/* /srv/lobste.rs/log/*
+# Final stage for app image
+FROM base
+WORKDIR /lobsters
+# Copy built artifacts: gems, application
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /lobsters /lobsters
+COPY --from=build /srv/lobste.rs /srv/lobste.rs
+COPY crontab /etc/
+RUN ln -sf /config/master.key /lobsters/config/master.key && \
+    ln -sf /config/credentials.yml.enc /lobsters/config/credentials.yml.enc && \
+    ln -sf /config/database.yml /lobsters/config/database.yml
+RUN mv /lobsters/public /lobsters/public_source && ln -sf /srv/lobsters/public /lobsters/public
+# Run and own only the runtime files as a non-root user for security
+RUN groupadd --system --gid 1000 lobsters && \
+    useradd lobsters --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
+    chown -R lobsters:lobsters /lobsters/tmp /srv/lobste.rs/log
+ENV LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
+# Expose port for Rails server
+EXPOSE 9292
+ENTRYPOINT ["/lobsters/entrypoint.sh"]
+CMD ["server"]