ConfigLMM 0.4.0 → 0.5.0

data/Plugins/Apps/Umami/Umami.lmm.rb

@@ -0,0 +1,108 @@
+
+module ConfigLMM
+    module LMM
+        class Umami < Framework::Plugin
+
+            USER = 'umami'
+            HOME_DIR = '/var/lib/umami'
+            HOST_IP = '10.0.2.2'
+
+            def actionUmamiDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') if (!target.key?('Proxy') || target['Proxy']) && !target['Domain']
+
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        if !target.key?('Proxy') || target['Proxy'] == false
+                            dbUser, dbPassword = self.configurePostgreSQL(target, linuxConnection, context, options)
+                            Podman.ensurePresent(linuxConnection, options)
+                            Podman.createUser(USER, HOME_DIR, 'Umami', linuxConnection, options)
+
+                            path = Podman.containersPath(HOME_DIR)
+
+                            dbHost = target['Database']['HostName']
+                            dbPort = target['Database']['Port']
+                            linuxConnection.fileWrite("#{path}/Umami.env", "DATABASE_URL=postgresql://#{dbUser}:#{dbPassword}@#{dbHost}:#{dbPort}/#{dbUser}", { **options, hide: true })
+
+                            linuxConnection.setUserGroup("#{path}/Umami.env", USER, USER, options)
+                            linuxConnection.setPrivate("#{path}/Umami.env", options)
+
+                            linuxConnection.upload(__dir__ + '/Umami.container', path, options)
+                        end
+
+                        if !target.key?('Proxy') || target['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                 nginxConnection.provisionProxy('http://127.0.0.1:13300', 'Umami', target, activeState, context, options)
+                            end
+                        elsif target.key?('Proxy') && target['Proxy'] == false
+                            linuxConnection.fileReplace("#{path}/Umami.container", 'PublishPort=127.0.0.1:13300:', 'PublishPort=0.0.0.0:13300:', options)
+                            linuxConnection.firewallAddPort('13300/tcp', options)
+                        end
+
+                        if !target.key?('Proxy') || target['Proxy'] == false
+                            linuxConnection.reloadUserServices(USER, options)
+                            linuxConnection.restartUserService(USER, 'Umami', options)
+                        end
+                    end
+                end
+            end
+
+            def configurePostgreSQL(target, linuxConnection, context, options)
+                target['Database'] ||= {}
+                target['Database']['Type'] = 'pgsql'
+                PostgreSQL.defaults(target['Database'])
+                username = target['Database']['Username'] || context.secrets.load(target['SecretId'], 'POSTGRESQL_USERNAME') || USER
+                context.secrets.store(target['SecretId'], 'POSTGRESQL_USERNAME', username)
+                password = context.secrets.load(target['SecretId'], 'POSTGRESQL_PASSWORD')
+                if password.nil?
+                    password = SecureRandom.alphanumeric(20)
+                    context.secrets.store(target['SecretId'], 'POSTGRESQL_PASSWORD', password)
+                end
+                PostgreSQL.withConnection(target['Database'], linuxConnection) do |postgres|
+                    postgres.createUserAndDB(username, password, options)
+                end
+                if target['Database']['HostName'] == 'localhost'
+                    target['Database']['HostName'] = HOST_IP
+                end
+                [username, password]
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:Umami, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        if !item['Config'].key?('Proxy') || item['Config']['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                nginxConnection.cleanupConfig('Umami', context, options)
+                                nginxConnection.reload(connection, options[:dry])
+                            end
+                        elsif item['Config'].key?('Proxy') && item['Config']['Proxy'] == false
+                            linuxConnection.firewallRemovePort('13300/tcp', connection, options)
+                        end
+
+                        if !item['Config'].key?('Proxy') || item['Config']['Proxy'] == false
+                            linuxConnection.stopUserService(USER, 'Umami', options)
+
+                            path = Podman.containersPath(HOME_DIR)
+                            linuxConnection.rm(path + '/Umami.container', options[:dry])
+                        end
+
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                        if options[:destroy]
+                            if !item['Config'].key?('Proxy') || item['Config']['Proxy'] == false
+                                if item['Config']['Database']['Type'] == 'pgsql'
+                                    username = context.secrets.load(target['SecretId'], 'POSTGRESQL_USERNAME') || USER
+                                    PostgreSQL.withConnection(settings, linuxConnection) do |postgres|
+                                        postgres.dropUserAndDB(item['Config']['Database'], username, options)
+                                    end
+                                end
+                                linuxConnection.deleteUserAndGroup(USER, options)
+                            end
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
+                    end
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Valkey/Valkey.lmm.rb

@@ -1,3 +1,4 @@
+require 'uri'
 
 module ConfigLMM
     module LMM
@@ -7,16 +8,14 @@ module ConfigLMM
             PID_FILE = '/run/redis/redis.pid'
 
             def actionValkeyDeploy(id, target, activeState, context, options)
-                self.ensurePackage(PACKAGE_NAME, target['Location'])
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
 
-                serviceName = 'redis'
-
-                if target['Location'] && target['Location'] != '@me'
-                    self.class.sshStart(target['Location']) do |ssh|
-                        distroId = self.class.distroID(ssh)
-                        if distroId == SUSE_ID
+                        serviceName = 'redis'
+                        if linuxConnection.distroID == SUSE_ID
                             serviceName = 'redis@redis'
-                            self.class.sshExec!(ssh, "touch #{CONFIG_FILE}")
+                            linuxConnection.exec("touch #{CONFIG_FILE}", false, options)
 
                             target['Settings'] ||= {}
                             target['Settings']['pidfile'] = PID_FILE
@@ -24,15 +23,19 @@ module ConfigLMM
                             target['Settings']['dir'] = '/var/lib/redis/default/'
                         end
 
-                        if ENV[id + '-VALKEY_PASSWORD']
-                            target['Settings']['requirepass'] = ENV[id + '-VALKEY_PASSWORD']
-                        elsif ENV['VALKEY_PASSWORD']
-                            target['Settings']['requirepass'] = ENV['VALKEY_PASSWORD']
+                        password = context.secrets.load(target['SecretId'], 'VALKEY_PASSWORD')
+                        if password.nil?
+                            password = SecureRandom.urlsafe_base64(20)
+                            context.secrets.store(target['SecretId'], 'VALKEY_PASSWORD', password)
+                        end
+
+                        if !password.empty? && password != 'no' && target['Password'] != false
+                            target['Settings']['requirepass'] = password
                         end
 
                         if target['Settings']
                             target['Settings']['bind'] = '127.0.0.1' unless target['Settings']['bind']
-                            updateRemoteFile(ssh, CONFIG_FILE, options, false) do |configLines|
+                            linuxConnection.updateFile(CONFIG_FILE, options, false) do |configLines|
                                 target['Settings'].each do |name, value|
                                     configLines << "#{name} #{value}\n"
                                 end
@@ -40,48 +43,57 @@ module ConfigLMM
                             end
                         end
 
-                        self.class.exec("chgrp redis #{CONFIG_FILE}", ssh)
-                        self.class.exec("chmod 640 #{CONFIG_FILE}", ssh)
-                    end
-                else
-                    if target['Settings']
-                        `touch #{CONFIG_FILE}`
-                        updateLocalFile(CONFIG_FILE, options) do |configLines|
-                            target['Settings'].each do |name, value|
-                                configLines << "#{name} #{value}\n"
-                            end
-                            configLines
-                        end
-                    end
-                    self.class.exec("chgrp redis #{CONFIG_FILE}", ssh)
-                    self.class.exec("chmod 640 #{CONFIG_FILE}", nil)
-                end
+                        target['Settings']['requirepass'] = '<REDACTED>' if target['Settings']['requirepass']
 
-                self.ensureServiceAutoStart(serviceName, target['Location'])
-                self.startService(serviceName, target['Location'])
+                        linuxConnection.setUserGroup(CONFIG_FILE, 'redis', nil, options)
+                        linuxConnection.setPrivate(CONFIG_FILE, options)
 
-                activeState['Status'] = State::STATUS_DEPLOYED
+                        linuxConnection.ensureServiceAutoStart(serviceName, options)
+                        linuxConnection.restartService(serviceName, options)
+                    end
+                end
             end
 
             def cleanup(configs, state, context, options)
-                cleanupType(:Valkey, configs, state, context, options) do |item, id, state, context, options, ssh|
-                    serviceName = 'redis'
-                    distroId = self.class.distroID(ssh)
-                    serviceName = 'redis@redis' if distroId == SUSE_ID
+                cleanupType(:Valkey, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        serviceName = 'redis'
+                        serviceName = 'redis@redis' if linuxConnection.distroID == SUSE_ID
 
-                    Framework::LinuxApp.stopService(serviceName, ssh, options[:dry])
-                    Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
+                        linuxConnection.stopService(serviceName, options)
+                        linuxConnection.removePackage(PACKAGE_NAME, options)
 
-                    state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
 
-                    if options[:destroy]
-                        rm('/etc/redis', options[:dry], ssh)
+                        if options[:destroy]
+                            linuxConnection.rm('/etc/redis', options[:dry])
 
-                        state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
                     end
                 end
             end
 
+            def self.connectionURL(params)
+                args = { scheme: 'redis', host: params[:host].to_s, path: '/' }
+                args[:scheme] += 's' if params[:ssl]
+                args[:path] += params[:db] if params[:db]
+
+                if args[:host].include?(':')
+                    args[:host], args[:port] = args[:host].split(':')
+                end
+
+                userinfo = ''
+                if params[:username]
+                    userinfo = URI.encode_uri_component(params[:username])
+                end
+                if params.key?(:password) && !params[:password].nil?
+                    userinfo += ':' + URI.encode_uri_component(params[:password])
+                end
+                args[:userinfo] = userinfo unless userinfo.empty?
+
+                URI::Generic.build(args).to_s
+            end
         end
 
     end

data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb

@@ -1,5 +1,5 @@
 
-upstream vaultwarden {
+upstream <%= config['Name'] %> {
     <% if config['Server'] %>
         server <%= config['Server'] %>;
     <% else %>
@@ -38,19 +38,22 @@ server {
 
     server_name <%= config['Domain'] %>;
 
+    <% if config['CertName'] %>
+        ssl_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/<%= config['CertName'] %>/privkey.pem";
+        ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
+    <% end %>
+
     <% if config['Private'] %>
         include config-lmm/private.conf;
     <% end %>
 
-    access_log  /var/log/nginx/vaultwarden.access.log;
-    error_log   /var/log/nginx/vaultwarden.error.log;
-
     client_max_body_size 200M;
 
-    include config-lmm/errors.conf;
+    include config-lmm/gateway-errors.conf;
 
     location / {
-        proxy_pass http://vaultwarden;
+        proxy_pass http://<%= config['Name'] %>;
         include config-lmm/proxy.conf;
     }
 

data/Plugins/Apps/Vaultwarden/Vaultwarden.container

@@ -3,7 +3,7 @@ Description=vaultwarden container
 After=local-fs.target
 
 [Container]
-AutoUpdate=registry
+ContainerName=Vaultwarden
 Image=ghcr.io/dani-garcia/vaultwarden:latest
 Exec=/start.sh
 EnvironmentFile=/var/lib/vaultwarden/.config/containers/systemd/Vaultwarden.env
@@ -11,6 +11,12 @@ Network=slirp4netns:allow_host_loopback=true
 PublishPort=0.0.0.0:18000:8000
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/vaultwarden/data/:/data/
+LogDriver=journald
+AutoUpdate=registry
+
+[Service]
+TimeoutStartSec=6min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb

@@ -1,9 +1,11 @@
 
 require 'fileutils'
+require 'argon2'
+require 'securerandom'
 
 module ConfigLMM
     module LMM
-        class Vaultwarden < Framework::NginxApp
+        class Vaultwarden < Framework::Plugin
 
             NAME = 'Vaultwarden'
             USER = 'vaultwarden'
@@ -11,7 +13,9 @@ module ConfigLMM
             SERVICE_PORT = '18000'
 
             def actionVaultwardenBuild(id, target, state, context, options)
-                writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                Nginx.withConnection(local) do |nginxConnection|
+                    nginxConnection.writeConfig(__dir__, NAME, target, state, context, options)
+                end
             end
 
             def actionVaultwardenDiff(id, target, activeState, context, options)
@@ -19,47 +23,78 @@ module ConfigLMM
             end
 
             def actionVaultwardenDeploy(id, target, activeState, context, options)
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    self.class.sshStart(uri) do |ssh|
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
                         if !target.key?('Proxy') || target['Proxy'] != 'only'
-                            distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
-                            Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Vaultwarden', distroInfo, ssh)
-                            self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/data'")
-                            path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
-                            self.class.sshExec!(ssh, "echo 'ROCKET_PORT=8000' > #{path}/Vaultwarden.env")
+
+                            Podman.ensurePresent(linuxConnection, options)
+                            Podman.createUser(USER, HOME_DIR, 'Vaultwarden', linuxConnection, options)
+                            linuxConnection.withUserShell(USER) do |shell|
+                                shell.createDirs(options, '~/data')
+                            end
+
+                            path = Podman.containersPath(HOME_DIR)
+                            linuxConnection.fileWrite("#{path}/Vaultwarden.env", 'ROCKET_PORT=8000', options)
                             if target['Domain']
-                                self.class.sshExec!(ssh, "echo 'DOMAIN=https://#{target['Domain']}' >> #{path}/Vaultwarden.env")
+                                linuxConnection.fileAppend("#{path}/Vaultwarden.env", "DOMAIN=https://#{target['Domain']}", options)
                             end
                             target['Signups'] = false unless target['Signups']
-                            self.class.sshExec!(ssh, "echo 'SIGNUPS_ALLOWED=#{target['Signups'].to_s}' >> #{path}/Vaultwarden.env")
+                            linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SIGNUPS_ALLOWED=#{target['Signups'].to_s}", options)
                             if target.key?('Invitations')
-                                self.class.sshExec!(ssh, "echo 'INVITATIONS_ALLOWED=#{target['Invitations'].to_s}' >> #{path}/Vaultwarden.env")
+                                linuxConnection.fileAppend("#{path}/Vaultwarden.env", "INVITATIONS_ALLOWED=#{target['Invitations'].to_s}", options)
                             end
-                            if ENV.key?('VAULTWARDEN_ADMIN_TOKEN')
-                                token = ENV['VAULTWARDEN_ADMIN_TOKEN']
-                                token = SecureRandom.alphanumeric(40) if token.empty?
-                                self.class.sshExec!(ssh, "echo 'ADMIN_TOKEN=#{token}' >> #{path}/Vaultwarden.env")
+                            adminToken = context.secrets.load(target['SecretId'], 'VAULTWARDEN_ADMIN_TOKEN')
+                            if !adminToken
+                                adminToken = SecureRandom.alphanumeric(40)
+                                context.secrets.store(target['SecretId'], 'VAULTWARDEN_ADMIN_TOKEN', adminToken)
+                            end
+
+                            adminTokenHash = Argon2::Password.new(profile: :rfc_9106_low_memory).create(adminToken)
+                            linuxConnection.fileAppend("#{path}/Vaultwarden.env", "ADMIN_TOKEN=#{adminTokenHash}", { **options, hide: true })
+
+
+                            if target['SMTP']
+                                host = target['SMTP']['Host']
+                                host = HOST_IP if host.to_s.empty? || ['localhost', '127.0.0.1'].include?(host)
+
+                                linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_HOST=#{host}", options)
+                                if target['SMTP']['Port']
+                                    linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_PORT=#{target['SMTP']['Port']}", options)
+                                end
+
+                                raise 'SMTP.FromAddress must be set!' unless target['SMTP']['FromAddress']
+                                linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_FROM=#{target['SMTP']['FromAddress']}", options)
+
+                                if target['SMTP']['Username']
+                                    linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_USERNAME=#{target['SMTP']['Username']}", options)
+                                end
+
+                                if target['SMTP']['SecretId']
+                                    smtpPassword = context.secrets.load(target['SMTP']['SecretId'], target['SMTP']['Username'].upcase + '_PASSWORD')
+                                    linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_PASSWORD=#{smtpPassword}", { **options, hide: true })
+                                end
+
+                                if target['SMTP']['Port'] == 465
+                                    linuxConnection.fileAppend("#{path}/Vaultwarden.env", "SMTP_SECURITY=force_tls", options)
+                                end
                             end
-                            self.class.sshExec!(ssh, "chown #{USER}:#{USER} #{path}/Vaultwarden.env")
-                            self.class.sshExec!(ssh, "chmod 600 #{path}/Vaultwarden.env")
 
-                            ssh.scp.upload!(__dir__ + '/Vaultwarden.container', path)
-                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
-                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start Vaultwarden")
+                            linuxConnection.setUserGroup("#{path}/Vaultwarden.env", USER, USER, options)
+                            linuxConnection.setPrivate("#{path}/Vaultwarden.env", options)
+                            linuxConnection.upload(__dir__ + '/Vaultwarden.container', path, options)
+                            linuxConnection.reloadUserServices(USER, options)
+                            linuxConnection.restartUserService(USER, 'Vaultwarden', options)
                             if target['Proxy'] != 'only'
-                                Framework::LinuxApp.firewallAddPortOverSSH(SERVICE_PORT + '/tcp', ssh)
+                                linuxConnection.firewallAddPort(SERVICE_PORT + '/tcp', options)
                             end
                         end
                         if !target.key?('Proxy') || !!target['Proxy']
-                            self.class.prepareNginxConfig(target, ssh)
-                            writeNginxConfig(__dir__, NAME, id, target, state, context, options)
-                            deployNginxConfig(id, target, activeState, context, options)
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                target['ConfigName'] = target['Name']
+                                nginxConnection.provision(__dir__, NAME, target, activeState, context, options)
+                            end
                         end
                     end
-                else
-                    # TODO
-                    activeState['Location'] = '@me'
                 end
             end
 

data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb

@@ -22,10 +22,7 @@ server {
 
     server_name <%= config['Domain'] %>;
 
-    access_log  /var/log/nginx/wikijs.access.log;
-    error_log   /var/log/nginx/wikijs.error.log;
-
-    include config-lmm/errors.conf;
+    include config-lmm/gateway-errors.conf;
     include config-lmm/security.conf;
 
     location / {

data/Plugins/Apps/Wiki.js/Wiki.js.container

@@ -4,12 +4,17 @@ Description=Wiki.js container
 After=local-fs.target
 
 [Container]
+ContainerName=WikiJS
 Image=docker.io/requarks/wiki:latest
 EnvironmentFile=/var/lib/wikijs/.config/containers/systemd/Wiki.js.env
 Network=slirp4netns:allow_host_loopback=true
 PublishPort=127.0.0.1:13200:3000
 UserNS=keep-id:uid=1000,gid=1000
+LogDriver=journald
 AutoUpdate=registry
 
+[Service]
+Restart=on-failure
+
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb

@@ -1,7 +1,7 @@
 
 module ConfigLMM
     module LMM
-        class WikiJS < Framework::NginxApp
+        class WikiJS < Framework::Plugin
 
             USER = 'wikijs'
             HOME_DIR = '/var/lib/wikijs'
@@ -11,51 +11,45 @@ module ConfigLMM
                 raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
 
                 target['Database'] ||= {}
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-
-                    self.class.sshStart(uri) do |ssh|
-
-                        dbPassword = self.configurePostgreSQL(target['Database'], ssh)
-                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
-                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Wiki.js', distroInfo, ssh)
-
-                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
-                        self.class.exec("echo 'DB_TYPE=postgres' > #{path}/Wiki.js.env", ssh)
-                        self.class.exec("echo 'DB_HOST=#{HOST_IP}' >> #{path}/Wiki.js.env", ssh)
-                        self.class.exec("echo 'DB_PORT=5432' >> #{path}/Wiki.js.env", ssh)
-                        self.class.exec("echo 'DB_USER=#{USER}' >> #{path}/Wiki.js.env", ssh)
-                        self.class.exec("echo 'DB_NAME=#{USER}' >> #{path}/Wiki.js.env", ssh)
-                        self.class.exec(" echo 'DB_PASS=#{dbPassword}' >> #{path}/Wiki.js.env", ssh)
-
-                        self.class.exec("chown #{USER}:#{USER} #{path}/Wiki.js.env", ssh)
-                        self.class.exec("chmod 600 #{path}/Wiki.js.env", ssh)
-
-                        ssh.scp.upload!(__dir__ + '/Wiki.js.container', path)
-                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
-                        self.class.exec("systemctl --user --machine=#{USER}@ restart Wiki.js", ssh)
-
-                        Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
-                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
-                        self.class.prepareNginxConfig(target, ssh)
-                        self.writeNginxConfig(__dir__, 'Wiki.js', id, target, state, context, options)
-                        self.deployNginxConfig(id, target, activeState, context, options)
-                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        target['Database'] ||= {}
+                        dbPassword = self.configurePostgreSQL(target['Database'], linuxConnection, options)
 
+                        Podman.ensurePresent(linuxConnection, options)
+                        Podman.createUser(USER, HOME_DIR, 'Wiki.js', linuxConnection, options)
+
+                        path = Podman.containersPath(HOME_DIR)
+                        linuxConnection.fileWrite("#{path}/Wiki.js.env", 'DB_TYPE=postgres', options)
+                        linuxConnection.fileAppend("#{path}/Wiki.js.env", "DB_HOST=#{HOST_IP}", options)
+                        linuxConnection.fileAppend("#{path}/Wiki.js.env", "DB_PORT=5432", options)
+                        linuxConnection.fileAppend("#{path}/Wiki.js.env", "DB_USER=#{USER}", options)
+                        linuxConnection.fileAppend("#{path}/Wiki.js.env", "DB_NAME=#{USER}", options)
+                        linuxConnection.fileAppend("#{path}/Wiki.js.env", "DB_PASS=#{dbPassword}", { **options, hide: true })
+
+                        linuxConnection.setUserGroup("#{path}/Wiki.js.env", USER, USER, options)
+                        linuxConnection.setPrivate("#{path}/Wiki.js.env", options)
+
+                        linuxConnection.upload(__dir__ + '/Wiki.js.container', path, options)
+
+                        linuxConnection.reloadUserServices(USER, options)
+                        linuxConnection.restartUserService(USER, 'Wiki.js', options)
+
+                        Nginx.withConnection(linuxConnection) do |nginxConnection|
+                            nginxConnection.provision(__dir__, 'Wiki.js', target, activeState, context, options)
+                        end
                     end
-                else
-                    # TODO
                 end
             end
 
-            def configurePostgreSQL(settings, ssh)
+            def configurePostgreSQL(dbSettings, linuxConnection, options)
                 password = SecureRandom.alphanumeric(20)
-                PostgreSQL.createRemoteUserAndDBOverSSH(settings, USER, password, ssh)
+                PostgreSQL.withConnection(dbSettings, linuxConnection) do |postgresConnection|
+                    postgresConnection.createUserAndDB(USER, password, options)
+                end
                 password
             end
 
         end
     end
 end
-