ConfigLMM 0.4.0 → 0.5.0

data/Plugins/Apps/Dovecot/Dovecot.lmm.rb

@@ -1,3 +1,4 @@
+require 'addressable/idna'
 
 module ConfigLMM
     module LMM
@@ -9,40 +10,35 @@ module ConfigLMM
             EMAIL_USER = 'email'
 
             def actionDovecotDeploy(id, target, activeState, context, options)
-                plugins[:Linux].ensurePackage(PACKAGE_NAME, target['Location'])
-                plugins[:Linux].ensureServiceAutoStart(SERVICE_NAME, target['Location'])
-
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-
-                    self.class.sshStart(uri) do |ssh|
-                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
-                        addUserCmd = "#{distroInfo['CreateServiceUser']} --home-dir '#{EMAIL_HOME}' --create-home --comment 'Dovecot EMail' #{EMAIL_USER}"
-                        self.class.sshExec!(ssh, addUserCmd, true)
-                        uid = self.class.sshExec!(ssh, "id -u #{EMAIL_USER}").strip
-
-                        cmd = "sed -i 's|^#mail_uid =.*|mail_uid = #{uid}|' #{DOVECOT_DIR}conf.d/10-mail.conf"
-                        self.class.sshExec!(ssh, cmd)
-                        cmd = "sed -i 's|^#mail_gid =.*|mail_gid = #{uid}|' #{DOVECOT_DIR}conf.d/10-mail.conf"
-                        self.class.sshExec!(ssh, cmd)
-                        cmd = "sed -i 's|^#mail_location =.*|mail_location = maildir:~/Mail|' #{DOVECOT_DIR}conf.d/10-mail.conf"
-                        self.class.sshExec!(ssh, cmd)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
+                        linuxConnection.ensureServiceAutoStart(SERVICE_NAME, options)
+
+                        linuxConnection.createServiceUser(EMAIL_USER, EMAIL_HOME, 'Dovecot EMail', options)
+
+                        uid = linuxConnection.exec("id -u #{EMAIL_USER}", false, options).strip
+
+
+                        linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-mail.conf", '^#mail_uid =.*', "mail_uid = #{uid}", options)
+                        linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-mail.conf", '^#mail_gid =.*', "mail_gid = #{uid}", options)
+                        linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-mail.conf", '^#mail_location =.*', "mail_location = maildir:~/Mail", options)
 
                         if !target['Protocols'].to_a.empty?
-                            updateRemoteFile(ssh, DOVECOT_DIR + 'dovecot.conf', options) do |configLines|
+                            linuxConnection.updateFile(DOVECOT_DIR + 'dovecot.conf', options) do |configLines|
                                 configLines << "protocols = #{target['Protocols'].join(' ')}\n"
                             end
                         end
 
-                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-mail.conf', options) do |configLines|
+                        linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/10-mail.conf', options) do |configLines|
                             configLines << "mail_home = #{EMAIL_HOME}/emails/%u\n"
                             configLines << "first_valid_uid = #{uid}\n"
                             configLines << "last_valid_uid = #{uid}\n"
                         end
 
-                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/10-master.conf', 'service lmtp', options, ssh)
-                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-master.conf', options) do |configLines|
+                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/10-master.conf', 'service lmtp', options, linuxConnection)
+                        linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/10-master.conf', options) do |configLines|
                             configLines << "service lmtp {\n"
                             configLines << "    unix_listener lmtp {\n"
                             configLines << "        user = postfix\n"
@@ -52,9 +48,12 @@ module ConfigLMM
                             configLines << "}\n"
                         end
 
-                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/15-mailboxes.conf', 'namespace inbox', options, ssh)
-                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/15-mailboxes.conf', options) do |configLines|
+                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/15-mailboxes.conf', 'namespace inbox', options, linuxConnection)
+                        linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/15-mailboxes.conf', options) do |configLines|
                             configLines << "namespace inbox {\n"
+                            configLines << "    mailbox INBOX {\n"
+                            configLines << "        auto = subscribe\n"
+                            configLines << "    }\n"
                             configLines << "    mailbox Drafts {\n"
                             configLines << "        special_use = \\Drafts\n"
                             configLines << "        auto = subscribe\n"
@@ -74,16 +73,14 @@ module ConfigLMM
                             configLines << "}\n"
                         end
 
-                        Framework::LinuxApp.firewallAddService('imaps', ssh)
+                        linuxConnection.firewallAddService('imaps', options)
 
-                        cmd = "sed -i 's|^!include auth-system.conf.ext|#!include auth-system.conf.ext|' #{DOVECOT_DIR}conf.d/10-auth.conf"
-                        self.class.sshExec!(ssh, cmd)
+                        linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-auth.conf", '^!include auth-system.conf.ext', "#!include auth-system.conf.ext", options)
 
                         if target['OAuth2']
-                            cmd = "sed -i 's|auth_mechanisms =.*|auth_mechanisms = xoauth2 oauthbearer|' #{DOVECOT_DIR}conf.d/10-auth.conf"
-                            self.class.sshExec!(ssh, cmd)
+                            linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-auth.conf", 'auth_mechanisms =.*', "auth_mechanisms = xoauth2 oauthbearer", options)
 
-                            updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
+                            linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
                                 configLines << "userdb {\n"
                                 configLines << "    driver = static\n"
                                 configLines << "    args = allow_all_users=yes\n"
@@ -95,7 +92,7 @@ module ConfigLMM
                                 configLines << "}\n"
                             end
 
-                            updateRemoteFile(ssh, DOVECOT_DIR + 'dovecot-oauth2.conf.ext', options) do |configLines|
+                            linuxConnection.updateFile(DOVECOT_DIR + 'dovecot-oauth2.conf.ext', options) do |configLines|
                                 # Need v2.3.16+
                                 #configLines << "openid_configuration_url = #{target['OAuth2']['OIDC']}\n"
                                 if target['OAuth2']['TokenInfo']
@@ -104,18 +101,24 @@ module ConfigLMM
                                 if target['OAuth2']['Introspection']
                                     configLines << "introspection_url = #{target['OAuth2']['Introspection']}\n"
                                 end
-                                if target['OAuth2']['ClientID']
-                                    configLines << "client_id = #{target['OAuth2']['ClientID']}\n"
+
+                                secretId = target['OAuth2']['SecretId']
+                                secretId = target['SecretId'] unless secretId
+                                clientId = context.secrets.load(secretId, 'OAUTH2_CLIENT_ID')
+                                clientId = target['OAuth2']['ClientID'] unless clientId
+                                clientSecret = context.secrets.load(secretId, 'OAUTH2_CLIENT_SECRET')
+
+                                if clientId
+                                    configLines << "client_id = #{clientId}\n"
                                 end
-                                if ENV['DOVECOT_OAUTH2_SECRET']
-                                    configLines << "client_secret = #{ENV['DOVECOT_OAUTH2_SECRET']}\n"
+                                if clientSecret
+                                    configLines << "client_secret = #{clientSecret}\n"
                                 end
                             end
                         else
-                            cmd = "sed -i 's|auth_mechanisms =.*|auth_mechanisms = plain|' #{DOVECOT_DIR}conf.d/10-auth.conf"
-                            self.class.sshExec!(ssh, cmd)
+                            linuxConnection.fileReplace("#{DOVECOT_DIR}conf.d/10-auth.conf", 'auth_mechanisms =.*', "auth_mechanisms = plain", options)
 
-                            updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
+                            linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
                                 configLines << "auth_username_format = %u\n"
                                 configLines << "userdb {\n"
                                 configLines << "    driver = static\n"
@@ -126,47 +129,56 @@ module ConfigLMM
                                 configLines << "    args = #{DOVECOT_DIR}passwords\n"
                                 configLines << "}\n"
                             end
-                            self.class.sshExec!(ssh, "touch #{DOVECOT_DIR}passwords")
-                            self.class.sshExec!(ssh, "chown dovecot:dovecot #{DOVECOT_DIR}passwords")
-                            self.class.sshExec!(ssh, "chmod 600 #{DOVECOT_DIR}passwords")
+                            linuxConnection.exec("touch #{DOVECOT_DIR}passwords", options)
+                            linuxConnection.setUserGroup("#{DOVECOT_DIR}passwords", 'dovecot', 'dovecot', options)
+                            linuxConnection.setPrivate("#{DOVECOT_DIR}passwords", options)
                         end
 
-                        certDir = Framework::LinuxApp.createCertificateOverSSH(ssh)
-                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-ssl.conf', options) do |configLines|
+                        certDir = linuxConnection.createWildecardCertificate(options)
+                        linuxConnection.updateFile(DOVECOT_DIR + 'conf.d/10-ssl.conf', options) do |configLines|
                             configLines << "ssl_cert = <#{certDir}fullchain.pem\n"
                             configLines << "ssl_key = <#{certDir}privkey.pem\n"
+                            if !target['Domains'].to_h.empty?
+                                target['Domains'].each do |domain, config|
+                                    if config['CertName']
+                                        configLines << "local_name #{Addressable::IDNA.to_ascii(domain)} {\n"
+                                        configLines << "    ssl_cert = </etc/letsencrypt/live/#{config['CertName']}/fullchain.pem\n"
+                                        configLines << "    ssl_key = </etc/letsencrypt/live/#{config['CertName']}/privkey.pem\n"
+                                        configLines << "}\n"
+                                    end
+                                end
+                            end
+                            configLines
                         end
+
+                        linuxConnection.restartService(SERVICE_NAME, options)
                     end
-                else
-                    # TODO
                 end
-
-                plugins[:Linux].startService(SERVICE_NAME, target['Location'])
-
-                activeState['Status'] = State::STATUS_DEPLOYED
             end
 
             def cleanup(configs, state, context, options)
-                cleanupType(:Dovecot, configs, state, context, options) do |item, id, state, context, options, ssh|
-                    Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
-                    Framework::LinuxApp.firewallRemoveService('imaps', ssh, options[:dry])
-                    Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
+                cleanupType(:Dovecot, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.stopService(SERVICE_NAME, options)
+                        linuxConnection.firewallRemoveService('imaps', options)
+                        linuxConnection.removePackage(PACKAGE_NAME, options)
 
-                    state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
 
-                    if options[:destroy]
-                        Framework::LinuxApp.deleteUserAndGroup(EMAIL_USER, ssh, options[:dry])
+                        if options[:destroy]
+                            linuxConnection.deleteUserAndGroup(EMAIL_USER, options)
 
-                        state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
                     end
                 end
             end
 
-            def self.cutConfigSection(file, sectionStart, options, ssh)
+            def self.cutConfigSection(file, sectionStart, options, linuxConnection)
                 localFile = options['output'] + '/' + SecureRandom.alphanumeric(10)
                 File.write(localFile, '')
-                self.sshExec!(ssh, "touch #{file}")
-                ssh.scp.download!(file, localFile)
+                linuxConnection.exec("touch #{file}", options)
+                linuxConnection.download(file, localFile, options)
                 fileData = File.read(localFile)
                 position = fileData.index(sectionStart)
                 if position
@@ -179,7 +191,7 @@ module ConfigLMM
                         fileData = fileData[0...position]
                     end
                     File.write(localFile, fileData)
-                    ssh.scp.upload!(localFile, file)
+                    linuxConnection.upload(localFile, file, options)
                 end
             end
         end

data/Plugins/Apps/ERPNext/ERPNext-Frontend.container

@@ -9,11 +9,16 @@ Image=ConfigLM.moe/erpnext:v$VERSION
 Exec=nginx-entrypoint.sh
 EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
 PublishPort=127.0.0.1:18400:8080
-Network=ERPNext
+Network=ERPNext.network
 HostName=ERPNext-Frontend
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
 Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+LogDriver=journald
+
+[Service]
+TimeoutStartSec=16min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Queue.container

@@ -12,6 +12,11 @@ Network=slirp4netns:allow_host_loopback=true
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
 Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+LogDriver=journald
+
+[Service]
+TimeoutStartSec=16min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container

@@ -11,6 +11,11 @@ EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
 Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+LogDriver=journald
+
+[Service]
+TimeoutStartSec=16min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Websocket.container

@@ -8,12 +8,17 @@ ContainerName=ERPNext-Websocket
 Image=ConfigLM.moe/erpnext:v$VERSION
 Exec=node /home/frappe/frappe-bench/apps/frappe/socketio.js
 EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
-Network=ERPNext
+Network=ERPNext.network
 IP=10.90.50.11
 HostName=ERPNext-Websocket
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
 Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+LogDriver=journald
+
+[Service]
+TimeoutStartSec=16min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext.container

@@ -7,12 +7,17 @@ After=local-fs.target
 ContainerName=ERPNext
 Image=ConfigLM.moe/erpnext:v$VERSION
 EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
-Network=ERPNext
+Network=ERPNext.network
 IP=10.90.50.10
 HostName=ERPNext
 UserNS=keep-id:uid=1000,gid=1000
 Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
 Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+LogDriver=journald
+
+[Service]
+TimeoutStartSec=12min
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target default.target