RubyGems - ConfigLMM - Versions diffs - 0.4.0 → 0.5.0 - Mend

ConfigLMM 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +34 -0
data/CNAME +1 -0
data/Examples/.lmm.state.yaml +159 -0
data/Examples/ConfigLMM.mm.yaml +32 -0
data/Examples/Implemented.mm.yaml +252 -4
data/Examples/SmallBusiness.mm.yaml +492 -0
data/Plugins/Apps/Answer/answer.lmm.rb +165 -0
data/Plugins/Apps/Answer/answer@.service +40 -0
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb +0 -3
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb +0 -1
data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +7 -1
data/Plugins/Apps/Authentik/Authentik-Server.container +6 -1
data/Plugins/Apps/Authentik/Authentik-Worker.container +6 -1
data/Plugins/Apps/Authentik/Authentik.conf.erb +12 -7
data/Plugins/Apps/Authentik/Authentik.lmm.rb +226 -61
data/Plugins/Apps/BookStack/BookStack.conf.erb +0 -3
data/Plugins/Apps/BookStack/BookStack.container +5 -0
data/Plugins/Apps/BookStack/BookStack.lmm.rb +14 -3
data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +9 -19
data/Plugins/Apps/ClickHouse/ClickHouse.container +28 -0
data/Plugins/Apps/ClickHouse/ClickHouse.lmm.rb +113 -0
data/Plugins/Apps/ClickHouse/Config/listen.yaml +2 -0
data/Plugins/Apps/ClickHouse/Config/logger.yaml +8 -0
data/Plugins/Apps/ClickHouse/Config/zookeepers.yaml +5 -0
data/Plugins/Apps/ClickHouse/Connection.rb +96 -0
data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +5 -0
data/Plugins/Apps/Discourse/Discourse.conf.erb +1 -4
data/Plugins/Apps/Discourse/Discourse.container +4 -0
data/Plugins/Apps/Discourse/Discourse.lmm.rb +116 -55
data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +74 -62
data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +6 -1
data/Plugins/Apps/ERPNext/ERPNext-Queue.container +5 -0
data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +5 -0
data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +6 -1
data/Plugins/Apps/ERPNext/ERPNext.container +6 -1
data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +138 -127
data/Plugins/Apps/GitLab/GitLab.container +6 -0
data/Plugins/Apps/GitLab/GitLab.lmm.rb +43 -49
data/Plugins/Apps/Homepage/Homepage.conf.erb +86 -0
data/Plugins/Apps/Homepage/Homepage.container +19 -0
data/Plugins/Apps/Homepage/Homepage.lmm.rb +54 -0
data/Plugins/Apps/IPFS/IPFS.conf.erb +0 -3
data/Plugins/Apps/IPFS/IPFS.lmm.rb +0 -1
data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb +0 -3
data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb +0 -1
data/Plugins/Apps/Jackett/Jackett.conf.erb +0 -3
data/Plugins/Apps/Jackett/Jackett.lmm.rb +0 -1
data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb +0 -3
data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb +0 -1
data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +49 -28
data/Plugins/Apps/LibreTranslate/LibreTranslate.container +21 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb +34 -0
data/Plugins/Apps/Lobsters/Containerfile +81 -0
data/Plugins/Apps/Lobsters/Lobsters-Tasks.container +26 -0
data/Plugins/Apps/Lobsters/Lobsters.conf.erb +99 -0
data/Plugins/Apps/Lobsters/Lobsters.container +27 -0
data/Plugins/Apps/Lobsters/Lobsters.lmm.rb +196 -0
data/Plugins/Apps/Lobsters/crontab +3 -0
data/Plugins/Apps/Lobsters/database.yml +26 -0
data/Plugins/Apps/Lobsters/entrypoint.sh +30 -0
data/Plugins/Apps/Lobsters/generateCredentials.rb +19 -0
data/Plugins/Apps/Lobsters/lobsters-cron.sh +25 -0
data/Plugins/Apps/Lobsters/lobsters-daily.sh +23 -0
data/Plugins/Apps/Lobsters/puma.rb +49 -0
data/Plugins/Apps/MariaDB/Connection.rb +55 -0
data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +60 -53
data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container +22 -0
data/Plugins/Apps/Mastodon/Mastodon-Streaming.container +20 -0
data/Plugins/Apps/Mastodon/Mastodon.conf.erb +34 -45
data/Plugins/Apps/Mastodon/Mastodon.container +28 -0
data/Plugins/Apps/Mastodon/Mastodon.lmm.rb +240 -5
data/Plugins/Apps/Mastodon/configlmm.rake +30 -0
data/Plugins/Apps/Mastodon/entrypoint.sh +16 -0
data/Plugins/Apps/Matrix/Element.container +5 -0
data/Plugins/Apps/Matrix/Matrix.conf.erb +2 -8
data/Plugins/Apps/Matrix/Matrix.lmm.rb +100 -71
data/Plugins/Apps/Matrix/Synapse.container +5 -0
data/Plugins/Apps/Netdata/Netdata.conf.erb +0 -3
data/Plugins/Apps/Netdata/Netdata.lmm.rb +0 -1
data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +3 -4
data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +150 -68
data/Plugins/Apps/Nextcloud/autoconfig.php +13 -0
data/Plugins/Apps/Nextcloud/config.php +10 -1
data/Plugins/Apps/Nextcloud/nextcloudcron.service +8 -0
data/Plugins/Apps/Nextcloud/nextcloudcron.timer +10 -0
data/Plugins/Apps/Nginx/Connection.rb +93 -0
data/Plugins/Apps/Nginx/conf.d/configlmm.conf +50 -9
data/Plugins/Apps/Nginx/conf.d/languages.conf +21 -0
data/Plugins/Apps/Nginx/config-lmm/errors.conf +25 -20
data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf +20 -0
data/Plugins/Apps/Nginx/config-lmm/proxy.conf +1 -1
data/Plugins/Apps/Nginx/main.conf.erb +7 -3
data/Plugins/Apps/Nginx/nginx.conf +2 -2
data/Plugins/Apps/Nginx/nginx.lmm.rb +99 -81
data/Plugins/Apps/Nginx/proxy.conf.erb +11 -3
data/Plugins/Apps/Odoo/Odoo.conf.erb +0 -3
data/Plugins/Apps/Odoo/Odoo.container +5 -0
data/Plugins/Apps/Odoo/Odoo.lmm.rb +4 -5
data/Plugins/Apps/Ollama/Ollama.container +26 -0
data/Plugins/Apps/Ollama/Ollama.lmm.rb +73 -0
data/Plugins/Apps/OpenTelemetry/Config/config.yaml +704 -0
data/Plugins/Apps/OpenTelemetry/OpenTelemetry.lmm.rb +154 -0
data/Plugins/Apps/OpenVidu/Ingress.container +5 -0
data/Plugins/Apps/OpenVidu/OpenVidu.conf.erb +0 -3
data/Plugins/Apps/OpenVidu/OpenVidu.container +5 -0
data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +7 -3
data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +0 -3
data/Plugins/Apps/OpenVidu/OpenViduCall.container +5 -0
data/Plugins/Apps/PHP-FPM/Connection.rb +91 -0
data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +31 -4
data/Plugins/Apps/Peppermint/Peppermint.conf.erb +2 -5
data/Plugins/Apps/Peppermint/Peppermint.container +5 -0
data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +29 -33
data/Plugins/Apps/Perplexica/Perplexica.container +25 -0
data/Plugins/Apps/Perplexica/Perplexica.lmm.rb +92 -0
data/Plugins/Apps/Perplexica/config.toml +26 -0
data/Plugins/Apps/Podman/Connection.rb +24 -0
data/Plugins/Apps/Podman/Podman.lmm.rb +80 -0
data/Plugins/Apps/Podman/storage.conf +6 -0
data/Plugins/Apps/Postfix/Postfix.lmm.rb +242 -164
data/Plugins/Apps/PostgreSQL/Connection.rb +97 -0
data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +184 -148
data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb +0 -3
data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb +0 -2
data/Plugins/Apps/Pterodactyl/Wings.conf.erb +0 -3
data/Plugins/Apps/RVM/RVM.lmm.rb +57 -0
data/Plugins/Apps/Roundcube/Roundcube.conf.erb +0 -3
data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +15 -19
data/Plugins/Apps/SSH/SSH.lmm.rb +9 -15
data/Plugins/Apps/SearXNG/SearXNG.container +22 -0
data/Plugins/Apps/SearXNG/SearXNG.lmm.rb +79 -0
data/Plugins/Apps/SearXNG/limiter.toml +40 -0
data/Plugins/Apps/SearXNG/settings.yml +2 -0
data/Plugins/Apps/SigNoz/Config/alerts.yml +11 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-config.yaml +110 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-opamp-config.yaml +1 -0
data/Plugins/Apps/SigNoz/Config/prometheus.yml +18 -0
data/Plugins/Apps/SigNoz/SigNoz-Collector.container +23 -0
data/Plugins/Apps/SigNoz/SigNoz-Migrator.container +17 -0
data/Plugins/Apps/SigNoz/SigNoz.conf.erb +61 -0
data/Plugins/Apps/SigNoz/SigNoz.container +26 -0
data/Plugins/Apps/SigNoz/SigNoz.lmm.rb +319 -0
data/Plugins/Apps/Solr/log4j2.xml +89 -0
data/Plugins/Apps/Solr/solr.lmm.rb +82 -0
data/Plugins/Apps/Sunshine/Sunshine.conf.erb +0 -3
data/Plugins/Apps/Sunshine/Sunshine.lmm.rb +0 -1
data/Plugins/Apps/Tunnel/tunnel.lmm.rb +33 -37
data/Plugins/Apps/UVdesk/UVdesk.conf.erb +0 -3
data/Plugins/Apps/Umami/Umami.container +19 -0
data/Plugins/Apps/Umami/Umami.lmm.rb +108 -0
data/Plugins/Apps/Valkey/Valkey.lmm.rb +54 -42
data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +9 -6
data/Plugins/Apps/Vaultwarden/Vaultwarden.container +7 -1
data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +64 -29
data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +1 -4
data/Plugins/Apps/Wiki.js/Wiki.js.container +5 -0
data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +31 -37
data/Plugins/Apps/YaCy/YaCy.conf.erb +93 -0
data/Plugins/Apps/YaCy/YaCy.container +21 -0
data/Plugins/Apps/YaCy/YaCy.lmm.rb +160 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.container +24 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.lmm.rb +68 -0
data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb +0 -3
data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb +0 -1
data/Plugins/Apps/gollum/gollum.conf.erb +2 -4
data/Plugins/Apps/gollum/gollum.container +6 -0
data/Plugins/Apps/gollum/gollum.lmm.rb +51 -50
data/Plugins/Apps/llama.cpp/llama.cpp.container +28 -0
data/Plugins/Apps/llama.cpp/llama.cpp.lmm.rb +90 -0
data/Plugins/Apps/vLLM/vLLM.container +32 -0
data/Plugins/Apps/vLLM/vLLM.lmm.rb +89 -0
data/Plugins/OS/General/Utils.lmm.rb +26 -0
data/Plugins/OS/Linux/Connection.rb +472 -0
data/Plugins/OS/Linux/Debian/preseed.cfg.erb +25 -6
data/Plugins/OS/Linux/Flavours.yaml +13 -0
data/Plugins/OS/Linux/Grub/grub.cfg +10 -0
data/Plugins/OS/Linux/HTTP.rb +32 -0
data/Plugins/OS/Linux/Linux.lmm.rb +533 -187
data/Plugins/OS/Linux/Packages.yaml +20 -1
data/Plugins/OS/Linux/Services.yaml +8 -0
data/Plugins/OS/Linux/Shell.rb +70 -0
data/Plugins/OS/Linux/Syslinux/default +8 -0
data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +83 -59
data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +3 -0
data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb +29 -3
data/Plugins/OS/Linux/systemd/systemd.lmm.rb +13 -11
data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb +6 -5
data/Plugins/Platforms/GitHub.lmm.rb +73 -28
data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +9 -6
data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb +402 -0
data/Plugins/Platforms/Proxmox/XTerm.rb +321 -0
data/Plugins/Platforms/libvirt/libvirt.lmm.rb +38 -13
data/Plugins/Platforms/porkbun.lmm.rb +12 -2
data/Plugins/Platforms/porkbun_spec.rb +2 -2
data/Plugins/Services/DNS/AmberBit.lmm.rb +1 -1
data/Plugins/Services/DNS/ArubaItDNS.lmm.rb +1 -1
data/Plugins/Services/DNS/NICLV.lmm.rb +1 -1
data/Plugins/Services/DNS/PowerDNS.lmm.rb +70 -68
data/Plugins/Services/DNS/tonic.lmm.rb +22 -12
data/lib/ConfigLMM/Framework/plugins/dns.rb +4 -3
data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +145 -184
data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +34 -17
data/lib/ConfigLMM/Framework/plugins/plugin.rb +53 -181
data/lib/ConfigLMM/Framework/plugins/store.rb +4 -4
data/lib/ConfigLMM/Framework/variables.rb +75 -0
data/lib/ConfigLMM/Framework.rb +1 -0
data/lib/ConfigLMM/cli.rb +12 -6
data/lib/ConfigLMM/commands/configsCommand.rb +37 -6
data/lib/ConfigLMM/commands/diff.rb +33 -9
data/lib/ConfigLMM/context.rb +22 -3
data/lib/ConfigLMM/io/configList.rb +82 -6
data/lib/ConfigLMM/io/connection.rb +143 -0
data/lib/ConfigLMM/io/dhcp.rb +330 -0
data/lib/ConfigLMM/io/http.rb +78 -0
data/lib/ConfigLMM/io/local.rb +207 -0
data/lib/ConfigLMM/io/pxe.rb +92 -0
data/lib/ConfigLMM/io/ssh.rb +156 -0
data/lib/ConfigLMM/io/tftp.rb +105 -0
data/lib/ConfigLMM/io.rb +2 -0
data/lib/ConfigLMM/secrets/envStore.rb +39 -0
data/lib/ConfigLMM/secrets/fileStore.rb +43 -0
data/lib/ConfigLMM/state.rb +2 -1
data/lib/ConfigLMM/version.rb +2 -1
data/lib/ConfigLMM.rb +1 -0
data/{Examples → scripts}/configlmmAuth.sh +7 -5
metadata +205 -8

data/Plugins/Apps/Homepage/Homepage.lmm.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module ConfigLMM
+    module LMM
+        class Homepage < Framework::Plugin
+            NAME = 'Homepage'
+            USER = 'homepage'
+            HOME_DIR = '/var/lib/homepage'
+            def actionHomepageBuild(id, target, activeState, context, options)
+                Nginx.withConnection(local) do |nginxConnection|
+                    nginxConnection.writeConfig(__dir__, NAME, target, state, context, options)
+                end
+            end
+            def actionHomepageDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        if !target.key?('Proxy') || target['Proxy'] != 'only'
+                            Podman.ensurePresent(linuxConnection, options)
+                            Podman.createUser(USER, HOME_DIR, 'Homepage', linuxConnection, options)
+                            linuxConnection.withUserShell(USER) do |shell|
+                                shell.createDirs(options, '~/config')
+                            end
+                            configPath = './Homepage'
+                            configPath = target['ConfigPath'] if target['ConfigPath']
+                            Dir[configPath + '/*'].each do |file|
+                                linuxConnection.upload(file, HOME_DIR + '/config/', options)
+                            end
+                            path = Podman.containersPath(HOME_DIR)
+                            linuxConnection.upload(__dir__ + '/Homepage.container', path, options)
+                            if target.key?('Proxy') && target['Proxy'] == false
+                                linuxConnection.exec("sed -i 's|PublishPort=127.0.0.1:13400:|PublishPort=0.0.0.0:13400:|' #{path}/Homepage.container", false, options)
+                                linuxConnection.firewallAddPort('13400/tcp', options)
+                            end
+                            linuxConnection.reloadUserServices(USER, options)
+                            linuxConnection.restartUserService(USER, 'Homepage', options)
+                        end
+                        if !target.key?('Proxy') || !!target['Proxy']
+                            Nginx.withConnection(linuxConnection) do |nginxConnection|
+                                target['ConfigName'] = target['Name']
+                                nginxConnection.provision(__dir__, NAME, target, activeState, context, options)
+                            end
+                        end
+                    end
+                end
+            end
+        end
+    end
+end

data/Plugins/Apps/IPFS/IPFS.conf.erb CHANGED Viewed

@@ -20,9 +20,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/ipfs.access.log;
-    error_log   /var/log/nginx/ipfs.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/IPFS/IPFS.lmm.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module ConfigLMM
             def actionIPFSDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb CHANGED Viewed

@@ -16,9 +16,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/influxdb.access.log;
-    error_log   /var/log/nginx/influxdb.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module ConfigLMM
             def actionInfluxDBDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Jackett/Jackett.conf.erb CHANGED Viewed

@@ -16,9 +16,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/jackett.access.log;
-    error_log   /var/log/nginx/jackett.error.log;
     include config-lmm/private.conf;
     include config-lmm/errors.conf;

data/Plugins/Apps/Jackett/Jackett.lmm.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module ConfigLMM
             def actionJackettDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb CHANGED Viewed

@@ -17,9 +17,6 @@ server {
     server_name <%= config['Domain'] %>;
-    access_log  /var/log/nginx/jellyfin.access.log;
-    error_log   /var/log/nginx/jellyfin.error.log;
     include config-lmm/errors.conf;
     include config-lmm/ssl.conf;

data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module ConfigLMM
             def actionJellyfinDeploy(id, target, activeState, context, options)
                 if !target['Location'] || target['Location'] == '@me'
                     deployNginxConfig(id, target, activeState, context, options)
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb CHANGED Viewed

@@ -7,48 +7,69 @@ module ConfigLMM
             CONFIG_DIR = '/etc/letsencrypt/'
             def actionLetsEncryptDeploy(id, target, activeState, context, options)
-                self.ensurePackage(PACKAGE_NAME, target['Location'])
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.class.sshStart(uri) do |ssh|
-                        ssh.scp.upload!(__dir__ + '/rfc2136.ini', CONFIG_DIR)
-                        ssh.scp.upload!(__dir__ + '/renew-certificates.service', '/etc/systemd/system/')
-                        ssh.scp.upload!(__dir__ + '/renew-certificates.timer', '/etc/systemd/system/')
-                        self.class.exec("mkdir -p #{CONFIG_DIR}renewal-hooks/deploy", ssh)
+                        linuxConnection.upload(__dir__ + '/rfc2136.ini', CONFIG_DIR, options)
+                        linuxConnection.upload(__dir__ + '/renew-certificates.service', '/etc/systemd/system/', options)
+                        linuxConnection.upload(__dir__ + '/renew-certificates.timer', '/etc/systemd/system/', options)
+                        linuxConnection.createDirs(options, CONFIG_DIR + "renewal-hooks/deploy")
                         target['Hooks'].to_a.each do |hook|
-                            ssh.scp.upload!(__dir__ + '/hooks/' + hook + '.sh', "#{CONFIG_DIR}renewal-hooks/deploy/")
+                            linuxConnection.upload(__dir__ + '/hooks/' + hook + '.sh', "#{CONFIG_DIR}renewal-hooks/deploy/", options)
                         end
-                        self.class.exec("chmod +x #{CONFIG_DIR}renewal-hooks/deploy/*.sh", ssh)
-                        self.class.exec("sed -i 's|$IP|#{target['DNS']['IP']}|' #{CONFIG_DIR}/rfc2136.ini", ssh)
-                        self.class.exec("sed -i 's|$SECRET|#{ENV['LETSENCRYPT_DNS_SECRET']}|' #{CONFIG_DIR}/rfc2136.ini", ssh)
-                        self.class.exec("chmod 600 #{CONFIG_DIR}/rfc2136.ini", ssh)
+                        linuxConnection.exec("chmod +x #{CONFIG_DIR}renewal-hooks/deploy/*.sh", false, options)
+                        linuxConnection.fileReplace(CONFIG_DIR + 'rfc2136.ini', '\$IP', target['DNS']['IP'] , options)
+                        secretId, secretName = target['DNS']['SecretId'].to_s.split('.')
+                        key = nil
+                        key = context.secrets.load(secretId, secretName) if secretId && secretName
+                        key = context.secrets.load('LETSENCRYPT', 'DNS_SECRET') if key.nil?
+                        raise Framework::PluginProcessError.new('LetsEncrypt missing RFC2136 TSIG key! Specify DNS.SecretId or LETSENCRYPT_DNS_SECRET env variable') unless key
+                        linuxConnection.fileReplace(CONFIG_DIR + 'rfc2136.ini', '\$SECRET', key, options)
+                        linuxConnection.setPrivate(CONFIG_DIR + 'rfc2136.ini', options)
                         if target['Domain']
-                            createCertificate('Wildcard', target['Domain'], target, ssh)
+                            createCertificate('Wildcard', target['Domain'], target, linuxConnection, options)
                         end
-                        target['Certificates'].to_h.each do |name, domain|
-                            createCertificate(name, domain, target, ssh)
+                        target['Certificates'].to_h.each do |name, domains|
+                            createCertificate(name, domains, target, linuxConnection, options)
                         end
-                        self.class.exec("systemctl daemon-reload", ssh)
-                        self.class.exec("systemctl enable renew-certificates.timer", ssh)
-                        self.class.exec("systemctl start renew-certificates.timer", ssh)
+                        linuxConnection.reloadServiceManager(options)
+                        linuxConnection.ensureServiceAutoStart('renew-certificates.timer', options)
+                        linuxConnection.startService('renew-certificates.timer', options)
+                        target['Hooks'].to_a.each do |hook|
+                            linuxConnection.exec("#{CONFIG_DIR}renewal-hooks/deploy/#{hook}.sh", false, options)
+                        end
                     end
-                else
-                    # TODO
                 end
             end
-            def createCertificate(name, domain, target, ssh)
-                domains = ['--domains "' + Addressable::IDNA.to_ascii(domain) + '"']
-                if domain.start_with?('*.')
-                    domains << '--domains "' + Addressable::IDNA.to_ascii(domain[2..-1]) + '"'
+            def createCertificate(name, domains, target, connection, options)
+                return if connection.fileLink?("#{CONFIG_DIR}live/#{name}/fullchain.pem", options)
+                connection.exec("rm -rf #{CONFIG_DIR}live/#{name}", false, options)
+                domainList = []
+                domains = [domains] unless domains.is_a?(Array)
+                domains.each do |domain|
+                    domainList << '--domains "' + Addressable::IDNA.to_ascii(domain) + '"'
+                    if addBaseDomain?(domain, domains)
+                        domainList << '--domains "' + Addressable::IDNA.to_ascii(domain[2..-1]) + '"'
+                    end
                 end
                 extra = ''
                 extra = '--dns-rfc2136-propagation-seconds ' + target['DNS']['Propagation'].to_s if target['DNS']['Propagation']
-                self.class.exec("certbot certonly --dns-rfc2136 --dns-rfc2136-credentials=/etc/letsencrypt/rfc2136.ini #{extra} --non-interactive --agree-tos --email #{target['EMail']} --cert-name '#{name}' #{domains.join(' ')}", ssh)
+                connection.exec("certbot certonly --dns-rfc2136 --dns-rfc2136-credentials=#{CONFIG_DIR}rfc2136.ini #{extra} --non-interactive --agree-tos --email #{target['EMail']} --cert-name '#{name}' #{domainList.join(' ')}", false, options)
+            end
+            def addBaseDomain?(domain, domains)
+                return false unless domain.start_with?('*.')
+                match = '*.' + domain[2..-1].split('.')[1..].join('.')
+                return false if match == '*.' || domains.any? { |d| d.casecmp?(match) }
+                true
             end
         end

data/Plugins/Apps/LibreTranslate/LibreTranslate.container ADDED Viewed

@@ -0,0 +1,21 @@
+[Unit]
+Description=LibreTranslate container
+After=local-fs.target
+[Container]
+ContainerName=LibreTranslate
+Image=docker.io/libretranslate/libretranslate:latest
+Exec=--host 0.0.0.0 $ARGS
+PublishPort=127.0.0.1:15100:5000
+UserNS=keep-id:uid=1032,gid=1032
+Volume=/var/lib/libretranslate/.local:/home/libretranslate/.local
+LogDriver=journald
+AutoUpdate=registry
+[Service]
+TimeoutStartSec=32min
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module ConfigLMM
+    module LMM
+        class LibreTranslate < Framework::Plugin
+            USER = 'libretranslate'
+            HOME_DIR = '/var/lib/libretranslate'
+            def actionLibreTranslateDeploy(id, target, activeState, context, options)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        Podman.ensurePresent(linuxConnection, options)
+                        Podman.createUser(USER, HOME_DIR, 'LibreTranslate', linuxConnection, options)
+                        path = Podman.containersPath(HOME_DIR)
+                        linuxConnection.upload(__dir__ + '/LibreTranslate.container', path, options)
+                        args = ['--metrics']
+                        linuxConnection.fileReplace("#{path}/LibreTranslate.container", '\$ARGS', args.join(' '), options)
+                        if target['Listen']
+                            linuxConnection.fileReplace("#{path}/LibreTranslate.container", '127.0.0.1', target['Listen'], options)
+                        end
+                        linuxConnection.reloadUserServices(USER, options)
+                        linuxConnection.restartUserService(USER, 'LibreTranslate', options)
+                    end
+                end
+            end
+        end
+    end
+end

data/Plugins/Apps/Lobsters/Containerfile ADDED Viewed

@@ -0,0 +1,81 @@
+# Use an official Ruby image as a base
+ARG RUBY_VERSION
+FROM ruby:${RUBY_VERSION} AS base
+# Install base packages
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 mariadb-client sendmail vim && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+# Latest releases available at https://github.com/aptible/supercronic/releases
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.33/supercronic-linux-amd64 \
+    SUPERCRONIC_SHA1SUM=71b0d58cc53f6bd72cf2f293e09e294b79c666d8 \
+    SUPERCRONIC=supercronic-linux-amd64
+RUN curl -fsSLO "$SUPERCRONIC_URL" \
+ && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+ && chmod +x "$SUPERCRONIC" \
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+ENV BUNDLE_DEPLOYMENT="1" BUNDLE_PATH="/usr/local/bundle" BUNDLE_WITHOUT="development"
+# Throw-away build stage to reduce size of final image
+FROM base AS build
+# Install packages needed to build gems
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libyaml-dev pkg-config && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+# Set working directory
+WORKDIR /lobsters
+COPY . .
+# Install application gems
+RUN bundle install && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+RUN mkdir -p /srv/lobste.rs/log && \
+    ln -sf /lobsters /srv/lobste.rs/http
+# Temporary generate secrets
+RUN RAILS_ENV=production ./bin/rails credentials:edit
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE_DUMMY=1 RAILS_ENV=production ./bin/rails assets:precompile
+# Remove secrets
+RUN rm -rf ./config/credentials.yml.enc ./config/master.key ./config/database.yml ./tmp/* /srv/lobste.rs/log/*
+# Final stage for app image
+FROM base
+WORKDIR /lobsters
+# Copy built artifacts: gems, application
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /lobsters /lobsters
+COPY --from=build /srv/lobste.rs /srv/lobste.rs
+COPY crontab /etc/
+RUN ln -sf /config/master.key /lobsters/config/master.key && \
+    ln -sf /config/credentials.yml.enc /lobsters/config/credentials.yml.enc && \
+    ln -sf /config/database.yml /lobsters/config/database.yml
+RUN mv /lobsters/public /lobsters/public_source && ln -sf /srv/lobsters/public /lobsters/public
+# Run and own only the runtime files as a non-root user for security
+RUN groupadd --system --gid 1000 lobsters && \
+    useradd lobsters --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
+    chown -R lobsters:lobsters /lobsters/tmp /srv/lobste.rs/log
+ENV LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
+# Expose port for Rails server
+EXPOSE 9292
+ENTRYPOINT ["/lobsters/entrypoint.sh"]
+CMD ["server"]

data/Plugins/Apps/Lobsters/Lobsters-Tasks.container ADDED Viewed

@@ -0,0 +1,26 @@
+[Unit]
+Description=Lobsters tasks container
+After=local-fs.target
+[Container]
+ContainerName=LobstersTasks
+Image=ConfigLM.moe/lobsters:master
+EnvironmentFile=/var/lib/lobsters/.config/containers/systemd/Lobsters.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=1000,gid=1000
+Exec=cron
+Volume=/var/lib/lobsters/config:/config
+Volume=/var/lib/lobsters/logs:/srv/lobste.rs/log
+Volume=/var/lib/lobsters/cache:/srv/lobste.rs/cache
+Volume=/var/lib/lobsters/storage:/srv/lobste.rs/storage
+Volume=/var/lib/lobsters/queue:/srv/lobste.rs/queue
+Volume=/var/lib/lobsters/tmp:/lobsters/tmp
+Volume=/srv/lobsters:/srv/lobsters
+LogDriver=journald
+[Service]
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Lobsters/Lobsters.conf.erb ADDED Viewed

@@ -0,0 +1,99 @@
+upstream lobsters {
+    <% if config['Server'] %>
+        server <%= config['Server'] %>;
+    <% else %>
+        server 127.0.0.1:19292;
+    <% end %>
+}
+server {
+    <% if config['NginxVersion'] >= 1.25 %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl;
+            listen  [::]:<%= config['Port'] %> ssl;
+            include config-lmm/ssl.conf;
+        <% end %>
+        http2 on;
+        http3 on;
+        quic_retry on;
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+    <% else %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl http2;
+            listen  [::]:<%= config['Port'] %> ssl http2;
+            include config-lmm/ssl.conf;
+        <% end %>
+    <% end %>
+    server_name <%= config['Domain'] %>;
+    root /srv/lobsters/public;
+    include config-lmm/errors.conf;
+    # max upload size for avatars (the only upload the site takes now)
+    client_max_body_size 2M;
+    location @lobsters {
+        proxy_pass  http://lobsters;
+        include config-lmm/proxy.conf;
+    }
+    location ~ ^/assets/ {
+        gzip_static on;
+        expires     max;
+        add_header  Cache-Control public;
+        break;
+    }
+    location ~ ^/avatars/ {
+        expires     max;
+        add_header  Cache-Control public;
+        try_files $uri @lobsters;
+        break;
+    }
+    # file-based full-page caching, bypass if user has cookies
+    set $use_file_cache "";
+    if ($cookie_lobster_trap = "") {
+        set $use_file_cache "${use_file_cache}S";       # S = no session cookie
+    }
+    if ($cookie_tag_filters = "") {
+        set $use_file_cache "${use_file_cache}F";       # F = no filter cookie
+    }
+    if (-f $document_root/cache$uri/index.html) {
+        set $use_file_cache "${use_file_cache}I";       # I = index file cached
+    }
+    if ($use_file_cache = "SFI") {
+        rewrite (.*) /cache/$1/index.html break;
+    }
+    if (-f $document_root/cache$uri.html) {
+        set $use_file_cache "${use_file_cache}H";       # H = HTML file cached
+    }
+    if ($use_file_cache = "SFH") {
+        rewrite (.*) /cache/$1.html break;
+    }
+    if (-f $document_root/cache$uri) {
+        set $use_file_cache "${use_file_cache}O";       # O = other non-extentioned file cached
+    }
+    if ($use_file_cache = "SFO") {
+        rewrite (.*) /cache/$1 break;
+    }
+    location / {
+        try_files $uri @lobsters;
+    }
+}

data/Plugins/Apps/Lobsters/Lobsters.container ADDED Viewed

@@ -0,0 +1,27 @@
+[Unit]
+Description=Lobsters container
+After=local-fs.target
+[Container]
+ContainerName=Lobsters
+Image=ConfigLM.moe/lobsters:master
+EnvironmentFile=/var/lib/lobsters/.config/containers/systemd/Lobsters.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=1000,gid=1000
+PublishPort=127.0.0.1:19292:9292
+Volume=/var/lib/lobsters/config:/config
+Volume=/var/lib/lobsters/logs:/srv/lobste.rs/log
+Volume=/var/lib/lobsters/cache:/srv/lobste.rs/cache
+Volume=/var/lib/lobsters/storage:/srv/lobste.rs/storage
+Volume=/var/lib/lobsters/queue:/srv/lobste.rs/queue
+Volume=/var/lib/lobsters/tmp:/lobsters/tmp
+Volume=/srv/lobsters:/srv/lobsters
+LogDriver=journald
+[Service]
+TimeoutStartSec=6min
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target default.target