ConfigLMM 0.4.0 → 0.5.0

data/Plugins/Apps/Lobsters/Lobsters.lmm.rb

@@ -0,0 +1,196 @@
+
+
+module ConfigLMM
+    module LMM
+        class Lobsters < Framework::Plugin
+
+            USER = 'lobsters'
+            HOME_DIR = '/var/lib/lobsters'
+            GIT_REPO = 'https://github.com/lobsters/lobsters.git'
+            IMAGE_ID = 'ConfigLM.moe/lobsters:master'
+
+            def actionLobstersBuild(id, target, activeState, context, options)
+                buildContainer(id, target, options)
+            end
+
+            def buildContainer(id, target, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+                Linux.withConnection(local) do |localLinux|
+                    begin
+                        localLinux.ensurePackages(['git', 'Podman'], options) unless localLinux.hasBinaries?(['git', 'podman'], options)
+                    rescue RuntimeError => error
+                        prompt.say(error, :color => :red)
+                    end
+                    lobstersDir = File.expand_path(REPOS_CACHE + '/lobsters')
+                    if !File.exist?(lobstersDir)
+                        localLinux.createDirs(options, File.expand_path(REPOS_CACHE))
+                        gitRepo = GIT_REPO
+                        gitRepo = target['Repository'] if target['Repository']
+                        localLinux.exec("cd #{REPOS_CACHE} && git clone --quiet #{gitRepo} lobsters", false, options)
+                    else
+                        localLinux.exec("cd #{lobstersDir} && git checkout . --quiet && git pull --quiet", false, options)
+                    end
+                    localLinux.exec("cd #{lobstersDir} && git checkout . --quiet", false, options)
+
+                    if !IO::Connection.cmdSuccess?("podman image exists #{IMAGE_ID}")
+                        # if you see error like "newuidmap 5227 0 1000 1 1 100000 65536: newuidmap: write to uid_map failed: Operation not permitted"
+                        # then for LXC you need to set idmap like:
+                        # LXC:
+                        #     - idmap: u 0 100000 165536
+                        #     - idmap: g 0 100000 165536
+                        localLinux.upload(__dir__ + '/entrypoint.sh', lobstersDir, options)
+                        localLinux.upload(__dir__ + '/Containerfile', lobstersDir, options)
+                        localLinux.upload(__dir__ + '/crontab', lobstersDir, options)
+                        localLinux.upload(__dir__ + '/puma.rb', lobstersDir + '/config/', options)
+                        localLinux.upload(__dir__ + '/database.yml', lobstersDir + '/config/', options)
+                        localLinux.upload(__dir__ + '/lobsters-cron.sh', lobstersDir + '/script/', options)
+                        localLinux.upload(__dir__ + '/lobsters-daily.sh', lobstersDir + '/script/', options)
+                        localLinux.upload(__dir__ + '/generateCredentials.rb', lobstersDir + '/script/', options)
+
+                        localLinux.exec("cd #{lobstersDir} && git rev-parse HEAD > id.txt", false, options)
+
+                        localLinux.exec("sed -i 's|lobste\\.rs|#{target['Domain']}|' #{lobstersDir}/config/application.rb #{lobstersDir}/config/sitemap.rb #{lobstersDir}/public/opensearch.xml", false, options)
+                        localLinux.exec("sed -i 's|lobste\\.rs|#{target['Domain']}|' #{lobstersDir}/app/models/comment.rb #{lobstersDir}/app/controllers/keybase_proofs_controller.rb", false, options)
+
+                        localLinux.exec("sed -i 's|email: \"inactive-user@example.com\"|email: \"inactive-user@#{target['Domain']}\"|' #{lobstersDir}/db/seeds.rb", false, options)
+
+                        if target['Admin'].to_h['Username']
+                            localLinux.exec("sed -i 's|username: \"test\"|username: \"#{target['Admin']['Username']}\"|' #{lobstersDir}/db/seeds.rb", false, options)
+                        end
+
+                        if target['Admin'].to_h['EMail']
+                            localLinux.exec("sed -i 's|email: \"test@example.com\"|email: \"#{target['Admin']['EMail']}\"|' #{lobstersDir}/db/seeds.rb", false, options)
+                        end
+
+                        adminPassword = SecureRandom.alphanumeric(20)
+                        localLinux.exec(" sed -i 's|password: \"test\"|password: \"#{adminPassword}\"|' #{lobstersDir}/db/seeds.rb", false, { **options, hide: true })
+                        localLinux.exec(" sed -i 's|password_confirmation: \"test\"|password_confirmation: \"#{adminPassword}\"|' #{lobstersDir}/db/seeds.rb", false, { **options, hide: true })
+
+                        #localLinux.fileReplace("#{REPOS_CACHE}/lobsters/Dockerfile.dev", 'COPY Gemfile.*', 'COPY . ./',  options)
+                        rubyVersion = localLinux.fileRead("#{REPOS_CACHE}/lobsters/.ruby-version", options).strip
+                        localLinux.exec("cd #{REPOS_CACHE}/lobsters && podman build --tag=#{IMAGE_ID} --build-arg RUBY_VERSION=#{rubyVersion} --file Containerfile .", false, options)
+                    end
+                end
+            end
+
+            def actionLobstersDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+
+                target['Database'] ||= {}
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+
+                        dbPassword = self.configureMariaDB(target['Database'], activeState, linuxConnection, options)
+
+                        Podman.ensurePresent(linuxConnection, options)
+                        Podman.createUser(USER, HOME_DIR, 'Lobsters', linuxConnection, options)
+
+                        cmd = IO::SSH.cmd(target['Location'])
+                        local.exec("podman image save #{IMAGE_ID} | #{cmd} 'cat > #{HOME_DIR}/lobsters.tar'", false, options)
+
+                        linuxConnection.withUserShell(USER) do |shell|
+                            shell.createDirs(options, '~/config', '~/logs', '~/cache', '~/storage', '~/queue', '~/tmp')
+                            Podman.loadImage(shell, 'lobsters.tar', options)
+                        end
+
+                        linuxConnection.exec("rm -f #{HOME_DIR}/lobsters.tar", false, options)
+
+                        linuxConnection.createDirs(options, '/srv/lobsters')
+                        linuxConnection.setUserGroup('/srv/lobsters', USER, USER, options)
+
+                        path = Podman.containersPath(HOME_DIR)
+
+                        linuxConnection.fileWrite(path + '/Lobsters.env', 'RAILS_ENV=production', options)
+                        if target['SMTP'] && target['SMTP']['Host']
+                            linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_HOST=' + target['SMTP']['Host'], options)
+                            if target['SMTP']['Port']
+                                linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_PORT=' + target['SMTP']['Port'].to_s, options)
+                            end
+                            if target['SMTP']['Username']
+                                linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_USERNAME=' + target['SMTP']['Username'], options)
+                            end
+                            if target['SMTP']['SecretId']
+                                smtpPassword = context.secrets.load(target['SMTP']['SecretId'], target['SMTP']['Username'].upcase + '_PASSWORD')
+                                linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_PASSWORD=' + smtpPassword.to_s, { **options, hide: true })
+                            end
+                            if target['SMTP']['TLS'] || target['SMTP']['Port'].to_s == '465'
+                                linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_TLS=true', options)
+                            end
+                        else
+                            linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_HOST=10.0.2.2', options)
+                        end
+                        linuxConnection.fileAppend(path + '/Lobsters.env', 'SMTP_STARTTLS_AUTO=true', options)
+
+                        linuxConnection.exec("chown #{USER}:#{USER} #{path}/Lobsters.env", false, options)
+                        linuxConnection.exec("chmod 600 #{path}/Lobsters.env", false, options)
+
+                        linuxConnection.upload(__dir__ + '/database.yml', HOME_DIR + '/config/', options)
+
+                        if target['Database'] && target['Database']['HostName'] && target['Database']['HostName'] != 'localhost'
+                            linuxConnection.fileReplace(HOME_DIR + '/config/database.yml', '10.0.2.2', target['Database']['HostName'], options)
+                        end
+                        linuxConnection.exec("sed -i 's|password:.*|password: #{dbPassword}|' #{HOME_DIR}/config/database.yml", false, options)
+
+                        linuxConnection.upload(__dir__ + '/Lobsters.container', path, options)
+                        linuxConnection.upload(__dir__ + '/Lobsters-Tasks.container', path, options)
+
+                        linuxConnection.reloadUserServices(USER, options)
+                        linuxConnection.restartUserService(USER, 'Lobsters', options)
+                        linuxConnection.restartUserService(USER, 'Lobsters-Tasks', options)
+
+                        Nginx.withConnection(linuxConnection) do |nginxConnection|
+                            nginxConnection.writeConfig(__dir__, 'Lobsters', target, state, context, options)
+                            nginxConnection.deployAllConfigs(target, activeState, context, options)
+                        end
+                    end
+                end
+            end
+
+            def configureMariaDB(settings, activeState, linuxConnection, options)
+                password = SecureRandom.alphanumeric(20)
+                MariaDB.withConnection(settings, linuxConnection) do |mariaConnection|
+                    mariaConnection.createUserAndDB(USER, password, nil, options)
+                end
+                password
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:Lobsters, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+
+                        Nginx.withConnection(linuxConnection) do |nginxConnection|
+                            nginxConnection.cleanupConfig('Lobsters', context, options)
+                            nginxConnection.reload(options)
+                        end
+
+                        linuxConnection.stopUserService(USER, 'Lobsters-Tasks', options)
+                        linuxConnection.stopUserService(USER, 'Lobsters', options)
+
+                        path = Podman.containersPath(HOME_DIR)
+                        linuxConnection.rm(path + 'Lobsters.container', options[:dry])
+                        linuxConnection.rm(path + 'Lobsters-Tasks.container', options[:dry])
+                        linuxConnection.rm('/srv/lobsters', options[:dry])
+
+                        linuxConnection.withUserShell(USER) do |shell|
+                            Podman.removeImage(shell, IMAGE_ID, options)
+                        end
+
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                        if options[:destroy]
+                            item['Config']['Database'] ||= {}
+                            MariaDB.withConnection(item['Config']['Database'], linuxConnection) do |connectionDB|
+                                connectionDB.dropDB(USER, options)
+                            end
+                            linuxConnection.deleteUserAndGroup(USER, options)
+                            linuxConnection.rm(HOME_DIR, options[:dry])
+
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
+                    end
+                end
+            end
+
+        end
+    end
+end

data/Plugins/Apps/Lobsters/crontab

@@ -0,0 +1,3 @@
+*/5 * * * * /srv/lobste.rs/http/script/lobsters-cron.sh
+0 0 * * * /srv/lobste.rs/http/script/lobsters-daily.sh
+* * * * * /srv/lobste.rs/http/script/expire_page_cache

data/Plugins/Apps/Lobsters/database.yml

@@ -0,0 +1,26 @@
+---
+trilogy: &trilogy
+  adapter: trilogy
+  encoding: utf8mb4
+  host: 10.0.2.2
+  port: 3306
+  pool: 5
+
+sqlite3: &sqlite3
+  adapter: sqlite3
+  timeout: 5000
+
+production:
+  primary:
+    <<: *trilogy
+    database: lobsters
+    username: lobsters
+    password:
+  cache:
+    <<: *sqlite3
+    database: /srv/lobste.rs/cache/cache.sqlite3
+    migrations_paths: db/cache_migrate
+  queue:
+    <<: *sqlite3
+    database: /srv/lobste.rs/queue/queue.sqlite3
+    migrations_paths: db/queue_migrate

data/Plugins/Apps/Lobsters/entrypoint.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/sh
+
+set -o errexit
+set -o nounset
+
+cmd="/lobsters/bin/rails"
+
+if [ $# -gt 0 ]; then
+    if [ "$1" = "cron" ]; then
+        shift
+        cmd="/usr/local/bin/supercronic /etc/crontab"
+    elif [ "$1" = "server" ]; then
+        status=0
+        cmp --quiet "/lobsters/id.txt" "/srv/lobsters/id.txt" || status=$?
+        if [ $status -ne 0 ]; then
+            rm -rf /srv/lobsters/*
+            mkdir -p /srv/lobsters/public
+            cp -R /lobsters/public_source/* /srv/lobsters/public/
+            cp -R /lobsters/public_source/.* /srv/lobsters/public/
+            cp "/lobsters/id.txt" "/srv/lobsters/"
+        fi
+
+        if [ ! -f "/config/credentials.yml.enc" ]; then
+            bundle exec /lobsters/script/generateCredentials.rb
+        fi
+        /lobsters/bin/rails db:prepare
+    fi
+fi
+
+exec $cmd "$@"

data/Plugins/Apps/Lobsters/generateCredentials.rb

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+
+require 'rails/generators'
+require 'rails/generators/rails/encryption_key_file/encryption_key_file_generator'
+require 'rails/generators/rails/credentials/credentials_generator'
+
+content_path = '/config/credentials.yml.enc'
+key_path = '/config/master.key'
+
+Rails::Generators::EncryptionKeyFileGenerator.new([], quiet: true).add_key_file(key_path)
+
+Rails::Generators::CredentialsGenerator.new(
+    [content_path, key_path],
+    skip_secret_key_base: false,
+    quiet: true
+).invoke_all
+
+# TODO
+# should apply config/credentials.yml.enc.sample to config

data/Plugins/Apps/Lobsters/lobsters-cron.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+err=0
+report() {
+  err=1
+  echo -n "error at line ${BASH_LINENO[0]}, in call to "
+  sed -n ${BASH_LINENO[0]}p $0
+} >&2
+trap report ERR
+
+cd /srv/lobste.rs/http
+
+if [ -f public/maintenance.html ];
+then
+  exit 0
+fi
+
+bundle exec ruby script/fill_flagged_cache.rb &
+bundle exec ruby script/mail_new_activity.rb &
+#bundle exec ruby script/mastodon_post.rb &
+#bundle exec ruby script/mastodon_sync_users.rb &
+#bundle exec ruby script/send_new_webmentions &
+bundle exec ruby script/traffic_range &
+
+exit $err

data/Plugins/Apps/Lobsters/lobsters-daily.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+err=0
+report() {
+  err=1
+  echo -n "error at line ${BASH_LINENO[0]}, in call to "
+  sed -n ${BASH_LINENO[0]}p $0
+} >&2
+trap report ERR
+
+cd /srv/lobste.rs/http
+
+if [ -f public/maintenance.html ];
+then
+  exit 0
+fi
+
+bundle exec rails daily_maintenance
+bundle exec rails sitemap:refresh -s
+
+find /srv/lobste.rs/http/tmp -type f -name 'rack%3A%3Aattack*' -mtime +2 -delete
+
+exit $err

data/Plugins/Apps/Lobsters/puma.rb

@@ -0,0 +1,49 @@
+# typed: false
+
+require "etc"
+
+# Puma can serve each request in a thread from an internal thread pool.
+# The `threads` method setting takes two numbers: a minimum and maximum.
+# Any libraries that use thread pools should be configured to match
+# the maximum value specified for Puma. Default is set to 5 threads for minimum
+# and maximum; this matches the default thread size of Active Record.
+#
+threads_count = ENV.fetch("RAILS_MAX_THREADS") { 4 }
+threads threads_count, threads_count
+
+# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
+# port        ENV.fetch("PORT") { 3000 }
+# bind 'tcp://127.0.0.1:3000'
+
+# Specifies the `environment` that Puma will run in.
+environment ENV.fetch("RAILS_ENV") { "development" }
+
+# Specifies the `pidfile` that Puma will use.
+#pidfile ENV.fetch("PIDFILE") {
+#    "tmp/puma.pid"
+#}
+
+# Specifies the number of `workers` to boot in clustered mode.
+# Workers are forked webserver processes. If using threads and workers together
+# the concurrency of the application would be max `threads` * `workers`.
+# Workers do not work on JRuby or Windows (both of which do not support
+# processes).
+workers ENV.fetch("PUMA_WORKERS") { 3 }
+
+# Use the `preload_app!` method when specifying a `workers` number.
+# This directive tells Puma to first boot the application and load code
+# before forking the application. This takes advantage of Copy On Write
+# process behavior so workers use less memory.
+if ENV.fetch("RAILS_ENV") == "production"
+
+  # phased restarts
+  # https://github.com/puma/puma/blob/master/docs/restart.md
+  prune_bundler
+
+  # old hot restart config; will need ansible change to tell systemctl to restart instead of reload
+  # preload_app!
+end
+
+# Allow puma to be restarted by `rails restart` command.
+plugin :tmp_restart
+

data/Plugins/Apps/MariaDB/Connection.rb

@@ -0,0 +1,55 @@
+
+module ConfigLMM
+    module LMM
+        class MariaDBConnection
+
+            attr_reader :connection
+
+            def initialize(connection, settings)
+                @connection = connection
+                @settings = settings
+            end
+
+            def exec(sql, db = nil, allowFailure = false, options = {})
+                cmd = "mariadb #{db ? db.shellescape : ''} --execute=#{sql.shellescape}"
+                @connection.exec(cmd, allowFailure, options)
+            end
+
+            def createUserAndDB(user, password, host = nil, options = {})
+                if host.nil?
+                  if @settings['HostName'] == 'localhost'
+                      host = 'localhost'
+                  else
+                      host = '%'
+                  end
+                end
+                self.exec("CREATE USER '#{user}'@'#{host}'", nil, true, options)
+                self.exec("ALTER USER '#{user}'@'#{host}' IDENTIFIED BY '#{password}'", nil, false, { **options, hide: true })
+                self.exec("CREATE DATABASE #{user}", nil, true, options)
+                self.exec("GRANT ALL PRIVILEGES ON #{user}.* TO '#{user}'@'#{host}'", nil, false, options)
+            end
+
+            def dropDB(db, options = {})
+                self.exec("DROP DATABASE #{db}", nil, true, options)
+            end
+
+            def createAdmin(options = {})
+                self.exec("CREATE USER 'admin'@'%'", nil, true, options)
+                password = SecureRandom.alphanumeric(20)
+                self.exec("ALTER USER 'admin'@'%' IDENTIFIED BY '#{password}'", nil, false, { **options, hide: true })
+                self.exec("GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION", nil, false, options)
+                password
+            end
+
+            def dropAdmin(options = {})
+                self.exec("DROP USER 'admin'@'%'", nil, true, options)
+            end
+
+            def tableExist?(db, table, options = {})
+                table = self.exec("SHOW TABLES LIKE '#{table}'", db, false, options).strip
+                !table.empty?
+            end
+
+        end
+    end
+end

data/Plugins/Apps/MariaDB/MariaDB.lmm.rb

@@ -1,49 +1,46 @@
 require_relative '../../OS/Linux/Linux.lmm.rb'
+require_relative 'Connection'
 
 module ConfigLMM
     module LMM
         class MariaDB < Framework::LinuxApp
             PACKAGE_NAME = 'MariaDB'
-            SERVICE_NAME = 'mariadb'
+            SERVICE_NAME = :mariadb
             USER_NAME = 'mariadb'
 
             def actionMariaDBDeploy(id, target, activeState, context, options)
-                self.ensurePackage(PACKAGE_NAME, target['Location'])
-                self.ensureServiceAutoStart(SERVICE_NAME, target['Location'])
-                self.startService(SERVICE_NAME, target['Location'])
-
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-
-                    self.class.sshStart(uri) do |ssh|
-                        self.class.secureInstallation(ssh)
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
+                        linuxConnection.ensureServiceAutoStart(SERVICE_NAME, options)
+                        linuxConnection.startService(SERVICE_NAME, options)
+
+                        self.class.secureInstallation(connection)
+                        linuxConnection.exec("sed -i 's|^log-error |#log-error |' /etc/my.cnf", false, options)
                         if target['Listen']
-                            self.class.exec("sed -i 's|bind-address .*|bind-address = #{target['Listen']}|' /etc/my.cnf", ssh)
-                            self.class.restartService(SERVICE_NAME, ssh)
+                            linuxConnection.exec("sed -i 's|bind-address .*|bind-address = #{target['Listen']}|' /etc/my.cnf", false, options)
+                            linuxConnection.restartService(SERVICE_NAME, options)
                         end
                     end
-                else
-                    # TODO
                 end
-
-                activeState['Status'] = State::STATUS_DEPLOYED
             end
 
             def cleanup(configs, state, context, options)
-                cleanupType(:MariaDB, configs, state, context, options) do |item, id, state, context, options, ssh|
-                    Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
-                    Framework::LinuxApp.disableService(SERVICE_NAME, ssh, options[:dry])
-                    Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
-
+                cleanupType(:MariaDB, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        linuxConnection.stopService(SERVICE_NAME, options)
+                        linuxConnection.disableService(SERVICE_NAME, options)
+                        linuxConnection.removePackage(PACKAGE_NAME, options)
+                    end
                     state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
                 end
             end
 
-            def self.secureInstallation(ssh)
+            def self.secureInstallation(connection)
                 status = {}
                 output = ''
-                channel = ssh.exec("mariadb-secure-installation", status: status) do |channel, stream, data|
+                # TODO: FIXME to work with non-ssh connection aswell
+                channel = connection.tunnel.ssh.exec("mariadb-secure-installation", status: status) do |channel, stream, data|
                     output += data
                     channel.send_data("\n")  # Empty root password
                     channel.send_data("Y\n") # unix_socket authentication
@@ -60,53 +57,63 @@ module ConfigLMM
                 end
             end
 
+            # DEPRECATED
             def self.createRemoteUserAndDB(settings, user, password, ssh = nil)
-                self.executeRemotely(settings, ssh) do |ssh|
+                self.executeRemotely(settings, ssh) do |connection|
                     host = 'localhost'
                     host = '%' if settings['HostName'] != 'localhost'
-                    self.createUserAndDB(user, password, host, ssh)
+                    self.createUserAndDB(user, password, host, connection)
+                end
+            end
+
+            def self.withConnection(settings, linuxConnection)
+                if settings['HostName'].nil? || settings['HostName'] == 'localhost'
+                    settings['HostName'] = 'localhost'
+                    yield(MariaDBConnection.new(linuxConnection, settings))
+                else
+                    IO::Connection.tunnel("ssh://#{settings['HostName']}/", {}, {}, linuxConnection.prompt, linuxConnection.logger) do |connection|
+                        yield(MariaDBConnection.new(connection, settings))
+                    end
                 end
             end
 
-            def self.executeRemotely(settings, ssh = nil)
+            # DEPRECATED
+            def self.executeRemotely(settings, connectionOrSSH = nil)
+                prompt = TTY::Prompt.new
+                logger = TTY::Logger.new
                 settings['HostName'] = 'localhost' unless settings['HostName']
                 if settings['HostName'] == 'localhost'
-                    yield(ssh)
+                    connection = connectionOrSSH
+                    if connectionOrSSH.nil?
+                        connection = IO::Connection.new(:Local, IO::Local.new(prompt, logger), prompt, logger)
+                    elsif !connectionOrSSH.is_a?(IO::Connection)
+                        connection = IO::Connection.new(:SSH, SSH.new(prompt, logger, connectionOrSSH), prompt, logger)
+                    end
+                    yield(connection)
                 else
                     self.sshStart("ssh://#{settings['HostName']}/") do |ssh|
-                        yield(ssh)
+                        yield(IO::Connection.new(:SSH, SSH.new(prompt, logger, ssh), prompt, logger))
                     end
                 end
             end
 
-            def self.createUserAndDB(user, password, host, ssh = nil)
-                self.executeSQL("CREATE USER '#{user}'@'#{host}'", nil, ssh, true)
-                self.executeSQL("ALTER USER '#{user}'@'#{host}' IDENTIFIED BY '#{password}'", nil, ssh)
-                self.executeSQL("CREATE DATABASE #{user}", nil, ssh, true)
-                self.executeSQL("GRANT ALL PRIVILEGES ON #{user}.* TO '#{user}'@'#{host}'", nil, ssh)
-            end
-
-            def self.createAdmin(ssh)
-                self.executeSQL("CREATE USER 'admin'@'%'", nil, ssh, true)
-                password = SecureRandom.alphanumeric(20)
-                self.executeSQL("ALTER USER 'admin'@'%' IDENTIFIED BY '#{password}'", nil, ssh)
-                self.executeSQL("GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION", nil, ssh)
-                password
-            end
-
-            def self.dropAdmin(ssh)
-                self.executeSQL("DROP USER 'admin'@'%'", nil, ssh, true)
-            end
-
-            def self.tableExist?(db, table, ssh)
-                table = self.executeSQL("SHOW TABLES LIKE '#{table}'", db, ssh).strip
-                !table.empty?
+            # DEPRECATED
+            def self.createUserAndDB(user, password, host, connectionOrSSH = nil)
+                self.executeSQL("CREATE USER '#{user}'@'#{host}'", nil, connectionOrSSH, true)
+                self.executeSQL("ALTER USER '#{user}'@'#{host}' IDENTIFIED BY '#{password}'", nil, connectionOrSSH)
+                self.executeSQL("CREATE DATABASE #{user}", nil, connectionOrSSH, true)
+                self.executeSQL("GRANT ALL PRIVILEGES ON #{user}.* TO '#{user}'@'#{host}'", nil, connectionOrSSH)
             end
 
-            def self.executeSQL(sql, db = nil, ssh = nil, allowFailure = false, dry = false)
+            # DEPRECATED
+            def self.executeSQL(sql, db = nil, connectionOrSSH = nil, allowFailure = false, dry = false)
                 db = '' unless db
                 cmd = " mariadb #{db} --execute=\"#{sql.gsub('"', '\\"')};\""
-                self.exec(cmd, ssh, allowFailure, dry)
+                if connectionOrSSH.is_a?(IO::Connection)
+                    connectionOrSSH.exec(cmd, allowFailure, dry)
+                else
+                    self.exec(cmd, connectionOrSSH, allowFailure, dry)
+                end
             end
 
         end

data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container

@@ -0,0 +1,22 @@
+
+[Unit]
+Description=Mastodon Sidekiq container
+After=local-fs.target
+
+[Container]
+ContainerName=Mastodon-Sidekiq
+Image=ghcr.io/mastodon/mastodon:latest
+Exec=bundle exec sidekiq
+EnvironmentFile=/var/lib/mastodon/.config/containers/systemd/Mastodon.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=991,gid=991
+Volume=/var/lib/mastodon/system:/mastodon/public/system
+LogDriver=journald
+AutoUpdate=registry
+
+[Service]
+TimeoutStartSec=6min
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Mastodon/Mastodon-Streaming.container

@@ -0,0 +1,20 @@
+
+[Unit]
+Description=Mastodon Streaming container
+After=local-fs.target
+
+[Container]
+ContainerName=Mastodon-Streaming
+Image=ghcr.io/mastodon/mastodon-streaming:latest
+EnvironmentFile=/var/lib/mastodon/.config/containers/systemd/Mastodon.env
+Network=slirp4netns:allow_host_loopback=true
+PublishPort=127.0.0.1:14000:4000
+LogDriver=journald
+AutoUpdate=registry
+
+[Service]
+TimeoutStartSec=6min
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target default.target