bcalloway-slicehost 0.0.2.6 → 0.0.3.0

data/lib/capistrano/ext/slicehost/postgresql.rb

@@ -0,0 +1,37 @@
+namespace :postgresql do
+  desc "Restarts PostgreSQL database server"
+  task :restart, :roles => :db do
+    sudo "/etc/init.d/postgresql-8.3 restart"
+  end
+
+  desc "Starts PostgreSQL database server"
+  task :start, :roles => :db do
+    sudo "/etc/init.d/postgresql-8.3 start"
+  end
+
+  desc "Stops PostgreSQL database server"
+  task :stop, :roles => :db do
+    sudo "/etc/init.d/postgresql-8.3 stop"
+  end
+
+  desc "Export PostgreSQL database"
+  task :export, :roles => :db do
+    database = Capistrano::CLI.ui.ask("Which database should we export: ")
+    username = Capistrano::CLI.ui.ask("Username: ")
+    sudo "pg_dump -U #{username} #{database} > #{database}.sql"
+  end
+
+  desc "Import PostgreSQL database"
+  task :import, :roles => :db do
+    database = Capistrano::CLI.ui.ask("Which database should we create: ")
+    username = Capistrano::CLI.ui.ask("Username: ")
+    file     = Capistrano::CLI.ui.ask("Which database file should we import: ")
+    sudo "createdb -U #{username} #{database}"
+    sudo "pg_restore -U #{username} -d #{database} < #{file}"
+  end
+
+  desc "Install PostgreSQL"
+  task :install, :roles => :db do
+    sudo "aptitude install -y postgresql"
+  end
+end

data/lib/capistrano/ext/slicehost/profile.rb

@@ -0,0 +1,11 @@
+namespace :profile do
+  desc "Setup .bashrc the way we like it and add directory colors."
+  task :configure, :roles => :web do
+    run "mv .bashrc /home/#{user}/.bashrc.bak"
+    put render("bashrc", binding), ".bashrc"
+    put render("mydircolors", binding), ".mydircolors"
+    sudo "mv /etc/nanorc /etc/nanorc.bak"
+    put render("nanorc", binding), "nanorc"
+    sudo "mv nanorc /etc/nanorc"
+  end
+end

data/lib/capistrano/ext/slicehost/render.rb

@@ -0,0 +1,6 @@
+require 'erb'
+
+def render(file, binding)
+  template = File.read("#{File.dirname(__FILE__)}/templates/#{file}.erb")
+  result = ERB.new(template).result(binding)
+end

data/lib/capistrano/ext/slicehost/ruby.rb

@@ -0,0 +1,59 @@
+require 'net/http'
+
+set :ruby_enterprise_url do
+  Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
+end
+
+set :ruby_enterprise_version do
+  "#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
+end
+
+set :passenger_version do
+  capture("gem list passenger$ -r").gsub(/[\n|\s|passenger|(|)]/,"")
+end
+
+namespace :ruby do
+  desc "Install Ruby 1.8"
+  task :setup_18, :roles => :app do
+    sudo "aptitude install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
+
+    # sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
+    # sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
+    # sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
+    # sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
+  end
+
+  desc "Install Ruby 1.9"
+  task :setup_19, :roles => :app do
+    sudo "aptitude install -y ruby1.9.1-dev libruby1.9.1 ruby1.9.1 ri1.9.1 rdoc1.9.1 irb1.9.1 libreadline-ruby1.9.1  libopenssl-ruby1.9.1 sqlite3 libsqlite3-ruby1.9.1"
+  end
+  
+  desc "Install Ruby Enterpise Edition"
+  task :install_enterprise, :roles => :app do
+    sudo "aptitude install -y libssl-dev"
+    sudo "aptitude install -y libreadline5-dev"
+    run "test ! -d /opt/#{ruby_enterprise_version}"
+    run "wget -q #{ruby_enterprise_url}"
+    run "tar xzvf #{ruby_enterprise_version}.tar.gz"
+    run "rm #{ruby_enterprise_version}.tar.gz"
+    sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
+    sudo "rm -rf #{ruby_enterprise_version}/"
+  end
+
+  desc "Install Phusion Passenger"
+  task :install_passenger_apache, :roles => :app do
+    sudo "apt-get install apache2-mpm-prefork"
+    sudo "aptitude install -y apache2-prefork-dev"
+    sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger rake --no-rdoc --no-ri"
+    sudo "PATH='/opt/#{ruby_enterprise_version}/bin/':\$PATH /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
+
+    put render("passenger.load", binding), "/home/#{user}/passenger.load"
+    put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
+
+    sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
+    sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
+
+    sudo "a2enmod passenger"
+    apache.force_reload
+  end
+end

data/lib/capistrano/ext/slicehost/slice.rb

@@ -0,0 +1,10 @@
+namespace :slice do
+  desc "set up ssh, iptables, aptitude and vim"
+  task :configure do
+    ssh.setup
+    profile.configure
+    iptables.configure
+    aptitude.setup
+    vim.setup
+  end
+end

data/lib/capistrano/ext/slicehost/ssh.rb

@@ -0,0 +1,59 @@
+ssh_options = { :keys => [File.expand_path("~/.ssh/id_dsa"),File.expand_path("~/.ssh/id_rsa") ], :port => 22 }
+
+namespace :ssh do
+  desc <<-DESC
+    Reload SSH service.
+  DESC
+  task :reload, :roles => :gateway do
+    sudo "/etc/init.d/ssh reload"
+  end
+
+  desc <<-DESC
+    Setup SSH on the gateway host. Runs `upload_keys` and `configure_sshd` \
+    then reloads the SSH service to finalize the changes.
+  DESC
+  task :setup, :roles => :gateway do
+    upload_keys
+    configure_sshd
+    reload
+  end
+
+  desc <<-DESC
+    Uploads your local public SSH keys to the server. A .ssh folder is created if \
+    one does not already exist. The SSH keys default to the ones set in \
+    Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
+    ["/home/user/.ssh/id_dsa"].
+
+    See "SSH copy" and "SSH Permissions" sections on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :upload_keys, :roles => :gateway do
+    run "mkdir -p ~/.ssh"
+    run "chown -R #{user}:#{user} ~/.ssh"
+    run "chmod 700 ~/.ssh"
+
+    authorized_keys = ssh_options[:keys].collect { |key|
+      begin
+        File.read("#{key}.pub")
+      rescue Errno::ENOENT => e
+      end
+
+    }.join("\n")
+    put authorized_keys, "./.ssh/authorized_keys", :mode => 0600
+  end
+
+  desc <<-DESC
+    Configure SSH daemon with more secure settings recommended by Slicehost. The \
+    will be configured to run on the port configured in Capistrano's "ssh_options". \
+    This defaults to the standard SSH port 22. You can change this by setting \
+    ssh_options[:port] = 3000. Note that this change will not take affect until \
+    reload the SSH service with `cap ssh:reload`.
+
+    See "SSH config" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure_sshd, :roles => :gateway do
+    put render("sshd_config", binding), "sshd_config"
+    sudo "mv sshd_config /etc/ssh/sshd_config"
+  end
+end

data/lib/capistrano/ext/slicehost/templates/bashrc.erb

@@ -0,0 +1,93 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+export HISTCONTROL=ignoredups
+# ... and ignore same sucessive entries.
+export HISTCONTROL=ignoreboth
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;31m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
+    ;;
+*)
+    ;;
+esac
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+#if [ -f ~/.bash_aliases ]; then
+#    . ~/.bash_aliases
+#fi
+
+# enable color support of ls and also add handy aliases
+if [ "$TERM" != "dumb" ] && [ -x /usr/bin/dircolors ]; then
+    eval "`dircolors ~/.mydircolors`"
+    alias ls='ls -alH --color=auto'
+    #alias dir='ls --color=auto --format=vertical'
+    #alias vdir='ls --color=auto --format=long'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+fi

data/lib/capistrano/ext/slicehost/templates/iptables.erb

@@ -0,0 +1,42 @@
+*filter
+
+
+#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+
+#  Accepts all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+
+#  Allows all outbound traffic
+#  You can modify this to only allow certain traffic
+-A OUTPUT -j ACCEPT
+
+
+# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+
+
+#  Allows SSH connections
+#
+# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
+#
+-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
+
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+
+# log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+
+# Reject all other inbound - default deny unless explicitly allowed policy
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT

data/lib/capistrano/ext/slicehost/templates/mydircolors.erb

@@ -0,0 +1,170 @@
+# Configuration file for dircolors, a utility to help you set the
+# LS_COLORS environment variable used by GNU ls with the --color option.
+# Copyright (C) 1996, 1999-2008
+# Free Software Foundation, Inc.
+# Copying and distribution of this file, with or without modification,
+# are permitted provided the copyright notice and this notice are preserved.
+# The keywords COLOR, OPTIONS, and EIGHTBIT (honored by the
+# slackware version of dircolors) are recognized but ignored.
+# Below, there should be one TERM entry for each termtype that is colorizable
+TERM Eterm
+TERM ansi
+TERM color-xterm
+TERM con132x25
+TERM con132x30
+TERM con132x43
+TERM con132x60
+TERM con80x25
+TERM con80x28
+TERM con80x30
+TERM con80x43
+TERM con80x50
+TERM con80x60
+TERM cons25
+TERM console
+TERM cygwin
+TERM dtterm
+TERM eterm-color
+TERM gnome
+TERM gnome-256color
+TERM konsole
+TERM kterm
+TERM linux
+TERM linux-c
+TERM mach-color
+TERM mlterm
+TERM putty
+TERM rxvt
+TERM rxvt-cygwin
+TERM rxvt-cygwin-native
+TERM rxvt-unicode
+TERM screen
+TERM screen-256color
+TERM screen-bce
+TERM screen-w
+TERM screen.linux
+TERM vt100
+TERM xterm
+TERM xterm-16color
+TERM xterm-256color
+TERM xterm-88color
+TERM xterm-color
+TERM xterm-debian
+# Below are the color init strings for the basic file types. A color init
+# string consists of one or more of the following numeric codes:
+# Attribute codes:
+# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed
+# Text color codes:
+# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white
+# Background color codes:
+# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white
+NORMAL 00 # global default, although everything should be something.
+FILE 00 # normal file
+DIR 01;32 # directory
+LINK 01;36 # symbolic link. (If you set this to 'target' instead of a
+ # numerical value, the color is as for the file pointed to.)
+FIFO 40;33 # pipe
+SOCK 01;35 # socket
+DOOR 01;35 # door
+BLK 40;33;01 # block device driver
+CHR 40;33;01 # character device driver
+ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file
+SETUID 37;41 # file that is setuid (u+s)
+SETGID 30;43 # file that is setgid (g+s)
+STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w)
+OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky
+STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable
+# This is for files with execute permission:
+EXEC 01;32
+# List any file extensions like '.gz' or '.tar' that you would like ls
+# to colorize below. Put the extension, a space, and the color init string.
+# (and any comments you want to add after a '#')
+# If you use DOS-style suffixes, you may want to uncomment the following:
+#.cmd 01;32 # executables (bright green)
+#.exe 01;32
+#.com 01;32
+#.btm 01;32
+#.bat 01;32
+# Or if you want to colorize scripts even if they do not have the
+# executable bit actually set.
+#.sh 01;32
+#.csh 01;32
+ # archives or compressed (bright red)
+.tar 01;31
+.tgz 01;31
+.svgz 01;31
+.arj 01;31
+.taz 01;31
+.lzh 01;31
+.lzma 01;31
+.zip 01;31
+.z 01;31
+.Z 01;31
+.dz 01;31
+.gz 01;31
+.bz2 01;31
+.bz 01;31
+.tbz2 01;31
+.tz 01;31
+.deb 01;31
+.rpm 01;31
+.jar 01;31
+.rar 01;31
+.ace 01;31
+.zoo 01;31
+.cpio 01;31
+.7z 01;31
+.rz 01;31
+# image formats
+.jpg 01;35
+.jpeg 01;35
+.gif 01;35
+.bmp 01;35
+.pbm 01;35
+.pgm 01;35
+.ppm 01;35
+.tga 01;35
+.xbm 01;35
+.xpm 01;35
+.tif 01;35
+.tiff 01;35
+.png 01;35
+.svg 01;35
+.mng 01;35
+.pcx 01;35
+.mov 01;35
+.mpg 01;35
+.mpeg 01;35
+.m2v 01;35
+.mkv 01;35
+.ogm 01;35
+.mp4 01;35
+.m4v 01;35
+.mp4v 01;35
+.vob 01;35
+.qt 01;35
+.nuv 01;35
+.wmv 01;35
+.asf 01;35
+.rm 01;35
+.rmvb 01;35
+.flc 01;35
+.avi 01;35
+.fli 01;35
+.gl 01;35
+.dl 01;35
+.xcf 01;35
+.xwd 01;35
+.yuv 01;35
+# audio formats
+.aac 00;36
+.au 00;36
+.flac 00;36
+.mid 00;36
+.midi 00;36
+.mka 00;36
+.mp3 00;36
+.mpc 00;36
+.ogg 00;36
+.ra 00;36
+.wav 00;36