boring_services 0.2.0

data/lib/boring_services/services/memcached.rb

@@ -0,0 +1,113 @@
+module BoringServices
+  module Services
+    class Memcached < Base
+      def install
+        execute_on_host do
+          puts "  Installing Memcached on #{label || host}..."
+          ssh_executor.install_package('memcached')
+          configure_memcached
+          ssh_executor.systemd_enable('memcached')
+          ssh_executor.systemd_start('memcached')
+        end
+        rails_credentials_entry
+      end
+
+      def uninstall
+        execute_on_host do
+          puts "  Uninstalling Memcached from #{label || host}..."
+          ssh_executor.systemd_stop('memcached')
+          ssh_executor.systemd_disable('memcached')
+          ssh_executor.uninstall_package('memcached')
+        end
+      end
+
+      def restart
+        execute_on_host do
+          puts "  Restarting Memcached on #{label || host}..."
+          ssh_executor.systemd_restart('memcached')
+        end
+      end
+
+      def reconfigure
+        execute_on_host do
+          puts "  Reconfiguring Memcached on #{label || host}..."
+          configure_memcached
+          ssh_executor.systemd_restart('memcached')
+        end
+        rails_credentials_entry
+      end
+
+      private
+
+      def configure_memcached
+        # Check if custom config file is provided
+        if service_config['custom_config_template'] && File.exist?(service_config['custom_config_template'])
+          puts "    Using custom Memcached config template: #{service_config['custom_config_template']}"
+          config_content = File.read(service_config['custom_config_template'])
+          upload! StringIO.new(config_content), '/tmp/memcached.conf'
+          execute :sudo, :mv, '/tmp/memcached.conf', '/etc/memcached.conf'
+          execute :sudo, :chown, 'root:root', '/etc/memcached.conf'
+          execute :sudo, :chmod, '644', '/etc/memcached.conf'
+          return
+        end
+
+        memory = memory_mb || 64
+        listen_port = port || 11_211
+
+        # Get custom overrides or use defaults
+        custom = service_config['custom_params'] || {}
+        # Use private_ip (WireGuard) if available, otherwise custom listen_address or localhost
+        listen_address = private_ip || custom['listen_address'] || '127.0.0.1'
+        max_connections = custom['max_connections'] || 1024
+        threads = custom['threads'] || 4
+        max_item_size = custom['max_item_size'] # Optional, defaults to 1MB
+        verbosity = custom['verbosity'] # Optional, no default
+        run_as_user = custom['user'] || 'memcache'
+        disable_udp = custom.fetch('disable_udp', true)
+        modern_mode = custom.fetch('modern', true)
+        slab_growth_factor = custom['slab_growth_factor'] # Optional, default 1.25
+
+        config_content = <<~CONFIG
+          # Production-ready Memcached configuration
+          # Run as non-root user
+          -u #{run_as_user}
+          # Network settings
+          -l #{listen_address}
+          -p #{listen_port}
+          # Memory and performance
+          -m #{memory}
+          -c #{max_connections}
+          -t #{threads}
+        CONFIG
+
+        # Security: Disable UDP to prevent amplification attacks
+        config_content += "-U 0\n" if disable_udp
+        # Modern mode: enables slab rebalancing, LRU crawler, etc.
+        config_content += "-o modern\n" if modern_mode
+        # Custom slab growth factor (default 1.25, lower = less memory waste)
+        config_content += "-f #{slab_growth_factor}\n" if slab_growth_factor
+        # Max item size (default 1MB)
+        config_content += "-I #{max_item_size}\n" if max_item_size
+        # Verbosity for debugging
+        config_content += "#{'-v' * verbosity.to_i}\n" if verbosity&.to_i&.positive?
+
+        upload! StringIO.new(config_content), '/tmp/memcached.conf'
+        execute :sudo, :mv, '/tmp/memcached.conf', '/etc/memcached.conf'
+        execute :sudo, :chown, 'root:root', '/etc/memcached.conf'
+        execute :sudo, :chmod, '644', '/etc/memcached.conf'
+      end
+
+      def rails_credentials_entry
+        listen_port = port || 11_211
+        server_address = private_ip || host
+        region_label = label&.include?('us') ? 'us' : 'eu'
+        {
+          type: 'memcached',
+          region: region_label,
+          server: "#{server_address}:#{listen_port}",
+          label: label || host
+        }
+      end
+    end
+  end
+end

data/lib/boring_services/services/nginx.rb

@@ -0,0 +1,96 @@
+module BoringServices
+  module Services
+    class Nginx < Base
+      def install
+        execute_on_host do
+          puts "  Installing Nginx on #{label || host}..."
+          ssh_executor.install_package('nginx')
+          configure_nginx
+          ssh_executor.systemd_enable('nginx')
+          ssh_executor.systemd_start('nginx')
+        end
+      end
+
+      def uninstall
+        execute_on_host do
+          puts "  Uninstalling Nginx from #{label || host}..."
+          ssh_executor.systemd_stop('nginx')
+          ssh_executor.systemd_disable('nginx')
+          ssh_executor.uninstall_package('nginx')
+        end
+      end
+
+      def restart
+        execute_on_host do
+          puts "  Restarting Nginx on #{label || host}..."
+          ssh_executor.systemd_restart('nginx')
+        end
+      end
+
+      private
+
+      def configure_nginx
+        backends = service_config['backends'] || []
+        listen_port = port || 80
+        ssl_enabled = service_config['ssl'] == true
+
+        upstream_servers = backends.map do |backend|
+          backend_host = backend.is_a?(Hash) ? backend['host'] : backend
+          backend_port = backend.is_a?(Hash) ? (backend['port'] || 3000) : 3000
+          "    server #{backend_host}:#{backend_port};"
+        end.join("\n")
+
+        config_content = <<~NGINX
+          upstream backend {
+          #{upstream_servers}
+          }
+
+          server {
+              listen #{listen_port};
+              server_name _;
+
+              location / {
+                  proxy_pass http://backend;
+                  proxy_set_header Host $host;
+                  proxy_set_header X-Real-IP $remote_addr;
+                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                  proxy_set_header X-Forwarded-Proto $scheme;
+              }
+
+              location /health {
+                  access_log off;
+                  return 200 "healthy\\n";
+                  add_header Content-Type text/plain;
+              }
+          }
+        NGINX
+
+        if ssl_enabled
+          config_content += <<~NGINX
+
+            server {
+                listen 443 ssl http2;
+                server_name _;
+
+                ssl_certificate /etc/nginx/ssl/cert.pem;
+                ssl_certificate_key /etc/nginx/ssl/key.pem;
+
+                location / {
+                    proxy_pass http://backend;
+                    proxy_set_header Host $host;
+                    proxy_set_header X-Real-IP $remote_addr;
+                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                    proxy_set_header X-Forwarded-Proto $scheme;
+                }
+            }
+          NGINX
+        end
+
+        upload! StringIO.new(config_content), '/tmp/default'
+        execute :sudo, :mv, '/tmp/default', '/etc/nginx/sites-available/default'
+        execute :sudo, :chown, 'root:root', '/etc/nginx/sites-available/default'
+        execute :sudo, :chmod, '644', '/etc/nginx/sites-available/default'
+      end
+    end
+  end
+end

data/lib/boring_services/services/redis.rb

@@ -0,0 +1,55 @@
+module BoringServices
+  module Services
+    class Redis < Base
+      def install
+        execute_on_host do
+          puts "  Installing Redis on #{label || host}..."
+          ssh_executor.install_package('redis-server')
+          configure_redis
+          ssh_executor.systemd_enable('redis-server')
+          ssh_executor.systemd_start('redis-server')
+        end
+      end
+
+      def uninstall
+        execute_on_host do
+          puts "  Uninstalling Redis from #{label || host}..."
+          ssh_executor.systemd_stop('redis-server')
+          ssh_executor.systemd_disable('redis-server')
+          ssh_executor.uninstall_package('redis-server')
+        end
+      end
+
+      def restart
+        execute_on_host do
+          puts "  Restarting Redis on #{label || host}..."
+          ssh_executor.systemd_restart('redis-server')
+        end
+      end
+
+      private
+
+      def configure_redis
+        memory = memory_mb || 256
+        listen_port = port || 6379
+        password = resolve_secret('redis_password') if config.secrets['redis_password']
+
+        config_content = <<~REDIS
+          bind 0.0.0.0
+          port #{listen_port}
+          maxmemory #{memory}mb
+          maxmemory-policy allkeys-lru
+          appendonly yes
+          appendfsync everysec
+        REDIS
+
+        config_content += "requirepass #{password}\n" if password
+
+        upload! StringIO.new(config_content), '/tmp/redis.conf'
+        execute :sudo, :mv, '/tmp/redis.conf', '/etc/redis/redis.conf'
+        execute :sudo, :chown, 'redis:redis', '/etc/redis/redis.conf'
+        execute :sudo, :chmod, '640', '/etc/redis/redis.conf'
+      end
+    end
+  end
+end

data/lib/boring_services/ssh_executor.rb

@@ -0,0 +1,206 @@
+require 'sshkit'
+require 'sshkit/dsl'
+
+module BoringServices
+  class SSHExecutor
+    include SSHKit::DSL
+
+    attr_reader :config
+
+    def initialize(config)
+      @config = config
+      setup_sshkit
+    end
+
+    def execute_on_host(host, &)
+      on(formatted_host(host), &)
+    end
+
+    def execute_on_host_for_service(service, &block)
+      hosts = Array(service['hosts'] || service['host']).compact
+      raise Error, "No hosts defined for service #{service['name'] || 'unknown'}" if hosts.empty?
+
+      hosts.each do |host|
+        on formatted_host(host) do
+          block.call(host)
+        end
+      end
+    end
+
+    def install_package(package, host = nil)
+      if host
+        execute_on_host(host) do
+          wait_for_dpkg_lock
+          execute :sudo, 'apt-get', 'update'
+          execute :sudo, 'DEBIAN_FRONTEND=noninteractive', 'apt-get', 'install', '-y', package
+        end
+      else
+        # Called from within SSHKit context
+        wait_for_dpkg_lock
+        backend.execute :sudo, 'apt-get', 'update'
+        backend.execute :sudo, 'DEBIAN_FRONTEND=noninteractive', 'apt-get', 'install', '-y', package
+      end
+    end
+
+    def wait_for_dpkg_lock
+      # Wait for dpkg/apt locks to be released (e.g., unattended-upgrades)
+      max_wait = 300  # 5 minutes max
+      wait_interval = 10  # Check every 10 seconds
+      elapsed = 0
+
+      loop do
+        # Check if dpkg lock exists and is held by another process
+        lock_held = backend.test '[ -f /var/lib/dpkg/lock-frontend ]'
+
+        if lock_held
+          # Check if lock is actually held by checking fuser
+          processes = backend.capture(:sudo, :fuser, '/var/lib/dpkg/lock-frontend', '2>/dev/null', raise_on_non_zero_exit: false).strip
+
+          if processes.empty?
+            # Lock file exists but no process holding it - safe to proceed
+            break
+          end
+
+          if elapsed >= max_wait
+            puts "    ⚠ Warning: dpkg lock still held after #{max_wait}s, proceeding anyway..."
+            break
+          end
+
+          puts "    ⏳ Waiting for dpkg lock to be released (#{elapsed}s elapsed)..."
+          sleep wait_interval
+          elapsed += wait_interval
+        else
+          # No lock file - safe to proceed
+          break
+        end
+      end
+    end
+
+    def uninstall_package(package, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'apt-get', 'remove', '-y', package
+          execute :sudo, 'apt-get', 'autoremove', '-y'
+        end
+      else
+        backend.execute :sudo, 'apt-get', 'remove', '-y', package
+        backend.execute :sudo, 'apt-get', 'autoremove', '-y'
+      end
+    end
+
+    def upload_template(template_path, destination, context = {}, host = nil)
+      template = File.read(template_path)
+      result = ERB.new(template).result_with_hash(context)
+
+      if host
+        execute_on_host(host) do
+          upload! StringIO.new(result), destination
+          execute :sudo, 'chown', 'root:root', destination
+          execute :sudo, 'chmod', '644', destination
+        end
+      else
+        backend.upload! StringIO.new(result), destination
+        backend.execute :sudo, 'chown', 'root:root', destination
+        backend.execute :sudo, 'chmod', '644', destination
+      end
+    end
+
+    def systemd_enable(service_name, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'systemctl', 'daemon-reload'
+          execute :sudo, 'systemctl', 'enable', service_name
+        end
+      else
+        backend.execute :sudo, 'systemctl', 'daemon-reload'
+        backend.execute :sudo, 'systemctl', 'enable', service_name
+      end
+    end
+
+    def systemd_start(service_name, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'systemctl', 'start', service_name
+        end
+      else
+        backend.execute :sudo, 'systemctl', 'start', service_name
+      end
+    end
+
+    def systemd_stop(service_name, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'systemctl', 'stop', service_name
+        end
+      else
+        backend.execute :sudo, 'systemctl', 'stop', service_name
+      end
+    end
+
+    def systemd_restart(service_name, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'systemctl', 'restart', service_name
+        end
+      else
+        backend.execute :sudo, 'systemctl', 'restart', service_name
+      end
+    end
+
+    def systemd_disable(service_name, host = nil)
+      if host
+        execute_on_host(host) do
+          execute :sudo, 'systemctl', 'disable', service_name
+        end
+      else
+        backend.execute :sudo, 'systemctl', 'disable', service_name
+      end
+    end
+
+    def systemd_status(service_name, host = nil)
+      if host
+        result = nil
+        execute_on_host(host) do
+          result = capture :sudo, 'systemctl', 'status', service_name, raise_on_non_zero_exit: false
+        end
+        result
+      else
+        backend.capture :sudo, 'systemctl', 'status', service_name, raise_on_non_zero_exit: false
+      end
+    end
+
+    private
+
+    def backend
+      SSHKit::Backend.current ||
+        raise('SSHKit backend is not available. Provide a host or call within execute_on_host.')
+    end
+
+    def setup_sshkit
+      SSHKit::Backend::Netssh.configure do |ssh|
+        ssh.ssh_options = {
+          user: config.user,
+          keys: [File.expand_path(config.ssh_key)],
+          forward_agent: config.forward_agent,
+          auth_methods: config.ssh_auth_methods,
+          keys_only: !config.use_ssh_agent,
+          use_agent: config.use_ssh_agent
+        }
+      end
+    end
+
+    def formatted_host(host)
+      case host
+      when Hash
+        target_host = host['host'] || host[:host]
+        raise Error, 'Host entry missing host field' unless target_host
+
+        user = host['user'] || host[:user] || config.user
+        "#{user}@#{target_host}"
+      else
+        host_string = host.to_s
+        host_string.include?('@') ? host_string : "#{config.user}@#{host_string}"
+      end
+    end
+  end
+end

data/lib/boring_services/version.rb

@@ -0,0 +1,3 @@
+module BoringServices
+  VERSION = '0.2.0'.freeze
+end

data/lib/boring_services.rb

@@ -0,0 +1,32 @@
+require_relative 'boring_services/version'
+require_relative 'boring_services/configuration'
+require_relative 'boring_services/secrets'
+require_relative 'boring_services/cli'
+require_relative 'boring_services/installer'
+require_relative 'boring_services/ssh_executor'
+require_relative 'boring_services/health_checker'
+
+require_relative 'boring_services/services/base'
+require_relative 'boring_services/services/memcached'
+require_relative 'boring_services/services/redis'
+require_relative 'boring_services/services/haproxy'
+require_relative 'boring_services/services/nginx'
+
+module BoringServices
+  class Error < StandardError; end
+
+  def self.root
+    File.expand_path('..', __dir__)
+  end
+
+  def self.status
+    config = Configuration.load
+    health_checker = HealthChecker.new(config)
+    health_checker.check_all
+  end
+end
+require 'stringio'
+
+# Load railtie if Rails is already loaded (safe to require Rails components)
+# This avoids load order issues with ActiveSupport
+require_relative 'boring_services/railtie' if defined?(Rails::Railtie)

data/lib/tasks/services.rake

@@ -0,0 +1,47 @@
+namespace :boring_services do
+  def boringservices_cli(*args)
+    cli_args = ['bundle', 'exec', 'boringservices', *args]
+    env = ENV.fetch('BORING_SERVICES_ENV', nil)
+    cli_args += ['-e', env] if env && !env.empty?
+    config_path = ENV.fetch('BORING_SERVICES_CONFIG', nil)
+    cli_args += ['-c', config_path] if config_path && !config_path.empty?
+    system(*cli_args)
+  end
+
+  desc 'Install BoringServices configuration'
+  task :install do
+    system('rails generate boring_services:install')
+  end
+
+  desc 'Deploy all services'
+  task :setup do
+    config_path = 'config/services.yml'
+    unless File.exist?(config_path)
+      puts "⚠️  Config file not found: #{config_path}"
+      puts '📦 Running install generator first...'
+      system('rails generate boring_services:install') || raise('Failed to generate config file')
+    end
+    boringservices_cli('setup')
+  end
+
+  desc 'Check services health'
+  task :health do
+    boringservices_cli('status')
+  end
+
+  desc 'Restart all services'
+  task :restart do
+    boringservices_cli('restart')
+  end
+
+  desc 'Reconfigure all services (skip package install, update config only)'
+  task :reconfigure do
+    boringservices_cli('reconfigure')
+  end
+
+  desc 'Show services status'
+  task :status do
+    puts "\n🔧 Infrastructure Services Status\n\n"
+    boringservices_cli('status')
+  end
+end