bullion 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 963485e78c3801d797247abf4898afb5b592797d173a03a5e388060bbd455e01
-  data.tar.gz: c1ae7f9f915693551e8223096260f74deff612211d22340b3b90cfb328a27553
+  metadata.gz: 74fbfc1ee8b98c2ff1c707302c8e62c9b2f8d106308b8b3b02d6a1ffe622cb77
+  data.tar.gz: adbd79fc4e82a9630dee2dd71c1e33c7e0a8f02732c986af07b1ba3d1733fd5c
 SHA512:
-  metadata.gz: 3439de16cbab209608c35eda483ce814d6bba3bfb0a6a28c03c7ea7a372fa9008e34a479270ff5463c44d222f0b11438be05f419210775faccd01aa39f22f5e5
-  data.tar.gz: 43c3238954f9766495a86ae6ea04463ccb3646d5ee5a1bbbfcccaf6c4a2bba1056ff252dd9f409eec836e3ac04b611c570ee34bd0c1f8cb38dc02b47dee7d194
+  metadata.gz: f1cfc723554109cdb6e837e2dabd66eed6dd52d3cd7ca649923f88940c31e83e957e749ec1449c6eef4ffbcc89aafbbf822a3725b55688a3dc5d4290bd63552b
+  data.tar.gz: ccbe2a235fa91b4568b6977f55b22122de5f0fc1e0c2620c4ef9e16dfc4ce618ccff0322ea1e5c9dc3711f2dc10b22a9dc0bcd5c45d406adb08640229ec78048

data/.github/workflows/ci.yml

@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.3', '3.4']
+        ruby-version: ['3.4']
 
     steps:
       - name: Checkout code

data/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.8.0"
+  ".": "0.10.0"
 }

data/.rubocop.yml

@@ -6,11 +6,12 @@ Layout/LineLength:
   Max: 100
 
 AllCops:
-  TargetRubyVersion: 3.3
+  TargetRubyVersion: 3.4
   Exclude:
   - 'db/schema.rb'
   - 'vendor/**/*'
   - 'tmp/**/*'
+  - Itsi.rb
   NewCops: enable
 
 Metrics/AbcSize:

data/.ruby-version

@@ -1 +1 @@
-3.3.4
+3.4.4

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+## [0.10.0](https://github.com/jgnagy/bullion/compare/bullion/v0.9.0...bullion/v0.10.0) (2025-07-05)
+
+
+### ⚠ BREAKING CHANGES
+
+* update Docker image with Itsi configuration
+
+### Bug Fixes
+
+* update Docker image with Itsi configuration ([4be39dd](https://github.com/jgnagy/bullion/commit/4be39dd6200f058907029e23a07f19241705b701))
+
+## [0.9.0](https://github.com/jgnagy/bullion/compare/bullion/v0.8.0...bullion/v0.9.0) (2025-07-05)
+
+
+### ⚠ BREAKING CHANGES
+
+* full ruby and dependency upgrade
+
+### Miscellaneous Chores
+
+* full ruby and dependency upgrade ([7625208](https://github.com/jgnagy/bullion/commit/7625208b1c4fa6b1acb5a0c9e7362001d66e4e08))
+
 ## [0.8.0](https://github.com/jgnagy/bullion/compare/bullion-v0.7.3...bullion/v0.8.0) (2025-03-13)
 
 

data/Dockerfile

@@ -1,10 +1,10 @@
-FROM ruby:3.2 AS build
+FROM ruby:3.4.4 AS build
 
 ENV RACK_ENV=development
 
 COPY . /build
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y libsqlite3-dev sqlite3 curl libsodium-dev
+RUN apt-get update && apt-get upgrade -y && apt-get install -y libsqlite3-dev sqlite3 curl libsodium-dev build-essential libclang-dev
 
 RUN cd /build \
     && gem build bullion.gemspec \
@@ -12,14 +12,14 @@ RUN cd /build \
 
 WORKDIR /build
 
-FROM ruby:3.2
+FROM ruby:3.4.4
 LABEL maintainer="Jonathan Gnagy <jonathan.gnagy@gmail.com>"
 
 ENV BULLION_PORT=9292
-ENV BULLION_ENVIRONMENT=development
+ENV RACK_ENV=production
 ENV DATABASE_URL=sqlite3:///tmp/bullion.db
 
-RUN apt-get update && apt-get upgrade -y && apt-get -y install libsqlite3-dev sqlite3 curl libsodium-dev
+RUN apt-get update && apt-get upgrade -y && apt-get -y install libsqlite3-dev sqlite3 curl libsodium-dev build-essential libclang-dev
 
 RUN mkdir /app
 
@@ -27,6 +27,7 @@ COPY ./scripts/docker-entrypoint.sh /entrypoint.sh
 COPY --from=build /bullion.gem /app/bullion.gem
 COPY ./db /app/db
 COPY ./config.ru /app/config.ru
+COPY ./Itsi.rb /app/Itsi.rb
 COPY ./Rakefile /app/Rakefile
 
 RUN mkdir /ssl
@@ -34,7 +35,8 @@ RUN mkdir /ssl
 RUN chmod +x /entrypoint.sh \
     && chown nobody /app/db \
     && chown nobody /app/db/schema.rb \
-    && chown -R nobody:nogroup /ssl
+    && chown -R nobody:nogroup /ssl \
+    && chown nobody /app
 
 WORKDIR /app
 
@@ -42,4 +44,6 @@ RUN gem install bullion.gem
 
 USER nobody
 
+EXPOSE 9292
+
 ENTRYPOINT ["/entrypoint.sh"]

data/Gemfile.lock

@@ -1,26 +1,26 @@
 PATH
   remote: .
   specs:
-    bullion (0.8.0)
+    bullion (0.10.0)
       benchmark (~> 0.4)
       dry-configurable (~> 1.1)
       httparty (~> 0.21)
+      itsi (~> 0.2)
       json (~> 2.6)
       jwt (~> 2.7)
       mysql2 (~> 0.5)
       openssl (~> 3.0)
       prometheus-client (~> 4.2)
-      puma (~> 6.4)
       sinatra (~> 3.1)
       sinatra-activerecord (~> 2.0)
       sinatra-contrib (~> 3.1)
-      sqlite3 (~> 2.6)
+      sqlite3 (~> 2.7)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    acme-client (2.0.20)
-      base64 (~> 0.2.0)
+    acme-client (2.0.22)
+      base64 (~> 0.2)
       faraday (>= 1.0, < 3.0.0)
       faraday-retry (>= 1.0, < 3.0.0)
     activemodel (8.0.2)
@@ -42,18 +42,18 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
-    ast (2.4.2)
+    ast (2.4.3)
     backport (1.2.0)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+    base64 (0.3.0)
+    benchmark (0.4.1)
+    bigdecimal (3.2.2)
     byebug (11.1.3)
     concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
-    csv (3.3.2)
-    diff-lcs (1.6.0)
+    connection_pool (2.5.3)
+    csv (3.3.5)
+    diff-lcs (1.6.2)
     docile (1.4.1)
-    drb (2.2.1)
+    drb (2.2.3)
     dry-configurable (1.3.0)
       dry-core (~> 1.1)
       zeitwerk (~> 2.6)
@@ -61,98 +61,109 @@ GEM
       concurrent-ruby (~> 1.0)
       logger
       zeitwerk (~> 2.6)
-    faraday (2.12.2)
+    faraday (2.13.2)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
+    faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
-    faraday-retry (2.2.1)
+    faraday-retry (2.3.2)
       faraday (~> 2.0)
-    httparty (0.22.0)
+    httparty (0.23.1)
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
-    jaro_winkler (1.6.0)
-    json (2.10.2)
-    jwt (2.10.1)
+    itsi (0.2.18)
+      itsi-scheduler (~> 0.2.18)
+      itsi-server (~> 0.2.18)
+    itsi-scheduler (0.2.18)
+      rb_sys (~> 0.9.91)
+    itsi-server (0.2.18)
+      json (~> 2)
+      prism (~> 1.4)
+      rack (>= 1.6)
+      rb_sys (~> 0.9.91)
+    jaro_winkler (1.6.1)
+    json (2.12.2)
+    jwt (2.10.2)
       base64
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    language_server-protocol (3.17.0.4)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.6.6)
+    logger (1.7.0)
     mini_mime (1.1.5)
     minitest (5.25.5)
     multi_json (1.15.0)
-    multi_xml (0.7.1)
+    multi_xml (0.7.2)
       bigdecimal (~> 3.1)
     mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
     mysql2 (0.5.6)
     net-http (0.6.0)
       uri
-    nio4r (2.7.4)
-    nokogiri (1.18.3-aarch64-linux-gnu)
+    nokogiri (1.18.8-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.3-aarch64-linux-musl)
+    nokogiri (1.18.8-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.3-arm-linux-gnu)
+    nokogiri (1.18.8-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.3-arm-linux-musl)
+    nokogiri (1.18.8-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.3-arm64-darwin)
+    nokogiri (1.18.8-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.3-x86_64-darwin)
+    nokogiri (1.18.8-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.3-x86_64-linux-gnu)
+    nokogiri (1.18.8-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.3-x86_64-linux-musl)
+    nokogiri (1.18.8-x86_64-linux-musl)
       racc (~> 1.4)
     observer (0.1.2)
     openssl (3.3.0)
-    ostruct (0.6.1)
-    parallel (1.26.3)
-    parser (3.3.7.1)
+    ostruct (0.6.2)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
       racc
+    prism (1.4.0)
     prometheus-client (4.2.4)
       base64
-    puma (6.6.0)
-      nio4r (~> 2.0)
     racc (1.8.1)
-    rack (2.2.13)
+    rack (2.2.17)
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
     rack-test (2.2.0)
       rack (>= 1.3)
     rainbow (3.1.1)
-    rake (13.2.1)
-    rbs (3.8.1)
+    rake (13.3.0)
+    rake-compiler-dock (1.9.1)
+    rb_sys (0.9.116)
+      rake-compiler-dock (= 1.9.1)
+    rbs (3.9.4)
       logger
     regexp_parser (2.10.0)
     reverse_markdown (3.0.0)
       nokogiri
     rexml (3.4.1)
-    rspec (3.13.0)
+    rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.3)
+    rspec-core (3.13.5)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    rubocop (1.73.2)
+    rspec-support (3.13.4)
+    rubocop (1.77.0)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -160,15 +171,16 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.45.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.38.1)
-      parser (>= 3.3.1.0)
+    rubocop-ast (1.45.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
     rubocop-rake (0.7.1)
       lint_roller (~> 1.1)
       rubocop (>= 1.72.1)
-    rubocop-rspec (3.5.0)
+    rubocop-rspec (3.6.0)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
     ruby-progressbar (1.13.0)
@@ -197,33 +209,34 @@ GEM
       rack-protection (= 3.2.0)
       sinatra (= 3.2.0)
       tilt (~> 2.0)
-    solargraph (0.52.0)
+    solargraph (0.56.0)
       backport (~> 1.2)
-      benchmark
+      benchmark (~> 0.4)
       bundler (~> 2.0)
       diff-lcs (~> 1.4)
-      jaro_winkler (~> 1.6)
+      jaro_winkler (~> 1.6, >= 1.6.1)
       kramdown (~> 2.3)
       kramdown-parser-gfm (~> 1.1)
       logger (~> 1.6)
       observer (~> 0.1)
       ostruct (~> 0.6)
       parser (~> 3.0)
-      rbs (~> 3.0)
-      reverse_markdown (>= 2.0, < 4)
+      prism (~> 1.4)
+      rbs (~> 3.3)
+      reverse_markdown (~> 3.0)
       rubocop (~> 1.38)
       thor (~> 1.0)
       tilt (~> 2.0)
       yard (~> 0.9, >= 0.9.24)
       yard-solargraph (~> 0.1)
-    sqlite3 (2.6.0-aarch64-linux-gnu)
-    sqlite3 (2.6.0-aarch64-linux-musl)
-    sqlite3 (2.6.0-arm-linux-gnu)
-    sqlite3 (2.6.0-arm-linux-musl)
-    sqlite3 (2.6.0-arm64-darwin)
-    sqlite3 (2.6.0-x86_64-darwin)
-    sqlite3 (2.6.0-x86_64-linux-gnu)
-    sqlite3 (2.6.0-x86_64-linux-musl)
+    sqlite3 (2.7.1-aarch64-linux-gnu)
+    sqlite3 (2.7.1-aarch64-linux-musl)
+    sqlite3 (2.7.1-arm-linux-gnu)
+    sqlite3 (2.7.1-arm-linux-musl)
+    sqlite3 (2.7.1-arm64-darwin)
+    sqlite3 (2.7.1-x86_64-darwin)
+    sqlite3 (2.7.1-x86_64-linux-gnu)
+    sqlite3 (2.7.1-x86_64-linux-musl)
     thor (1.3.2)
     tilt (2.6.0)
     timeout (0.4.3)
@@ -236,7 +249,7 @@ GEM
     yard (0.9.37)
     yard-solargraph (0.1.0)
       yard (~> 0.9)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   aarch64-linux

data/Itsi.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+# This is the default Itsi configuration file, installed when you run `itsi init`
+# It contains a sane starting point for configuring your Itsi server.
+# You can use this file in both development and production environments.
+# Most of the options in this file can be overridden by command line options.
+# Check out itsi -h to learn more about the command line options available to you.
+
+env = ENV.fetch("APP_ENV") { ENV.fetch("RACK_ENV", "development") }
+
+# Number of worker processes to spawn
+# If more than 1, Itsi will be booted in Cluster mode
+workers ENV["WORKERS"]&.to_i || (env == "development" ? 1 : nil)
+
+# Number of threads to spawn per worker process
+# For pure CPU bound applicationss, you'll get the best results keeping this number low
+# Setting a value of 1 is great for superficial benchmarks, but in reality
+# it's better to set this a bit higher to allow expensive requests to get overtaken and minimize head-of-line blocking
+threads ENV.fetch("THREADS", 3).to_i
+
+# If your application is IO bound (e.g. performing a lot of proxied HTTP requests, or heavy queries etc)
+# you can see *substantial* benefits from enabling this option.
+# To set this option, pass a string, not a class (as we will not have loaded the class yet)
+# E.g.
+# `fiber_scheduler "Itsi::Scheduler"` - The default fast and light-weight scheduler that comes with Itsi
+# `fiber_scheduler "Async::Scheduler"` - Bring your own scheduler!
+fiber_scheduler "Itsi::Scheduler"
+
+# If you bind to https, without specifying a certificate, Itsi will use a self-signed certificate.
+# The self-signed certificate will use a CA generated for your
+# host and stored inside `ITSI_LOCAL_CA_DIR` (Defaults to ~/.itsi)
+# bind "https://0.0.0.0:3000"
+# bind "https://0.0.0.0:3000?domains=dev.itsi.fyi"
+#
+# If you want to use let's encrypt to generate you a real certificate you
+# and pass cert=acme and an acme_email address to generate one.
+# bind "https://itsi.fyi?cert=acme&acme_email=admin@itsi.fyi"
+# You can generate certificates for multiple domains at once, by passing a comma-separated list of domains
+# bind "https://0.0.0.0?domains=foo.itsi.fyi,bar.itsi.fyi&cert=acme&acme_email=admin@itsi.fyi"
+#
+# If you already have a certificate you can specify it using the cert and key parameters
+# bind "https://itsi.fyi?cert=/path/to/cert.pem&key=/path/to/key.pem"
+#
+# You can also bind to a unix socket or a tls unix socket. E.g.
+# bind "unix:///tmp/itsi.sock"
+# bind "tls:///tmp/itsi.secure.sock"
+
+bind "http://0.0.0.0:#{ENV.fetch("BULLION_PORT", 9292)}"
+
+# If you want to preload the application, set preload to true
+# to load the entire rack-app defined in rack_file_name before forking.
+# Alternatively, you can preload just a specific set of gems in a group in your gemfile,
+# by providing the group name here.
+# E.g.
+#
+# preload :preload # Load gems inside the preload group
+# preload false # Don't preload.
+#
+# If you want to be able to perform zero-downtime deploys using a single itsi process,
+# you should disable preloads, so that the application is loaded fresh each time a new worker boots
+preload true
+
+# Set the maximum memory limit for each worker process in bytes
+# When this limit is reached, the worker will be gracefully restarted.
+# Only one worker is restarted at a time to ensure we don't take down
+# all of them at once, if they reach the threshold simultaneously.
+worker_memory_limit ENV.fetch("WORKER_MEMORY_LIMIT") { 1024 * 1024 * 1024 } # Default to 1GB
+
+# You can provide an optional block of code to run, when a worker hits its memory threshold
+# (Use this to send yourself an alert,
+# write metrics to disk etc. etc.)
+after_memory_limit_reached do |pid|
+  puts "Worker #{pid} has reached its memory threshold and will restart"
+end
+
+# Do clean up of any non-threadsafe resources before forking a new worker here.
+before_fork {}
+
+# Reinitialize any non-threadsafe resources after forking a new worker here.
+after_fork {}
+
+# Shutdown timeout
+# Number of seconds to wait for workers to gracefully shutdown before killing them.
+shutdown_timeout 5
+
+# Set this to false for application environments that require rack.input to be a rewindable body
+# (like Rails). For rack applications that can stream inputs, you can set this to true for a more
+# memory-efficient approach.
+stream_body false
+
+# OOB GC responses threshold
+# Specifies how frequently OOB gc should be triggered during periods where there is a gap in queued requests.
+# Setting this too low can substantially worsen performance
+oob_gc_responses_threshold 512
+
+# Log level
+# Set this to one of the following values: debug, info, warn, error, fatal
+# Can also be set using the ITSI_LOG environment variable
+log_level ENV.fetch("LOG_LEVEL", "warn").to_sym
+
+# Log Format
+# Set this to be either :plain or :json. If you leave it blank Itsi will try
+# and auto-detect the format based on the TTY environment.
+log_format :plain
+# You can mount several Ruby apps as either
+# 1. rackup files
+# 2. inline rack apps
+# 3. inline Ruby endpoints
+#
+# 1. rackup_file
+rackup_file "./config.ru"
+#
+# 2. inline rack app
+# require 'rack'
+# run(Rack::Builder.app do
+#   use Rack::CommonLogger
+#   run ->(env) { [200, { 'content-type' => 'text/plain' }, ['OK']] }
+# end)
+#
+# 3. Endpoints
+# endpoint "/" do |req|
+#   req.ok "Hello from Itsi"
+# end

data/README.md

@@ -40,8 +40,9 @@ Whether run locally or via Docker, the following environment variables configure
 | `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
 | `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
 | `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
-| `MIN_THREADS` | `2` | Minimum number of [Puma](https://puma.io/) threads for processing requests. |
-| `MAX_THREADS` | `32` | Maximum number of [Puma](https://puma.io/) threads for processing requests. |
+| `THREADS` | `3` | Number of [Itsi threads](https://itsi.fyi/options/threads/) for processing requests. |
+| `WORKERS` | `1` | Number of [Itsi workers](https://itsi.fyi/options/workers/) to spawn. |
+| `WORKER_MEMORY_LIMIT` | `1024**3` | [Itsi worker memory limit](https://itsi.fyi/options/worker_memory_limit/) for each worker process (in bytes). Default is 1GiB. |
 | `RACK_ENV` | `production`* | When run via Docker, the default is `production`, when run via `rake local_demo` it is `development`. Used to tell Bullion if it is run in development mode or for testing. |
 
 ### Integrating

data/Rakefile

@@ -4,12 +4,62 @@ ENV["RACK_ENV"] ||= "development"
 
 if %w[development test].include? ENV["RACK_ENV"]
   ENV["DATABASE_URL"] = "sqlite3:#{File.expand_path(".")}/tmp/db/#{ENV["RACK_ENV"]}.sqlite3"
+  require "bundler/gem_tasks"
+  require "rspec/core/rake_task"
+  require "rubocop/rake_task"
+  require "yard"
+
+  RSpec::Core::RakeTask.new(:spec) do |t|
+    t.exclude_pattern = "spec/integration/**{,/*/**}/*_spec.rb"
+    t.rspec_opts = "--require spec_helper"
+  end
+  RSpec::Core::RakeTask.new(:integration_testing) do |t|
+    t.pattern = "spec/integration/**{,/*/**}/*_spec.rb"
+    t.rspec_opts = "--require integration_helper"
+  end
+  RuboCop::RakeTask.new(:rubocop)
+  YARD::Rake::YardocTask.new
+
+  desc "Runs a backgrounded demo environment"
+  task :demo do
+    rack_env = "test"
+    database_url = "sqlite3:#{File.expand_path(".")}/tmp/db/#{rack_env}.sqlite3"
+    system("RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" bundle exec rake db:migrate")
+    system(
+      "RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" " \
+      "LOG_LEVEL='#{ENV.fetch("LOG_LEVEL", "info")}' " \
+      "itsi --daemonize"
+    )
+    FileUtils.touch(File.join(File.expand_path("."), "tmp", "daemon.pid"))
+  end
+
+  desc "Runs a foregrounded demo environment"
+  task :foreground_demo do
+    system("itsi")
+  end
+
+  desc "Cleans up test or demo environment"
+  task :cleanup do
+    at_exit do
+      pid_file = File.join(File.expand_path("."), "tmp", "daemon.pid")
+      if File.exist?(pid_file)
+        system("itsi stop")
+        FileUtils.rm_f(pid_file)
+      end
+      FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
+      FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
+      FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.crt"))
+      FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.key"))
+      FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
+      ENV["CA_DIR"] = nil
+      ENV["CA_SECRET"] = nil
+      ENV["CA_DOMAINS"] = nil
+    end
+  end
+
+  Rake::Task["integration_testing"].enhance(["cleanup"])
 end
 
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-require "rubocop/rake_task"
-require "yard"
 require "openssl"
 require "sqlite3"
 require "sinatra/activerecord/rake"
@@ -22,17 +72,6 @@ namespace :db do
   end
 end
 
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.exclude_pattern = "spec/integration/**{,/*/**}/*_spec.rb"
-  t.rspec_opts = "--require spec_helper"
-end
-RSpec::Core::RakeTask.new(:integration_testing) do |t|
-  t.pattern = "spec/integration/**{,/*/**}/*_spec.rb"
-  t.rspec_opts = "--require integration_helper"
-end
-RuboCop::RakeTask.new(:rubocop)
-YARD::Rake::YardocTask.new
-
 desc "Prepares a demo or test environment"
 task :prep do
   FileUtils.mkdir_p(File.join(File.expand_path("."), "tmp"))
@@ -48,7 +87,7 @@ task :prep do
   root_ca.version = 2
   root_ca.serial = (2**rand(10..20)) - 1
   root_ca.subject = OpenSSL::X509::Name.parse(
-    %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
+    %w[test domain].reverse.map { "DC=#{it}" }.join("/") + "/CN=bullion"
   )
   root_ca.issuer = root_ca.subject # root CA's are "self-signed"
   root_ca.public_key = root_key.public_key
@@ -108,45 +147,6 @@ task :prep do
   )
 end
 
-desc "Runs a backgrounded demo environment"
-task :demo do
-  rack_env = "test"
-  database_url = "sqlite3:#{File.expand_path(".")}/tmp/db/#{rack_env}.sqlite3"
-  system("RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" bundle exec rake db:migrate")
-  system(
-    "RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" " \
-    "LOG_LEVEL='#{ENV.fetch("LOG_LEVEL", "info")}' " \
-    "rackup -D -P #{File.expand_path(".")}/tmp/daemon.pid"
-  )
-end
-
-desc "Runs a foregrounded demo environment"
-task :foreground_demo do
-  system("rackup -o 0.0.0.0 -P #{File.expand_path(".")}/tmp/daemon.pid")
-end
-
-desc "Cleans up test or demo environment"
-task :cleanup do
-  at_exit do
-    pid_file = File.join(File.expand_path("."), "tmp", "daemon.pid")
-    if File.exist?(pid_file)
-      pid = File.read(pid_file).to_i
-      Process.kill("TERM", pid)
-      FileUtils.rm_f(pid_file)
-    end
-    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
-    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
-    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.crt"))
-    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.key"))
-    FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
-    ENV["CA_DIR"] = nil
-    ENV["CA_SECRET"] = nil
-    ENV["CA_DOMAINS"] = nil
-  end
-end
-
-Rake::Task["integration_testing"].enhance(["cleanup"])
-
 task test: %i[prep db:migrate spec demo integration_testing]
 task unit: %i[prep db:migrate spec]
 

data/bullion.gemspec

@@ -24,21 +24,21 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = "~> 3.3"
+  spec.required_ruby_version = "~> 3.4"
 
   spec.add_dependency "benchmark",            "~> 0.4"
   spec.add_dependency "dry-configurable",     "~> 1.1"
   spec.add_dependency "httparty",             "~> 0.21"
+  spec.add_dependency "itsi",                 "~> 0.2"
   spec.add_dependency "json",                 "~> 2.6"
   spec.add_dependency "jwt",                  "~> 2.7"
   spec.add_dependency "mysql2",               "~> 0.5"
   spec.add_dependency "openssl",              "~> 3.0"
   spec.add_dependency "prometheus-client",    "~> 4.2"
-  spec.add_dependency "puma",                 "~> 6.4"
   spec.add_dependency "sinatra",              "~> 3.1"
   spec.add_dependency "sinatra-activerecord", "~> 2.0"
   spec.add_dependency "sinatra-contrib",      "~> 3.1"
-  spec.add_dependency "sqlite3",              "~> 2.6"
+  spec.add_dependency "sqlite3",              "~> 2.7"
 
   spec.add_development_dependency "acme-client",         "~> 2.0"
   spec.add_development_dependency "bundler",             "~> 2.4"

data/config.ru

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-# \ -s puma
-
 require "bullion"
 Bullion.validate_config!
 

data/lib/bullion/challenge_client.rb

@@ -27,7 +27,7 @@ module Bullion
       benchtime = Benchmark.realtime do
         until success || tries >= retries
           tries += 1
-          success = perform
+          success = performs_challenge?
           if success
             LOGGER.info "Validated #{type} #{identifier}"
             challenge.status = "valid"
@@ -59,5 +59,9 @@ module Bullion
     def identifier
       challenge.identifier
     end
+
+    def performs_challenge?
+      raise NotImplementedError
+    end
   end
 end

data/lib/bullion/challenge_clients/dns.rb

@@ -8,7 +8,7 @@ module Bullion
       def self.acme_type = "dns-01"
       def type = "DNS01"
 
-      def perform
+      def performs_challenge?
         value = dns_value
         expected_value = digest_value("#{challenge.token}.#{challenge.thumbprint}")
 

data/lib/bullion/challenge_clients/http.rb

@@ -8,7 +8,7 @@ module Bullion
       def self.acme_type = "http-01"
       def type = "HTTP01"
 
-      def perform
+      def performs_challenge?
         response = begin
           retrieve_body(challenge_url)
         rescue SocketError

data/lib/bullion/helpers/acme.rb

@@ -88,7 +88,7 @@ module Bullion
 
       # Validation helpers
 
-      def validate_account_data(hash)
+      def account_data_valid?(hash)
         unless [true, false, nil].include?(hash["onlyReturnExisting"])
           raise Bullion::Acme::Errors::Malformed,
                 "Invalid onlyReturnExisting: #{hash["onlyReturnExisting"]}"
@@ -113,31 +113,31 @@ module Bullion
         true
       end
 
-      def validate_acme_csr(order, csr)
+      def acme_csr_valid?(order_csr)
+        csr = order_csr.csr
+        order = order_csr.order
         csr_attrs = extract_csr_attrs(csr)
         csr_sans = extract_csr_sans(csr_attrs)
         csr_domains = extract_csr_domains(csr_sans)
         csr_cn = cn_from_csr(csr)
 
-        order_domains = order.identifiers.map { |i| i["value"] }
-
         # Make sure the CSR has a valid public key
         raise Bullion::Acme::Errors::BadCsr unless csr.verify(csr.public_key)
 
-        return false unless order.status == "ready"
+        return false unless order.ready_status?
         raise Bullion::Acme::Errors::BadCsr unless csr_domains.include?(csr_cn)
-        raise Bullion::Acme::Errors::BadCsr unless csr_domains.sort == order_domains.sort
+        raise Bullion::Acme::Errors::BadCsr unless csr_domains.sort == order.domains.sort
 
         true
       end
 
-      def validate_order(hash)
+      def order_valid?(hash)
         validate_order_nb_and_na(hash["notBefore"], hash["notAfter"])
 
         # Don't approve empty orders
         raise Bullion::Acme::Errors::InvalidOrder, "Empty order!" if hash["identifiers"].empty?
 
-        order_domains = hash["identifiers"].select { |ident| ident["type"] == "dns" }
+        order_domains = hash["identifiers"].select { it["type"] == "dns" }
 
         # Don't approve an order with identifiers that _aren't_ of type 'dns'
         unless hash["identifiers"] == order_domains
@@ -188,7 +188,7 @@ module Bullion
 
       def extract_valid_order_domains(order_domains)
         order_domains.reject do |domain|
-          Bullion.config.ca.domains.none? { domain["value"].end_with?(_1) }
+          Bullion.config.ca.domains.none? { domain["value"].end_with?(it) }
         end
       end
     end

data/lib/bullion/helpers/ssl.rb

@@ -14,11 +14,6 @@ module Bullion
         end
       end
 
-      def openssl_compat_csr(csrdata)
-        "-----BEGIN CERTIFICATE REQUEST-----\n" \
-          "#{csrdata}-----END CERTIFICATE REQUEST-----"
-      end
-
       # @see https://tools.ietf.org/html/rfc7518#page-30
       def key_data_to_rsa(key_data)
         exponent = base64_to_long(key_data["e"])

data/lib/bullion/models/authorization.rb

@@ -13,6 +13,15 @@ module Bullion
 
       validates :status, inclusion: { in: %w[invalid pending ready processing valid deactivated] }
 
+      enum :status, {
+        invalid: "invalid",
+        pending: "pending",
+        ready: "ready",
+        processing: "processing",
+        valid: "valid",
+        deactivated: "deactivated"
+      }, suffix: "status"
+
       def init_values
         self.expires ||= Time.now + (60 * 60)
       end

data/lib/bullion/models/certificate.rb

@@ -10,6 +10,8 @@ module Bullion
 
       validates_presence_of :subject
 
+      has_one :order
+
       def init_values
         self.serial ||= SecureRandom.hex(4).to_i(16)
       end

data/lib/bullion/models/challenge.rb

@@ -13,6 +13,13 @@ module Bullion
       }
       validates :status, inclusion: { in: %w[invalid pending processing valid] }
 
+      enum :status, {
+        invalid: "invalid",
+        pending: "pending",
+        processing: "processing",
+        valid: "valid"
+      }, suffix: "status"
+
       def identifier
         authorization.identifier["value"]
       end
@@ -29,7 +36,7 @@ module Bullion
       end
 
       def client
-        challenge_class = Bullion.acme.challenge_clients.find { _1.acme_type == acme_type }
+        challenge_class = Bullion.acme.challenge_clients.find { it.acme_type == acme_type }
 
         unless challenge_class
           raise Bullion::Acme::Errors::UnsupportedChallengeType,

data/lib/bullion/models/order.rb

@@ -9,10 +9,19 @@ module Bullion
       after_initialize :init_values, unless: :persisted?
 
       belongs_to :account
+      belongs_to :certificate
       has_many :authorizations
 
       validates :status, inclusion: { in: %w[invalid pending ready processing valid] }
 
+      enum :status, {
+        invalid: "invalid",
+        pending: "pending",
+        ready: "ready",
+        processing: "processing",
+        valid: "valid"
+      }, suffix: "status"
+
       def init_values
         self.expires ||= Time.now + (60 * 60)
         self.not_before ||= Time.now
@@ -31,9 +40,8 @@ module Bullion
         end
       end
 
-      def certificate
-        Certificate.find(certificate_id)
-      end
+      # Used to extract domains from order (mostly for comparison with CSR)
+      def domains = identifiers.map { it["value"] }
     end
   end
 end

data/lib/bullion/models/order_csr.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Bullion
+  module Models
+    # Pseudo-model for ACMEv2 Order CSR
+    class OrderCsr
+      class << self
+        def from_acme_request(order, raw_data)
+          decoded_data = Base64.urlsafe_decode64(raw_data)
+          reencoded_data = Base64.encode64(decoded_data)
+          csr_string = openssl_compat_csr(reencoded_data)
+
+          new(order, csr_string)
+        end
+
+        private
+
+        def openssl_compat_csr(csrdata)
+          "-----BEGIN CERTIFICATE REQUEST-----\n" \
+            "#{csrdata}-----END CERTIFICATE REQUEST-----"
+        end
+      end
+
+      attr_reader :csr, :order
+
+      def initialize(order, csr)
+        @order = order.is_a?(Order) ? order : Order.find(order)
+        @csr = if csr.is_a?(String)
+                 OpenSSL::X509::Request.new(csr)
+               else
+                 csr
+               end
+      end
+    end
+  end
+end

data/lib/bullion/models.rb

@@ -6,3 +6,6 @@ require "bullion/models/certificate"
 require "bullion/models/challenge"
 require "bullion/models/nonce"
 require "bullion/models/order"
+
+# Pseudo-models (not in DB)
+require "bullion/models/order_csr"

data/lib/bullion/services/ca.rb

@@ -121,7 +121,7 @@ module Bullion
         begin
           parse_acme_jwt(header_data["jwk"], validate_nonce: false)
 
-          validate_account_data(@payload_data)
+          account_data_valid?(@payload_data)
         rescue Bullion::Acme::Error => e
           content_type "application/problem+json"
           halt 400, { type: e.acme_error, detail: e.message }.to_json
@@ -186,7 +186,7 @@ module Bullion
         add_acme_headers @new_nonce
 
         {
-          orders: @user.orders.map { |order| uri("/orders/#{order.id}") }
+          orders: @user.orders.map { uri("/orders/#{it.id}") }
         }
       end
 
@@ -196,9 +196,9 @@ module Bullion
         parse_acme_jwt
 
         # Only identifiers of type "dns" are supported
-        identifiers = @payload_data["identifiers"].select { |i| i["type"] == "dns" }
+        identifiers = @payload_data["identifiers"].select { it["type"] == "dns" }
 
-        validate_order(@payload_data)
+        order_valid?(@payload_data)
 
         order = @user.start_order(
           identifiers:,
@@ -215,7 +215,7 @@ module Bullion
           notBefore: order.not_before,
           notAfter: order.not_after,
           identifiers: order.identifiers,
-          authorizations: order.authorizations.map { |a| uri("/authorizations/#{a.id}") },
+          authorizations: order.authorizations.map { uri("/authorizations/#{it.id}") },
           finalize: uri("/orders/#{order.id}/finalize")
         }.to_json
       rescue Bullion::Acme::Error => e
@@ -238,11 +238,11 @@ module Bullion
           notBefore: order.not_before,
           notAfter: order.not_after,
           identifiers: order.identifiers,
-          authorizations: order.authorizations.map { |a| uri("/authorizations/#{a.id}") },
+          authorizations: order.authorizations.map { uri("/authorizations/#{it.id}") },
           finalize: uri("/orders/#{order.id}/finalize")
         }
 
-        data[:certificate] = uri("/certificates/#{order.certificate.id}") if order.status == "valid"
+        data[:certificate] = uri("/certificates/#{order.certificate.id}") if order.valid_status?
 
         data.to_json
       rescue Bullion::Acme::Error => e
@@ -260,14 +260,9 @@ module Bullion
         content_type "application/json"
         add_acme_headers @new_nonce, additional: { "Location" => uri("/orders/#{order.id}") }
 
-        raw_csr_data = Base64.urlsafe_decode64(@payload_data["csr"])
-        encoded_csr = Base64.encode64(raw_csr_data)
+        order_csr = Models::OrderCsr.from_acme_request(order, @payload_data["csr"])
 
-        csr_data = openssl_compat_csr(encoded_csr)
-
-        csr = OpenSSL::X509::Request.new(csr_data)
-
-        unless validate_acme_csr(order, csr)
+        unless acme_csr_valid?(order_csr)
           content_type "application/problem+json"
           halt 400, {
             type: Bullion::Acme::Errors::BadCsr.new.acme_error,
@@ -275,7 +270,7 @@ module Bullion
           }.to_json
         end
 
-        cert_id = sign_csr(csr, @user.contacts.first).last
+        cert_id = sign_csr(order_csr.csr, @user.contacts.first).last
 
         order.certificate_id = cert_id
         order.status = "valid"
@@ -287,11 +282,11 @@ module Bullion
           notBefore: order.not_before,
           notAfter: order.not_after,
           identifiers: order.identifiers,
-          authorizations: order.authorizations.map { |a| uri("/authorizations/#{a.id}") },
+          authorizations: order.authorizations.map { uri("/authorizations/#{it.id}") },
           finalize: uri("/orders/#{order.id}/finalize")
         }
 
-        data[:certificate] = uri("/certificates/#{order.certificate.id}") if order.status == "valid"
+        data[:certificate] = uri("/certificates/#{order.certificate.id}") if order.valid_status?
 
         data.to_json
       rescue Bullion::Acme::Error => e
@@ -320,7 +315,7 @@ module Bullion
             chash[:url] = uri("/challenges/#{c.id}")
             chash[:token] = c.token
             chash[:status] = c.status
-            chash[:validated] = c.validated if c.status == "valid"
+            chash[:validated] = c.validated if c.valid_status?
 
             chash
           end
@@ -355,12 +350,12 @@ module Bullion
           url: uri("/challenges/#{challenge.id}")
         }
 
-        if challenge.status == "valid"
+        if challenge.valid_status?
           data[:validated] = challenge.validated
           authorization = challenge.authorization
-          authorization.update!(status: "valid") unless authorization.status == "valid"
+          authorization.update!(status: "valid") unless authorization.valid_status?
           order = authorization.order
-          order.update!(status: "ready") unless order.status == "ready"
+          order.update!(status: "ready") unless order.ready_status?
         end
 
         add_link_relation("up", uri("/authorizations/#{challenge.authorization.id}"))
@@ -378,7 +373,7 @@ module Bullion
         add_acme_headers @new_nonce
 
         order = Models::Order.where(certificate_id: params[:id]).first
-        if order && order.status == "valid"
+        if order&.valid_status?
           content_type "application/pem-certificate-chain"
 
           cert = Models::Certificate.find(params[:id])

data/lib/bullion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bullion
-  VERSION = "0.8.0"
+  VERSION = "0.10.0"
 end

data/lib/bullion.rb

@@ -32,7 +32,7 @@ module Bullion
   LOGGER.level = ENV.fetch("LOG_LEVEL", :warn)
 
   setting :ca, reader: true do
-    setting :dir, default: "tmp", constructor: -> { File.expand_path(_1) }
+    setting :dir, default: "tmp", constructor: -> { File.expand_path(it) }
     setting :secret, default: "SomeS3cret"
     setting(
       :key_path,
@@ -48,22 +48,22 @@ module Bullion
         v.include?("/") ? File.expand_path(v) : File.join(Bullion.config.ca.dir, v)
       }
     )
-    setting :domains, default: "example.com", constructor: -> { _1.split(",") }
+    setting :domains, default: "example.com", constructor: -> { it.split(",") }
     # 90 days cert expiration
-    setting :cert_validity_duration, default: 60 * 60 * 24 * 30 * 3, constructor: -> { Integer(_1) }
+    setting :cert_validity_duration, default: 60 * 60 * 24 * 30 * 3, constructor: -> { Integer(it) }
   end
 
   setting :acme, reader: true do
     setting(
       :challenge_clients,
       default: ["Bullion::ChallengeClients::DNS", "Bullion::ChallengeClients::HTTP"],
-      constructor: -> { _1.map { |n| Kernel.const_get(n.to_s) } }
+      constructor: -> { it.map { |n| Kernel.const_get(n.to_s) } }
     )
   end
 
   setting :db_url, reader: true
 
-  setting :nameservers, default: [], constructor: -> { _1.split(",") }
+  setting :nameservers, default: [], constructor: -> { it.split(",") }
 
   MetricsRegistry = Prometheus::Client.registry
 
@@ -79,7 +79,7 @@ module Bullion
     @ca_cert ||= OpenSSL::X509::Certificate.new(ca_cert_file)
   end
 
-  def self.rotate_keys!
+  def self.rotate_keys! # rubocop:disable Naming/PredicateMethod
     @ca_key = nil
     @ca_cert = nil
     ca_key

data/scripts/docker-entrypoint.sh

@@ -2,8 +2,4 @@
 
 # Starts the server
 rake db:migrate
-puma \
-  -p ${BULLION_PORT:-9292} \
-  -e ${RACK_ENV:-production} \
-  -t ${MIN_THREADS:-2}:${MAX_THREADS:-32} \
-  config.ru
+itsi

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bullion
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Jonathan Gnagy
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-03-14 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark
@@ -52,6 +51,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.21'
+- !ruby/object:Gem::Dependency
+  name: itsi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -122,20 +135,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.2'
-- !ruby/object:Gem::Dependency
-  name: puma
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.4'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -184,14 +183,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: acme-client
   requirement: !ruby/object:Gem::Requirement
@@ -374,7 +373,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description:
 email:
 - jonathan.gnagy@gmail.com
 executables: []
@@ -394,6 +392,7 @@ files:
 - Dockerfile
 - Gemfile
 - Gemfile.lock
+- Itsi.rb
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -401,7 +400,6 @@ files:
 - bin/setup
 - bullion.gemspec
 - config.ru
-- config/puma.rb
 - db/migrate/20210104000000_create_accounts.rb
 - db/migrate/20210104060422_create_certificates.rb
 - db/migrate/20210105060406_create_orders.rb
@@ -424,6 +422,7 @@ files:
 - lib/bullion/models/challenge.rb
 - lib/bullion/models/nonce.rb
 - lib/bullion/models/order.rb
+- lib/bullion/models/order_csr.rb
 - lib/bullion/rspec/challenge_clients/dns.rb
 - lib/bullion/rspec/challenge_clients/http.rb
 - lib/bullion/service.rb
@@ -442,7 +441,6 @@ licenses:
 metadata:
   homepage_uri: https://github.com/jgnagy/bullion
   source_code_uri: https://github.com/jgnagy/bullion
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -450,15 +448,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: '3.3'
+      version: '3.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Ruby ACME v2 Certificate Authority
 test_files: []

data/config/puma.rb

@@ -1,3 +0,0 @@
-# frozen_string_literal: true
-
-threads 2, Integer(ENV.fetch("MAX_THREADS", 32))