capistrano-atlas 0.0.1

data/lib/capistrano/tasks/ssl.rake

@@ -0,0 +1,57 @@
+atlas_recipe :ssl do
+  during :provision, "generate_dh"
+  during :provision, "generate_self_signed_crt"
+end
+
+namespace :atlas do
+  namespace :ssl do
+    desc "Generate an SSL key and CSR for Ngnix HTTPS"
+    task :generate_csr do
+      _run_ssl_script
+      _copy_to_all_web_servers(%w(.key .csr))
+    end
+
+    desc "Generate an SSL key, CSR, and self-signed cert for Ngnix HTTPS"
+    task :generate_self_signed_crt do
+      _run_ssl_script("--self")
+      _copy_to_all_web_servers(%w(.key .csr .crt))
+    end
+
+    desc "Generate unique DH group"
+    task :generate_dh do
+      privileged_on roles(:web) do
+        unless test("sudo [ -f /etc/ssl/dhparams.pem ]")
+          execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048"
+          execute :sudo, "chmod 600 /etc/ssl/dhparams.pem"
+        end
+      end
+    end
+
+    def _run_ssl_script(opt="")
+      privileged_on primary(:web) do
+        files_exist = %w(.key .csr .crt).any? do |ext|
+          test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
+        end
+
+        if files_exist
+          info("Files exist; skipping SSL key generation.")
+        else
+          config = "/tmp/csr_config"
+          ssl_script = "/tmp/ssl_script"
+
+          template("csr_config.erb", config, :sudo => true)
+          template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
+
+          within "/etc/ssl" do
+            execute :sudo, ssl_script, opt, application_basename, config
+            execute :sudo, "rm", ssl_script, config
+          end
+        end
+      end
+    end
+
+    def _copy_to_all_web_servers(extensions)
+      # TODO
+    end
+  end
+end

data/lib/capistrano/tasks/ufw.rake

@@ -0,0 +1,32 @@
+atlas_recipe :ufw do
+  during :provision, "configure"
+end
+
+namespace :atlas do
+  namespace :ufw do
+    desc "Configure role-based ufw rules on each server"
+    task :configure do
+      rules = fetch(:atlas_ufw_rules, {})
+      distinct_roles = rules.values.flatten.uniq
+
+      # First reset the firewall on all affected servers
+      privileged_on roles(*distinct_roles) do
+        execute "sudo ufw --force reset"
+        execute "sudo ufw default deny incoming"
+        execute "sudo ufw default allow outgoing"
+      end
+
+      # Then set up all ufw rules according to the atlas_ufw_rules hash
+      rules.each do |command, *role_names|
+        privileged_on roles(*role_names.flatten) do
+          execute "sudo ufw #{command}"
+        end
+      end
+
+      # Finally, enable the firewall on all affected servers
+      privileged_on roles(*distinct_roles) do
+        execute "sudo ufw --force enable"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/user.rake

@@ -0,0 +1,32 @@
+atlas_recipe :user do
+  during :provision, %w(add install_public_key)
+end
+
+namespace :atlas do
+  namespace :user do
+    desc "Create the UNIX user if it doesn't already exist"
+    task :add do
+      privileged_on roles(:all) do |host, user|
+        unless test("sudo grep -q #{user}: /etc/passwd")
+          execute :sudo, "adduser", "--disabled-password", user, "</dev/null"
+        end
+      end
+    end
+
+    desc "Copy root's authorized_keys to the user account if it doesn't "\
+         "already have its own keys"
+    task :install_public_key do
+      root = fetch(:atlas_privileged_user)
+
+      privileged_on roles(:all) do |host, user|
+        unless test("sudo [ -f /home/#{user}/.ssh/authorized_keys ]")
+          execute :sudo, "mkdir", "-p", "/home/#{user}/.ssh"
+          execute :sudo, "cp", "~#{root}/.ssh/authorized_keys",
+                               "/home/#{user}/.ssh"
+          execute :sudo, "chown", "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
+          execute :sudo, "chmod", "600", "/home/#{user}/.ssh/authorized_keys"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/version.rake

@@ -0,0 +1,34 @@
+atlas_recipe :version do
+  during "deploy:updating", "write_initializer"
+end
+
+namespace :atlas do
+  namespace :version do
+    desc "Write initializers/version.rb with git version and date information"
+    task :write_initializer do
+      git_version = {}
+      branch = fetch(:branch)
+
+      on release_roles(:all).first do
+        with fetch(:git_environmental_variables) do
+          within repo_path do
+            git_version[:tag] = \
+              capture(:git, "describe", branch, "--always --tag").chomp
+            git_version[:date] = \
+              capture(:git, "log", branch, '-1 --format="%ad" --date=short')\
+              .chomp
+            git_version[:time] = \
+              capture(:git, "log", branch, '-1 --format="%ad" --date=iso')\
+              .chomp
+          end
+        end
+      end
+
+      on release_roles(:all) do
+        template "version.rb.erb",
+                 "#{release_path}/config/initializers/version.rb",
+                 :binding => binding
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification
+name: capistrano-atlas
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- John McDowall
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-11-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: capistrano
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.3.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.3.5
+- !ruby/object:Gem::Dependency
+  name: sshkit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: chandler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 'Does all the heavy lifting for production-ready provisioning and deployment
+  for the full Rails 5.1 stack. Installs and configures Ruby, Nginx, Puma, PostgreSQL,
+  dotenv, Let''s Encrypt and more onto Ubuntu 14.04 LTS using Capistrano. '
+email: john@kantan.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- capistrano-atlas.gemspec
+- lib/capistrano/atlas.rb
+- lib/capistrano/atlas/compatibility.rb
+- lib/capistrano/atlas/dsl.rb
+- lib/capistrano/atlas/recipe.rb
+- lib/capistrano/atlas/templates/crontab.erb
+- lib/capistrano/atlas/templates/csr_config.erb
+- lib/capistrano/atlas/templates/logrotate.erb
+- lib/capistrano/atlas/templates/maintenance.html.erb
+- lib/capistrano/atlas/templates/nginx.erb
+- lib/capistrano/atlas/templates/nginx_site.erb
+- lib/capistrano/atlas/templates/pgpass.erb
+- lib/capistrano/atlas/templates/postgresql-backup-logrotate.erb
+- lib/capistrano/atlas/templates/puma.rb.erb
+- lib/capistrano/atlas/templates/puma_init.erb
+- lib/capistrano/atlas/templates/rbenv_bashrc
+- lib/capistrano/atlas/templates/sidekiq_init.erb
+- lib/capistrano/atlas/templates/ssl_setup
+- lib/capistrano/atlas/templates/version.rb.erb
+- lib/capistrano/atlas/version.rb
+- lib/capistrano/tasks/aptitude.rake
+- lib/capistrano/tasks/bundler.rake
+- lib/capistrano/tasks/crontab.rake
+- lib/capistrano/tasks/defaults.rake
+- lib/capistrano/tasks/dotenv.rake
+- lib/capistrano/tasks/logrotate.rake
+- lib/capistrano/tasks/maintenance.rake
+- lib/capistrano/tasks/migrate.rake
+- lib/capistrano/tasks/nginx.rake
+- lib/capistrano/tasks/postgresql.rake
+- lib/capistrano/tasks/provision.rake
+- lib/capistrano/tasks/puma.rake
+- lib/capistrano/tasks/rake.rake
+- lib/capistrano/tasks/rbenv.rake
+- lib/capistrano/tasks/seed.rake
+- lib/capistrano/tasks/sidekiq.rake
+- lib/capistrano/tasks/ssl.rake
+- lib/capistrano/tasks/ufw.rake
+- lib/capistrano/tasks/user.rake
+- lib/capistrano/tasks/version.rake
+homepage: https://github.com/johnmcdowall/capistrano-atlas
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Additional Capistrano 3 recipes
+test_files: []