capistrano-fiftyfive 0.9.0

data/lib/capistrano/fiftyfive/templates/nginx_unicorn.erb

@@ -0,0 +1,100 @@
+# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
+
+upstream unicorn_<%= application_basename %> {
+  # fail_timeout=0 means we always retry an upstream even if it failed
+  # to return a good HTTP response (in case the Unicorn master nukes a
+  # single worker for timing out).
+  server unix:/tmp/unicorn.<%= application_basename %>.sock fail_timeout=0;
+}
+
+<% [80, 443].each do |port| %>
+
+  <% fetch(:fiftyfive_nginx_redirect_hosts).each do |orig, desired| %>
+    server {
+      listen <%= port %>;
+      server_name <%= orig %>;
+      return 301 <%= fetch(:fiftyfive_nginx_force_https) ? "https" : "$scheme" %>://<%= desired %>$request_uri;
+    }
+  <% end %>
+
+  server {
+    listen <%= port %> <%= "spdy" if port == 443 %> default deferred; # for Linux
+
+    <% if port == 80 && fetch(:fiftyfive_nginx_force_https) %>
+      rewrite ^(.*) https://$http_host$1 permanent;
+    <% else %>
+
+      client_max_body_size 4G;
+      server_name _;
+
+      # ~2 seconds is often enough for most folks to parse HTML/CSS and
+      # retrieve needed images/icons/frames, connections are cheap in
+      # nginx so increasing this is generally safe...
+      keepalive_timeout 5;
+
+      # path for static files
+      root <%= current_path %>/public;
+
+      # Capistrano `deploy:web:disable` support
+      if (-f $document_root/system/maintenance.html) {
+        return 503;
+      }
+      error_page 503 @maintenance;
+      location @maintenance {
+        rewrite  ^(.*)$  /system/maintenance.html last;
+        break;
+      }
+
+      <% if port == 443 %>
+        ssl on;
+        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
+        ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_certificate /etc/ssl/<%= application_basename %>.crt;
+        ssl_certificate_key /etc/ssl/<%= application_basename %>.key;
+
+        <% if fetch(:fiftyfive_nginx_force_https) %>
+          add_header Strict-Transport-Security "max-age=631138519";
+        <% end %>
+      <% end %>
+
+      # Far-future expires and gzip for fingerprinted assets
+      location ^~ /<%= fetch(:assets_prefix, "assets") %>/ {
+        gzip_static on;
+        expires max;
+        add_header Cache-Control public;
+      }
+
+      include /etc/nginx/<%= application_basename%>-locations/*;
+
+      # Prefer to serve static files directly from nginx to avoid unnecessary
+      # data copies from the application server.
+      try_files $uri/index.html $uri @unicorn;
+
+      location @unicorn {
+        # an HTTP header important enough to have its own Wikipedia entry:
+        #   http://en.wikipedia.org/wiki/X-Forwarded-For
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # this helps Rack set the proper URL scheme for doing HTTPS redirects:
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # pass the Host: header from the client right along so redirects
+        # can be set properly within the Rack application
+        proxy_set_header Host $http_host;
+
+        # we don't want nginx trying to do something clever with
+        # redirects, we set the Host: header above already.
+        proxy_redirect off;
+
+        proxy_pass http://unicorn_<%= application_basename %>;
+      }
+
+      # Rails error pages
+      error_page 500 502 503 504 /500.html;
+      location = /500.html {
+        root <%= current_path %>/public;
+      }
+    <% end %>
+  }
+<% end %>

data/lib/capistrano/fiftyfive/templates/pgpass.erb

@@ -0,0 +1 @@
+<%= fetch(:fiftyfive_postgresql_host) %>:5432:<%= fetch(:fiftyfive_postgresql_database) %>:<%= fetch(:fiftyfive_postgresql_user) %>:<%= fetch(:fiftyfive_postgresql_password).gsub(/([\\:])/, '\\\\\1') %>

data/lib/capistrano/fiftyfive/templates/postgresql-backup-logrotate.erb

@@ -0,0 +1,11 @@
+<%= fetch(:fiftyfive_postgresql_backup_path) %> {
+  daily
+  nomissingok
+  rotate 30
+  ifempty
+  create 600 <%= user %>
+  dateext
+  postrotate
+    /usr/bin/sudo -u <%= user %> PGPASSFILE=<%= fetch(:fiftyfive_postgresql_pgpass_path) %> /usr/bin/pg_dump -Fc -Z9 -O -x <%= fetch(:fiftyfive_postgresql_dump_options) %> -h <%= fetch(:fiftyfive_postgresql_host) %> -U <%= fetch(:fiftyfive_postgresql_user) %> -f <%= fetch(:fiftyfive_postgresql_backup_path) %> <%= fetch(:fiftyfive_postgresql_database) %>
+  endscript
+}

data/lib/capistrano/fiftyfive/templates/postgresql.yml.erb

@@ -0,0 +1,8 @@
+<%= fetch(:rails_env) %>:
+  adapter: postgresql
+  encoding: unicode
+  database: <%= fetch(:fiftyfive_postgresql_database) %>
+  pool: <%= fetch(:fiftyfive_postgresql_pool_size) %>
+  username: <%= fetch(:fiftyfive_postgresql_user) %>
+  password: <%= fetch(:fiftyfive_postgresql_password) %>
+  host: <%= fetch(:fiftyfive_postgresql_host) %>

data/lib/capistrano/fiftyfive/templates/rbenv_bashrc

@@ -0,0 +1,4 @@
+if [ -d $HOME/.rbenv ]; then
+  export PATH="$HOME/.rbenv/bin:$PATH"
+  eval "$(rbenv init -)"
+fi

data/lib/capistrano/fiftyfive/templates/sidekiq_init.erb

@@ -0,0 +1,100 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          sidekiq
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Manage sidekiq worker
+# Description:       Start, stop, restart sidekiq worker.
+### END INIT INFO
+
+APP_DIR="<%= current_path %>"
+LOG_FILE="$APP_DIR/log/sidekiq.log"
+PID_FILE="$APP_DIR/tmp/pids/sidekiq.pid"
+SIDEKIQ="sidekiq"
+SIDEKIQCTL="sidekiqctl"
+APP_ENV="<%= fetch(:rails_env) %>"
+BUNDLE="bundle"
+AS_USER=<%= fetch(:fiftyfive_sidekiq_user, user) %>
+CONCURRENCY=<%= fetch(:fiftyfive_sidekiq_concurrency) %>
+
+START_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQ -d -e $APP_ENV -P $PID_FILE --concurrency $CONCURRENCY -L $LOG_FILE"
+CTL_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQCTL"
+RETVAL=0
+
+
+run () {
+  if [ "$(id -un)" = "$AS_USER" ]; then
+    eval $1
+  else
+    su -c "$1" - $AS_USER
+  fi
+}
+
+start() {
+
+  status
+  if [ $? -eq 1 ]; then
+
+    [ -d $APP_DIR ] || (echo "$APP_DIR not found!.. Exiting"; exit 6)
+    echo "Starting $SIDEKIQ message processor .. "
+    run "$START_CMD"
+    RETVAL=$?
+    #Sleeping for 8 seconds for process to be precisely visible in process table - See status ()
+    sleep 8
+    return $RETVAL
+  else
+    echo "$SIDEKIQ message processor is already running .. "
+  fi
+
+
+}
+
+stop() {
+
+    status
+    if [ $? -eq 0 ]; then
+
+      echo "Stopping $SIDEKIQ message processor .."
+      run "$CTL_CMD stop $PID_FILE"
+      RETVAL=$?
+      return $RETVAL
+
+    else
+      echo "$SIDEKIQ message processor is already stopped .. "
+    fi
+
+}
+
+status() {
+
+  ps -ef | egrep 'sidekiq [0-9]+.[0-9]+.[0-9]+' | grep -v grep
+  return $?
+}
+
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    status)
+        status
+
+        if [ $? -eq 0 ]; then
+             echo "$SIDEKIQ message processor is running .."
+             RETVAL=0
+         else
+             echo "$SIDEKIQ message processor is stopped .."
+             RETVAL=1
+         fi
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|status}"
+        exit 0
+        ;;
+esac
+exit $RETVAL

data/lib/capistrano/fiftyfive/templates/ssl_setup

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Usage:
+#
+# ssl_setup [--self] <name> <csr_config>
+#
+# This script is used to generate key and CSR for use HTTPS in Nginx.
+#
+# --self        Generate self-signed certificate in addition to key and CSR.
+# name          Output files will be named as <name>.key and <name>.csr.
+# csr_config    Path to file that specifies CSR information. See below.
+#
+# CSR configuration format:
+#
+# [ req ]
+# distinguished_name="req_distinguished_name"
+# prompt="no"
+#
+# [ req_distinguished_name ]
+# C="US"
+# ST="California"
+# L="Albany"
+# O="55 Minutes Inc."
+# CN="www.55minutes.com"
+
+if [[ $1 == --self ]]; then
+  SELF_SIGN=1
+  shift
+fi
+
+KEY_NAME=$1
+CSR_CONFIG=$2
+
+openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
+chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
+echo "Created ${KEY_NAME}.key"
+echo "Created ${KEY_NAME}.csr"
+
+if [[ -n $SELF_SIGN ]]; then
+  openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
+  chmod 600 ${KEY_NAME}.crt
+  echo "Created ${KEY_NAME}.crt (self-signed)"
+fi

data/lib/capistrano/fiftyfive/templates/unicorn.rb.erb

@@ -0,0 +1,71 @@
+# Use at least one worker per core if you're on a dedicated server,
+# more will usually help for _short_ waits on databases/caches.
+worker_processes <%= fetch(:fiftyfive_unicorn_workers) %>
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+working_directory "<%= current_path %>"
+
+# listen on both a Unix domain socket
+# we use a shorter backlog for quicker failover when busy
+listen "/tmp/unicorn.<%= application_basename %>.sock", :backlog => 64
+
+# nuke workers after <%= fetch(:fiftyfive_unicorn_timeout) %> seconds (default is 60)
+timeout <%= fetch(:fiftyfive_unicorn_timeout) %>
+
+pid "<%= fetch(:fiftyfive_unicorn_pid) %>"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, some applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path "<%= fetch(:fiftyfive_unicorn_log) %>"
+stdout_path "<%= fetch(:fiftyfive_unicorn_log) %>"
+
+preload_app true
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+if GC.respond_to?(:copy_on_write_friendly=)
+  GC.copy_on_write_friendly = true
+end
+
+before_exec do |server|
+  # Ensure unicorn picks up our newest Gemfile
+  ENV['BUNDLE_GEMFILE'] = "<%= current_path %>/Gemfile"
+end
+
+before_fork do |server, worker|
+
+  # the following is highly recomended for Rails + "preload_app true"
+  # as there's no need for the master process to hold a connection
+  if defined? ActiveRecord::Base
+    ActiveRecord::Base.connection.disconnect!
+  end
+
+  # This allows a new master process to incrementally
+  # phase out the old master process with SIGTTOU to avoid a
+  # thundering herd (especially in the "preload_app false" case)
+  # when doing a transparent upgrade.  The last worker spawned
+  # will then kill off the old master process with a SIGQUIT.
+  old_pid = "#{server.config[:pid]}.oldbin"
+  if File.exists?(old_pid) && server.pid != old_pid
+    begin
+      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+      Process.kill(sig, File.read(old_pid).to_i)
+    rescue Errno::ENOENT, Errno::ESRCH
+    end
+  end
+
+  # Throttle the master from forking too quickly by sleeping.  Due
+  # to the implementation of standard Unix signal handlers, this
+  # helps (but does not completely) prevent identical, repeated signals
+  # from being lost when the receiving process is busy.
+  sleep 1
+end
+
+after_fork do |server, worker|
+  # the following is *required* for Rails + "preload_app true"
+  if defined?(ActiveRecord::Base)
+    ActiveRecord::Base.establish_connection
+  end
+end

data/lib/capistrano/fiftyfive/templates/unicorn_init.erb

@@ -0,0 +1,84 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          unicorn
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Manage unicorn server
+# Description:       Start, stop, restart unicorn server for a specific application.
+### END INIT INFO
+set -e
+
+# Feel free to change any of the following variables for your app:
+TIMEOUT=${TIMEOUT-60}
+APP_ROOT=<%= current_path %>
+PID=<%= fetch(:fiftyfive_unicorn_pid) %>
+CMD="cd <%= current_path %>; bundle exec unicorn -D -c <%= fetch(:fiftyfive_unicorn_config) %> -E <%= fetch(:rails_env) %>"
+AS_USER=<%= unicorn_user %>
+set -u
+
+OLD_PIN="$PID.oldbin"
+
+sig () {
+  test -s "$PID" && kill -$1 `cat $PID`
+}
+
+oldsig () {
+  test -s $OLD_PIN && kill -$1 `cat $OLD_PIN`
+}
+
+run () {
+  if [ "$(id -un)" = "$AS_USER" ]; then
+    eval $1
+  else
+    su -c "$1" - $AS_USER
+  fi
+}
+
+case "$1" in
+start)
+  sig 0 && echo >&2 "Already running" && exit 0
+  run "$CMD"
+  ;;
+stop)
+  sig QUIT && exit 0
+  echo >&2 "Not running"
+  ;;
+force-stop)
+  sig TERM && exit 0
+  echo >&2 "Not running"
+  ;;
+restart|reload)
+  sig USR2 && echo reloaded OK && exit 0
+  echo >&2 "Couldn't reload, starting '$CMD' instead"
+  run "$CMD"
+  ;;
+upgrade)
+  if sig USR2 && sleep 2 && sig 0 && oldsig QUIT
+  then
+    n=$TIMEOUT
+    while test -s $OLD_PIN && test $n -ge 0
+    do
+      printf '.' && sleep 1 && n=$(( $n - 1 ))
+    done
+    echo
+
+    if test $n -lt 0 && test -s $OLD_PIN
+    then
+      echo >&2 "$OLD_PIN still exists after $TIMEOUT seconds"
+      exit 1
+    fi
+    exit 0
+  fi
+  echo >&2 "Couldn't upgrade, starting '$CMD' instead"
+  run "$CMD"
+  ;;
+reopen-logs)
+  sig USR1
+  ;;
+*)
+  echo >&2 "Usage: $0 <start|stop|restart|upgrade|force-stop|reopen-logs>"
+  exit 1
+  ;;
+esac

data/lib/capistrano/fiftyfive/templates/version.rb.erb

@@ -0,0 +1,2 @@
+Rails.application.config.version = "<%= git_version[:tag] %>"
+Rails.application.config.version_date = Date.parse("<%= git_version[:date] %>")

data/lib/capistrano/fiftyfive/version.rb

@@ -0,0 +1,5 @@
+module Capistrano
+  module Fiftyfive
+    VERSION = "0.9.0"
+  end
+end

data/lib/capistrano/fiftyfive.rb

@@ -0,0 +1,28 @@
+require "monitor"
+require "capistrano/fiftyfive/version"
+require "capistrano/fiftyfive/compatibility"
+require "capistrano/fiftyfive/dsl"
+require "capistrano/fiftyfive/recipe"
+require "capistrano/fiftyfive/console"
+require "sshkit/formatter/abbreviated"
+include Capistrano::Fiftyfive::DSL
+
+load File.expand_path("../tasks/defaults.rake", __FILE__)
+load File.expand_path("../tasks/user.rake", __FILE__)
+load File.expand_path("../tasks/aptitude.rake", __FILE__)
+load File.expand_path("../tasks/ufw.rake", __FILE__)
+load File.expand_path("../tasks/ssl.rake", __FILE__)
+load File.expand_path("../tasks/dotenv.rake", __FILE__)
+load File.expand_path("../tasks/postgresql.rake", __FILE__)
+load File.expand_path("../tasks/nginx.rake", __FILE__)
+load File.expand_path("../tasks/unicorn.rake", __FILE__)
+load File.expand_path("../tasks/delayed_job.rake", __FILE__)
+load File.expand_path("../tasks/crontab.rake", __FILE__)
+load File.expand_path("../tasks/logrotate.rake", __FILE__)
+load File.expand_path("../tasks/rbenv.rake", __FILE__)
+load File.expand_path("../tasks/maintenance.rake", __FILE__)
+load File.expand_path("../tasks/migrate.rake", __FILE__)
+load File.expand_path("../tasks/seed.rake", __FILE__)
+load File.expand_path("../tasks/version.rake", __FILE__)
+load File.expand_path("../tasks/rake.rake", __FILE__)
+load File.expand_path("../tasks/sidekiq.rake", __FILE__)

data/lib/capistrano/tasks/aptitude.rake

@@ -0,0 +1,77 @@
+fiftyfive_recipe :aptitude do
+  during :provision, %w(upgrade install)
+end
+
+namespace :fiftyfive do
+  namespace :aptitude do
+
+    desc "Run `aptitude update` and then run `aptitude safe-upgrade`"
+    task :upgrade do
+      privileged_on roles(:all) do |host|
+        _update
+        _safe_upgrade
+      end
+    end
+
+
+    desc "Run `aptitude install` for packages required by the roles of "\
+         "each server."
+    task :install do
+      privileged_on roles(:all) do |host|
+        packages_to_install = []
+        repos_to_add = []
+
+        _each_package(host) do |pkg, repo|
+          unless _already_installed?(pkg)
+            repos_to_add << repo unless repo.nil?
+            packages_to_install << pkg
+          end
+        end
+
+        repos_to_add.uniq.each { |repo| _add_repository(repo) }
+        _update
+        packages_to_install.uniq.each { |pkg| _install(pkg) }
+      end
+    end
+
+    def _already_installed?(pkg)
+      test(:dpkg, "-s", pkg, "2>/dev/null", "|", :grep, "-q 'ok installed'")
+    end
+
+    def _add_repository(repo)
+      unless _already_installed?("python-software-properties")
+        _install("python-software-properties")
+      end
+      execute :"apt-add-repository", "-y", repo
+    end
+
+    def _install(pkg)
+      with :debian_frontend => "noninteractive" do
+        execute :aptitude, "-y -q install", pkg
+      end
+    end
+
+    def _update
+      with :debian_frontend => "noninteractive" do
+        execute :aptitude, "-q -q -y update"
+      end
+    end
+
+    def _safe_upgrade
+      with :debian_frontend => "noninteractive" do
+        execute :aptitude, "-q -q -y safe-upgrade"
+      end
+    end
+
+    def _each_package(host)
+      return to_enum(:_each_package, host) unless block_given?
+
+      fetch(:fiftyfive_aptitude_packages).each do |package_spec, *role_list|
+        next unless roles(*role_list.flatten).include?(host)
+
+        pkg, repo = package_spec.split("@")
+        yield(pkg, repo)
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/crontab.rake

@@ -0,0 +1,14 @@
+fiftyfive_recipe :crontab do
+  during :provision, "fiftyfive:crontab"
+end
+
+namespace :fiftyfive do
+  desc "Install crontab using crontab.erb template"
+  task :crontab do
+    on roles(:cron) do
+      tmp_file = "/tmp/crontab"
+      template "crontab.erb", tmp_file
+      execute "crontab #{tmp_file} && rm #{tmp_file}"
+    end
+  end
+end

data/lib/capistrano/tasks/defaults.rake

@@ -0,0 +1,124 @@
+namespace :load do
+  task :defaults do
+
+    set :fiftyfive_recipes, %w(
+      aptitude
+      crontab
+      dotenv
+      logrotate
+      migrate
+      nginx
+      postgresql
+      rbenv
+      seed
+      ssl
+      ufw
+      unicorn
+      user
+      version
+    )
+
+    set :fiftyfive_privileged_user, "root"
+
+    set :fiftyfive_aptitude_packages,
+        "curl"                                   => :all,
+        "debian-goodies"                         => :all,
+        "git-core"                               => :all,
+        "libpq-dev@ppa:pitti/postgresql"         => :all,
+        "nginx@ppa:nginx/stable"                 => :web,
+        "nodejs@ppa:chris-lea/node.js"           => :all,
+        "postgresql-client@ppa:pitti/postgresql" => :all,
+        "postgresql@ppa:pitti/postgresql"        => :db,
+        "ufw"                                    => :all
+
+    set :fiftyfive_delayed_job_args, "-n 2"
+    set :fiftyfive_delayed_job_script, "bin/delayed_job"
+
+    set :fiftyfive_dotenv_keys, %w(rails_secret_key_base postmark_api_key)
+    set :fiftyfive_dotenv_monitor, Monitor.new
+    set :fiftyfive_dotenv_filename, -> { ".env.#{fetch(:rails_env)}" }
+
+    set :fiftyfive_log_file, "log/capistrano.log"
+
+    set :fiftyfive_nginx_force_https, false
+    set :fiftyfive_nginx_redirect_hosts, {}
+
+    ask_secretly :fiftyfive_postgresql_password
+    set :fiftyfive_postgresql_max_connections, 25
+    set :fiftyfive_postgresql_pool_size, 5
+    set :fiftyfive_postgresql_host, "localhost"
+    set :fiftyfive_postgresql_database,
+        -> { "#{application_basename}_#{fetch(:rails_env)}" }
+    set :fiftyfive_postgresql_user, -> { application_basename }
+    set :fiftyfive_postgresql_pgpass_path,
+        proc{ "#{shared_path}/config/pgpass" }
+    set :fiftyfive_postgresql_backup_path, -> {
+      "#{shared_path}/backups/postgresql-dump.dmp"
+    }
+    set :fiftyfive_postgresql_backup_exclude_tables, []
+    set :fiftyfive_postgresql_dump_options, -> {
+      options = fetch(:fiftyfive_postgresql_backup_exclude_tables).map do |t|
+        "-T #{t.shellescape}"
+      end
+      options.join(" ")
+    }
+
+    set :fiftyfive_rbenv_ruby_version, -> { IO.read(".ruby-version").strip }
+    set :fiftyfive_rbenv_vars, -> {
+      {
+        "RAILS_ENV" => fetch(:rails_env),
+        "PGPASSFILE" => fetch(:fiftyfive_postgresql_pgpass_path)
+      }
+    }
+
+    set :fiftyfive_sidekiq_concurrency, 25
+    set :fiftyfive_sidekiq_role, :sidekiq
+
+    set :fiftyfive_ssl_csr_country, "US"
+    set :fiftyfive_ssl_csr_state, "California"
+    set :fiftyfive_ssl_csr_city, "Albany"
+    set :fiftyfive_ssl_csr_org, "55 Minutes, Inc."
+    set :fiftyfive_ssl_csr_name, "example.55minutes.com"
+
+    # WARNING: misconfiguring firewall rules could lock you out of the server!
+    set :fiftyfive_ufw_rules,
+        "allow ssh" => :all,
+        "allow http" => :web,
+        "allow https" => :web
+
+    set :fiftyfive_unicorn_workers, 2
+    set :fiftyfive_unicorn_timeout, 30
+    set :fiftyfive_unicorn_config, proc{ "#{current_path}/config/unicorn.rb" }
+    set :fiftyfive_unicorn_log, proc{ "#{current_path}/log/unicorn.log" }
+    set :fiftyfive_unicorn_pid, proc{ "#{current_path}/tmp/pids/unicorn.pid" }
+
+    set :bundle_binstubs, false
+    set :bundle_flags, '--deployment -j4'
+    set :deploy_to, -> { "/home/deployer/apps/#{fetch(:application)}" }
+    set :format, :abbreviated
+    set :keep_releases, 10
+    set :linked_dirs, -> {
+        ["public/#{fetch(:assets_prefix, 'assets')}"] +
+        %w(
+          log
+          tmp/pids
+          tmp/cache
+          tmp/sockets
+          public/system
+        )
+    }
+    set :linked_files, -> {
+        [fetch(:fiftyfive_dotenv_filename)] +
+        %w(
+          config/database.yml
+          config/unicorn.rb
+        )
+    }
+    set :log_level, :debug
+    set :migration_role, :app
+    set :rails_env, -> { fetch(:stage) }
+    set :ssh_options, :compression => false, :keepalive => true
+
+    SSHKit.config.command_map[:rake] = "bundle exec rake"
+  end
+end