consist 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: effa6a127c653d11567c095935c5ad02c06ffeed759344a114a4792c40b12e50
-  data.tar.gz: 66207f1f0943ff8ffd5569ae4aa253c5f0594f003bf6c375f189c2c2ab08b9f8
+  metadata.gz: ce1770d8755d16d374ad05d69e36645c67b819926bd7a163e497714ca6400a20
+  data.tar.gz: '09ce200d04369a78c1d66bd4b389df1ff402951be094189d3d13c7042a18ff83'
 SHA512:
-  metadata.gz: a96b06f251cd58a88683c6f7cd4c954b393013a115e5ab79927fed782fc395a3afb6aac3c6e2f3b9d90d9b7479669850a80f8301005e38ddab06250c4cb2a073
-  data.tar.gz: f55c41e49e972b5e7d4f4f475e2ba7029a63589c383d312798f7d09b3ce075337e8a5cb1249114b8d96c559a545c14762a2efff55d1683457098e8d0c60f8e33
+  metadata.gz: b487a6385b295f593cd3477afe5be8031f1cee5de7742c6fe99892da0f28eba0a855f91fbb7cc84750538826e5bd763164a49c4ac172d448dec477c09bdc4847
+  data.tar.gz: 65cb3135f0ea5afc548b321282f289b7fe66e4642b80eecfa530174235f173616781d60cb976ec362d05f1496f9b8fc2ca3a025a7c96c6435129c941e375c5b8

data/README.md

@@ -23,6 +23,7 @@ server, such as firewalls, general hardening, enabling swapfile etc.
 - Procedural declaration execution - no converging, orchestration or
   event driven operation
 - If you can shell script it, you can `consist` it directly
+- Encouraging sharing of portable `Consistfiles` across the community
 
 ---
 
@@ -30,6 +31,13 @@ server, such as firewalls, general hardening, enabling swapfile etc.
 - [Support](#support)
 - [Rationale](#rationale)
 - [Key Concepts](#key-concepts)
+  - [Recipes](#recipes)
+  - [Steps](#steps)
+  - [Files](#files)
+  - [Consistfile](#consistfile)
+  - [Artifacts](#artifacts)
+  - [.consist directory](#.consist-directory)
+- [Comunity Consistfiles](#community-consistfiles)
 - [Is It Good?](#is-it-good%3F)
 - [License](#license)
 - [Code of conduct](#code-of-conduct)
@@ -41,26 +49,32 @@ server, such as firewalls, general hardening, enabling swapfile etc.
 gem install consist
 ```
 
-You must be already auth'd with the server you want to scaffold. `consist` will use
-your SSH id to perform actions.
+You must be already authenticated with the server you want to scaffold.
+`consist` will use your account's SSH id to perform actions.
 
-Then, you have two ways of interacting with Consist. First is the `scaffold` command:
+The main way of using `consist` is to go with a `Consistfile` in
+your project root that describes the recipe and steps. Then you can say:
 
 ```sh
-consist scaffold <recipe_name> root <ip_address>
+consist up <ip_address> [--consistfile=/path/to/consistfile] [--consistdir=/path/to/.consistdir]
 ```
 
-Will kick off the scaffolding of that given server with the given
-recipe, using the `root` user.
+And `consist` will do it's thing with that given IP address.
 
-The other way of using `consist` is to go with a `Consistfile` in
-your project root that describes the recipe and steps. Then you can say:
+To create a blank `Consistfile` in your project, execute:
 
-```sh
-consist up <ip_address>
+```ruby
+consist init
 ```
 
-And `consist` will do it's thing with that given IP address.
+## Commands
+
+Other commands available:
+
+- `consist init [account/repo]` - initialize your project with a new Consist file. Optionally,
+  you can specify a Github `account/repo` path and that location will be used to clone down a
+  Consistfile, and any associated artifacts needed by the Consistfile.
+- `consist ping <ip_address>` - checks you can connect and authenticate with the given IP
 
 ## Features
 
@@ -160,9 +174,10 @@ end
 
 A `Consistfile` is a portable giant file of a recipe and all its
 steps. Something like (this is a _full_ example, in practice you
-would reference some of Consist's built in steps):
+would reference some of Consists' built in steps):
 
 ```ruby
+# This is a shortened non-complete example.
 consist do
   config :hostname, "testexample.com"
   config :site_fqdn, "textexample.com"
@@ -191,171 +206,6 @@ consist do
     EOS
   end
 
-  file :fail2ban_config do
-    <<~EOS
-      # Fail2Ban configuration file.
-      #
-
-      # to view current bans, run one of the following:
-      # fail2ban-client status ssh
-      # iptables --list -n | fgrep DROP
-
-      # The DEFAULT allows a global definition of the options. They can be overridden
-      # in each jail afterwards.
-
-      [DEFAULT]
-
-      ignoreip = 127.0.0.1
-      bantime  = 600
-      maxretry = 3
-      backend = auto
-      usedns = warn
-      destemail = <%= admin_email %>
-
-      #
-      # ACTIONS
-      #
-
-      banaction = iptables-multiport
-      mta = sendmail
-      protocol = tcp
-      chain = INPUT
-
-      #
-      # Action shortcuts. To be used to define action parameter
-
-      # The simplest action to take: ban only
-      action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-      # ban & send an e-mail with whois report to the destemail.
-      action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-                    %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-      # ban & send an e-mail with whois report and relevant log lines
-      # to the destemail.
-      action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-                     %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
-
-      # default action
-      action = %(action_mw)s
-
-      [ssh]
-
-      enabled  = true
-      port = 987
-      filter   = sshd
-      logpath  = /var/log/auth.log
-      maxretry = 6
-
-      [ssh-ddos]
-
-      enabled = true
-      port = 987
-      filter   = sshd-ddos
-      logpath  = /var/log/auth.log
-      maxretry = 6
-    EOS
-  end
-
-  file :logwatch_config do
-    <<~EOS
-      Output = mail
-      MailTo = <%= admin_email %>
-      MailFrom = logwatch@host1.mydomain.org
-      Detail = Low
-      Service = All
-    EOS
-  end
-
-  file :sysctl_config do
-    <<~EOS
-      # Do not accept ICMP redirects (prevent MITM attacks)
-      net.ipv4.conf.all.accept_redirects = 0
-      net.ipv6.conf.all.accept_redirects = 0
-      # Do not send ICMP redirects (we are not a router)
-      net.ipv4.conf.all.send_redirects = 0
-      # Log Martian Packets
-      net.ipv4.conf.all.log_martians = 1
-      # Controls IP packet forwarding
-      net.ipv4.ip_forward = 0
-      # Controls source route verification
-      net.ipv4.conf.default.rp_filter = 1
-      # Do not accept source routing
-      net.ipv4.conf.default.accept_source_route = 0
-      # Controls the System Request debugging functionality of the kernel
-      kernel.sysrq = 0
-      # Controls whether core dumps will append the PID to the core filename
-      # Useful for debugging multi-threaded applications
-      kernel.core_uses_pid = 1
-       # Controls the use of TCP syncookies
-      net.ipv4.tcp_synack_retries = 2
-      ######## IPv4 networking start ###########
-      # Send redirects, if router, but this is just server
-      net.ipv4.conf.all.send_redirects = 0
-      net.ipv4.conf.default.send_redirects = 0
-      # Accept packets with SRR option? No
-      net.ipv4.conf.all.accept_source_route = 0
-      # Accept Redirects? No, this is not router
-      net.ipv4.conf.all.accept_redirects = 0
-      net.ipv4.conf.all.secure_redirects = 0
-      # Log packets with impossible addresses to kernel log? Yes
-      net.ipv4.conf.all.log_martians = 1
-      net.ipv4.conf.default.accept_source_route = 0
-      net.ipv4.conf.default.accept_redirects = 0
-      net.ipv4.conf.default.secure_redirects = 0
-      # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
-      net.ipv4.icmp_echo_ignore_broadcasts = 1
-      # Prevent against the common 'syn flood attack'
-      net.ipv4.tcp_syncookies = 1
-      # Enable source validation by reversed path, as specified in RFC1812
-      net.ipv4.conf.all.rp_filter = 1
-      net.ipv4.conf.default.rp_filter = 1
-      ######## IPv6 networking start ###########
-      # Number of Router Solicitations to send until assuming no routers are present.
-      # This is host and not router
-      net.ipv6.conf.default.router_solicitations = 0
-      # Accept Router Preference in RA?
-      net.ipv6.conf.default.accept_ra_rtr_pref = 0
-      # Learn Prefix Information in Router Advertisement
-      net.ipv6.conf.default.accept_ra_pinfo = 0
-      # Setting controls whether the system will accept Hop Limit settings from a router advertisement
-      net.ipv6.conf.default.accept_ra_defrtr = 0
-      #router advertisements can cause the system to assign a global unicast address to an interface
-      net.ipv6.conf.default.autoconf = 0
-      #how many neighbor solicitations to send out per address?
-      net.ipv6.conf.default.dad_transmits = 0
-      # How many global unicast IPv6 addresses can be assigned to each interface?
-      net.ipv6.conf.default.max_addresses = 1
-      ######## IPv6 networking ends ###########
-      # Disabled, not used anymore
-      #Enable ExecShield protection |
-      #kernel.exec-shield = 1
-      #kernel.randomize_va_space = 1
-      # TCP and memory optimization
-      # increase TCP max buffer size setable using setsockopt()
-      #net.ipv4.tcp_rmem = 4096 87380 8388608
-      #net.ipv4.tcp_wmem = 4096 87380 8388608
-      # increase Linux auto tuning TCP buffer limits
-      #net.core.rmem_max = 8388608
-      #net.core.wmem_max = 8388608
-      #net.core.netdev_max_backlog = 5000
-      #net.ipv4.tcp_window_scaling = 1
-      # increase system file descriptor limit
-      fs.file-max = 65535
-      #Allow for more PIDs
-      kernel.pid_max = 65536
-      #Increase system IP port limits
-      net.ipv4.ip_local_port_range = 2000 65000
-      # Disable IPv6 autoconf
-      #net.ipv6.conf.all.autoconf = 0
-      #net.ipv6.conf.default.autoconf = 0
-      #net.ipv6.conf.eth0.autoconf = 0
-      #net.ipv6.conf.all.accept_ra = 0
-      #net.ipv6.conf.default.accept_ra = 0
-      #net.ipv6.conf.eth0.accept_ra = 0
-    EOS
-  end
-
   recipe :kamal_single_server do
     name "Kamal Single Server Scaffold"
 
@@ -395,233 +245,50 @@ consist do
           EOS
         end
       end
+    end
+  end
+end
 
-      step :update_apt_packages do
-        name "Updating APT packages"
-        required_user :root
-
-        upload_file message: "Uploading APT config...",
-          local_file: :apt_auto_upgrade,
-          remote_path: "/etc/apt/apt.conf.d/20auto-upgrades"
-
-        shell do
-          <<~EOS
-            apt-get update && apt-get upgrade -y
-            apt-get autoremove
-            apt-get autoclean
-          EOS
-        end
-      end
-
-      step :install_apt_packages do
-        name "Installing essential APT packages"
-        required_user :root
-
-        shell "Installing essential packages" do
-          <<~EOS
-            apt-get -y install build-essential curl git vim
-          EOS
-        end
-      end
-
-      step :setup_ntp do
-        name "Installing NTP daemon"
-        required_user :root
-
-        shell "Configuring NTP daemon", params: {raise_on_non_zero_exit: false} do
-          <<~EOS
-            apt-get -y remove systemd-timesyncd
-            timedatectl set-ntp no 2>1
-            apt-get -y install ntp
-          EOS
-        end
-
-        shell "Start NTP and Fail2Ban" do
-          <<~EOS
-            service ntp restart
-          EOS
-        end
-      end
-
-      step :install_fail2ban do
-        name "Installing fail2ban"
-        required_user :root
-
-        shell "Installing essential packages" do
-          <<~EOS
-            apt-get -y install fail2ban
-          EOS
-        end
-
-        upload_file message: "Uploading fail2ban confing", local_file: :fail2ban_config,
-          remote_path: "/etc/fail2ban/jail.local"
-
-        shell "Start Fail2Ban" do
-          <<~EOS
-            service fail2ban restart
-            systemctl enable fail2ban.service
-          EOS
-        end
-      end
-
-      step :setup_swap do
-        name "Configure and enable the swapfile"
-        required_user :root
-
-        check status: :nonexistant, file: "/swapfile" do
-          shell do
-            <<~EOS
-              fallocate -l <%= swap_size %> /swapfile
-              chmod 600 /swapfile
-              mkswap /swapfile
-              swapon /swapfile
-              echo "\n/swapfile swap swap defaults 0 0\n" >> /etc/fstab
-              sysctl vm.swappiness=<%=swap_swappiness%>
-              echo "\nvm.swappiness=<%=swap_swappiness%>\n" >> /etc/sysctl.conf
-            EOS
-          end
-        end
-      end
-
-      step :harden_ssh do
-        name "Harden the SSH config"
-
-        mutate_file mode: :replace, target_file: "/etc/ssh/sshd_config", match: "^#PasswordAuthentication yes$",
-          target_string: "PasswordAuthentication no"
-        mutate_file mode: :replace, target_file: "/etc/ssh/sshd_config", match: "^#PubkeyAuthentication yes$",
-          target_string: "PubkeyAuthentication yes"
-
-        shell do
-          <<~EOS
-            service ssh restart
-          EOS
-        end
-      end
-
-      step :harden_system do
-        name "Harden the SYSCTL settings"
-
-        upload_file message: "Uploading sysctl config...",
-          local_file: :sysctl_config,
-          remote_path: "/tmp/sysctl_config"
-
-        shell do
-          <<~EOS
-            cat /etc/sysctl.conf /tmp/sysctl_config > /etc/sysctl.conf
-            rm /tmp/sysctl_config
-            sysctl -p
-          EOS
-        end
-      end
-
-      step :setup_ufw do
-        name "Setup UFW"
-
-        shell do
-          <<~EOS
-            ufw logging on
-            ufw default deny incoming
-            ufw default allow outgoing
-            ufw allow 22
-            ufw allow 80
-            ufw allow 443
-            ufw --force enable
-            service ufw restart
-          EOS
-        end
-      end
-
-      step :setup_postfix do
-        name "Install Postfix for admin emails"
+# vim: filetype=ruby
+```
 
-        shell do
-          <<~EOS
-            echo "postfix postfix/mailname string <%= site_fqdn %>" | debconf-set-selections
-          EOS
-        end
+Given a `Consistfile` you could then say `consist up <ip_address>` and
+it would just work.
 
-        shell do
-          <<~EOS
-            echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-          EOS
-        end
+### Artifacts
 
-        shell do
-          <<~EOS
-            DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes postfix
-          EOS
-        end
-      end
+Artifacts allow you to split out your `Consistfile` into separate files.
 
-      step :setup_logwatch do
-        name "Setup Logwatch to automate log reporting"
+You can create blocks in the `Consistfile` as shown above, but you can also only
+specify an `id`, and that `id` will be used to try and attempt to load a file of that
+name in the `.consist/<type>/<id>` directory. For example, referencing a file:
 
-        shell do
-          <<~EOS
-            DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes logwatch
-          EOS
-        end
+```ruby
+file :apt_auto_upgrade
+```
 
-        mutate_file mode: :replace, target_file: "/etc/cron.daily/00logwatch", match: "^/usr/sbin/logwatch --output mail$",
-          target_string: "/usr/sbin/logwatch --output mail --mailto <%= admin_email %> --detail high", delim: "#"
+Will attempt to load a file in `.consist/files/apt_auto_upgrade`. The same is
+possible for any of the main types: `files`, `steps`, and `recipes`
 
-        upload_file message: "Uploading Logwatch confing", local_file: :logwatch_config,
-          remote_path: "/etc/logwatch/conf"
-      end
+### `.consist` directory
 
-      step :setup_docker do
-        name "Setup Docker"
+The `.consist` directory is assumed to be in the root of your project, and should
+contain three subdirectories for each of the types: `files`, `steps`, `recipes`.
 
-        shell do
-          <<~EOS
-            # Add Docker's official GPG key:
-            apt-get update
-            apt-get install ca-certificates curl gnupg -y
-            install -m 0755 -d /etc/apt/keyrings
-            rm /etc/apt/keyrings/docker.gpg
-            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --batch --no-tty --dearmor -o /etc/apt/keyrings/docker.gpg
-            chmod a+r /etc/apt/keyrings/docker.gpg
-
-            # Add the repository to Apt sources:
-            echo \
-              "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-              $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-              tee /etc/apt/sources.list.d/docker.list > /dev/null
-            apt-get update
-
-            # Install Docker
-            apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
-
-            # Make Docker start on boot
-            sudo systemctl enable docker.service
-            sudo systemctl enable containerd.service
-          EOS
-        end
+You can specify an alternate directory location by passing the `--consistdir` switch
+to the `up` command.
 
-        shell "Create docker group", params: {raise_on_non_zero_exit: false} do
-          <<~EOS
-            # Create group
-            sudo groupadd docker
-            sudo usermod -aG docker $USER
-          EOS
-        end
+## Community Consistfiles
 
-        shell "Create default private network", params: {raise_on_non_zero_exit: false} do
-          <<~EOS
-            # Create default private network
-            docker network create private
-          EOS
-        end
-      end
-    end
-  end
-end
+If you create a Github repo, and all it contains is a `Consistfile` and any associated
+artifacts under a `.consist` directory, other people will be able to use it by
+executing `consist init <gh_repo_path>` in their project root.
 
-# vim: filetype=ruby
-```
+If you create one, please open a PR to include it here:
 
-Given a `Consistfile` you could then say `consist up <ip_address>` and
-it would just work.
+| Name                      | Repo                                                                                | Description                                                 |
+| ------------------------- | ----------------------------------------------------------------------------------- | ----------------------------------------------------------- |
+| Kamal Single Server Setup | [consist-sh/kamal-single-server](https://github.com/consist-sh/kamal-single-server) | Setup a single server with good defaults ready to run Kamal |
 
 ## Is it good?
 

data/lib/consist/cli.rb

@@ -1,9 +1,12 @@
+require "fileutils"
+
 require "thor"
 require "sshkit"
 require "sshkit/dsl"
 
+require "consist/utils"
+require "consist/resolver"
 require "consist/recipe"
-require "consist/recipes"
 require "consist/step"
 require "consist/consistfile"
 require "consist/commands/includes/stream_logger"
@@ -16,16 +19,22 @@ require "consist/commands/check"
 module Consist
   class CLI < Thor
     extend ThorExt::Start
+    include Thor::Actions
+    include SSHKit::DSL
 
     map %w[-v --version] => "version"
 
+    def self.source_root
+      File.dirname(__FILE__)
+    end
+
     desc "version", "Display consist version"
     def version
       say "consist/#{VERSION} #{RUBY_DESCRIPTION}"
     end
 
-    desc "lightup", "Attempt to connect to a server and execute an idempotent statement."
-    def lightup(user, server)
+    desc "ping", "Attempt to connect to a server and execute an idempotent statement."
+    def ping(user, server)
       puts "---> Attempting to connect to #{server} as #{user}"
       on("#{user}@#{server}") do
         as user do
@@ -34,18 +43,28 @@ module Consist
       end
     end
 
-    desc "scaffold", "Apply a given recipe to (a) server(s)"
-    def scaffold(_recipe, server_ip)
-      Consist::Recipes.new(server_ip)
-    end
-
     option :step, type: :string
     option :consistfile, type: :string
+    option :consistdir, type: :string
     desc "up", "Run a Consistfile against a server"
     def up(server_ip)
       specified_step = options[:step]
       consistfile = options[:consistfile]
-      Consist::Consistfile.new(server_ip, consistfile:, specified_step:)
+      consist_dir = options[:consistdir]
+      Consist::Consistfile.new(server_ip, consist_dir:, consistfile:, specified_step:)
+    end
+
+    desc "init", "Initialize a project with Consist, optionally specifying a GH path to a Consistfile"
+    def init(gh_path = nil)
+      if gh_path
+        full_url = "https://github.com/#{gh_path}"
+        Consist::Utils.clone_repo_contents(full_url, Dir.pwd)
+      else
+        puts "Creating new Consistfile..."
+        directory "templates/.consist", File.join(Dir.pwd, ".consist")
+        template "templates/Consistfile.tt", File.join(Dir.pwd, "Consistfile")
+        puts "...done"
+      end
     end
   end
 end

data/lib/consist/consistfile.rb

@@ -2,18 +2,21 @@
 
 module Consist
   class << self
-    attr_accessor :files, :config
+    attr_accessor :files, :config, :consist_dir
   end
 
   @files = []
   @config = {}
+  @consist_dir = ""
 
   class Consistfile
     include SSHKit::DSL
 
-    def initialize(server_ip, specified_step:, consistfile:)
+    def initialize(server_ip, specified_step:, consist_dir:, consistfile:)
       @server_ip = server_ip
       @specified_step = specified_step
+      Consist.consist_dir = consist_dir || ".consist"
+
       consistfile_path = if consistfile
         File.expand_path(consistfile, Dir.pwd)
       else
@@ -30,7 +33,6 @@ module Consist
 
     def recipe(id, &definition)
       recipe = Consist::Recipe.new(id, &definition)
-
       puts "Executing Recipe: #{recipe.name}"
 
       if @specified_step.nil?
@@ -47,9 +49,12 @@ module Consist
     end
 
     def file(id, &definition)
-      return unless definition
-
-      contents = yield
+      if definition
+        contents = yield
+      else
+        file_contents = Consist::Resolver.new(pwd: Dir.pwd).resolve_artifact(type: :file, id:)
+        contents = file_contents
+      end
 
       Consist.files << {id:, contents:}
     end

data/lib/consist/recipe.rb

@@ -2,9 +2,16 @@
 
 module Consist
   class Recipe
-    def initialize(_id = nil, &definition)
+    def initialize(id = nil, &definition)
       @steps = []
-      instance_eval(&definition)
+      @id = id
+
+      if definition
+        instance_eval(&definition)
+      else
+        contents = Consist::Resolver.new(pwd: Dir.pwd).resolve_artifact(type: :recipe, id:)
+        instance_eval(contents)
+      end
     end
 
     def name(name = nil)
@@ -22,21 +29,13 @@ module Consist
       @user
     end
 
-    def steps(&block)
-      instance_eval(&block) if block
+    def steps(&definition)
+      instance_eval(&definition) if definition
       @steps
     end
 
-    def step(step_name, &block)
-      if block
-        @steps << Step.new(id: step_name, &block)
-        return
-      end
-
-      target_path = File.join("../../", "steps", step_name.to_s, "step.rb")
-      step_path = File.expand_path(target_path, __FILE__)
-      step_content = File.read(step_path)
-      @steps << Step.new(id: step_name) { instance_eval(step_content) }
+    def step(id, &definition)
+      @steps << Step.new(id:, &definition)
     end
   end
 end

data/lib/consist/resolver.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Consist
+  class Resolver
+    def initialize(pwd:)
+      @pwd = pwd
+    end
+
+    def resolve_artifact(type:, id:)
+      file_name = %i[recipe step].include?(type) ? "#{id}.rb" : id.to_s
+      target_path = File.join(Consist.consist_dir, "#{type}s", file_name)
+      artifact_path = File.expand_path(target_path, @pwd)
+      File.read(artifact_path)
+    end
+  end
+end

data/lib/consist/step.rb

@@ -6,11 +6,17 @@ module Consist
   class Step
     include SSHKit::DSL
 
-    def initialize(id:, &block)
+    def initialize(id:, &definition)
       @commands = []
       @id = id
       @required_user = :root
-      instance_eval(&block)
+
+      if definition
+        instance_eval(&definition)
+      else
+        contents = Consist::Resolver.new(pwd: Dir.pwd).resolve_artifact(type: :step, id:)
+        instance_eval(contents)
+      end
     end
 
     def id(id = nil)

data/lib/consist/templates/Consistfile.tt

@@ -0,0 +1,19 @@
+consist do 
+  config :example, "example"
+
+  # Define a recipe block:
+  #
+  # recipe :my_recipe do
+  #   name "My recipe"
+  #
+  #   steps do 
+  #     step do 
+  #       shell do
+  #         <<~EOS
+  #           echo 'hello'
+  #         EOS
+  #       end
+  #     end
+  #   end
+  # end
+end

data/lib/consist/utils.rb

@@ -0,0 +1,28 @@
+require "fileutils"
+require "tmpdir"
+
+module Consist
+  module Utils
+    extend self
+
+    def clone_repo_contents(source_repo, target_dir)
+      temp_dir = Dir.mktmpdir
+
+      puts "Using #{source_repo} as template to initialize Consistfile..."
+      system("git clone --depth=1 #{source_repo} #{temp_dir} >/dev/null 2>&1")
+
+      Dir.foreach(temp_dir) do |item|
+        next if [".", "..", ".git"].include?(item)
+        next unless ["Consistfile", ".consist"].include?(item)
+
+        source_path = File.join(temp_dir, item)
+        target_path = File.join(target_dir, item)
+        FileUtils.cp_r(source_path, target_path)
+      end
+
+      FileUtils.remove_entry_secure(temp_dir)
+
+      puts "...done"
+    end
+  end
+end

data/lib/consist/version.rb

@@ -1,3 +1,3 @@
 module Consist
-  VERSION = "0.1.2".freeze
+  VERSION = '0.1.3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: consist
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - John McDowall
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-11-30 00:00:00.000000000 Z
+date: 2023-12-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ssh
@@ -73,14 +73,12 @@ files:
 - lib/consist/commands/upload.rb
 - lib/consist/consistfile.rb
 - lib/consist/recipe.rb
-- lib/consist/recipes.rb
+- lib/consist/resolver.rb
 - lib/consist/step.rb
+- lib/consist/templates/Consistfile.tt
 - lib/consist/thor_ext.rb
+- lib/consist/utils.rb
 - lib/consist/version.rb
-- lib/recipes/kamal_single_server.rb
-- lib/steps/install_apt_packages/step.rb
-- lib/steps/update_apt_packages/apt_auto_upgrades
-- lib/steps/update_apt_packages/step.rb
 homepage: https://github.com/consist-sh/consist
 licenses:
 - LGPL-3.0

data/lib/consist/recipes.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-module Consist
-  class Recipes
-    include SSHKit::DSL
-
-    def initialize(server_ip)
-      recipe_directory = File.expand_path("../recipes", __dir__)
-      recipes = Dir[File.join(recipe_directory, "*.rb")]
-
-      recipes.each do |recipe_file|
-        recipe_content = File.read(recipe_file)
-        recipe = Recipe.new { instance_eval(recipe_content) }
-
-        puts "Executing Recipe: #{recipe.name}"
-        recipe.steps.each do |step|
-          puts "Executing Step: #{step.name}"
-
-          on("#{step.required_user}@#{server_ip}") do
-            step.perform(self)
-          end
-        end
-
-        puts "Execution of #{recipe.name} has completed."
-      end
-    end
-  end
-end

data/lib/recipes/kamal_single_server.rb

@@ -1,8 +0,0 @@
-name "Kamal Single Server"
-description "Sets up a single server to run Kamal"
-user :root
-
-steps do
-  step :update_apt_packages
-  step :install_apt_packages
-end

data/lib/steps/install_apt_packages/step.rb

@@ -1,19 +0,0 @@
-name "Install APT packages"
-required_user :root
-
-shell "Installing essential packages" do
-  <<~EOS
-    apt-get -y remove systemd-timesyncd
-    timedatectl set-ntp no
-    apt-get -y install build-essential curl fail2ban git ntp vim
-    apt-get autoremove
-    apt-get autoclean
-  EOS
-end
-
-shell "Start NTP and Fail2Ban" do
-  <<~EOS
-    service ntp restart
-    service fail2ban restart
-  EOS
-end

data/lib/steps/update_apt_packages/apt_auto_upgrades

@@ -1,3 +0,0 @@
-APT::Periodic::AutocleanInterval "7";
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";

data/lib/steps/update_apt_packages/step.rb

@@ -1,11 +0,0 @@
-name "Update the APT packages"
-required_user :root
-
-upload_file message: "Uploading APT config...", local_file: "apt_auto_upgrades",
-  remote_path: "/etc/apt/apt.conf.d/20auto-upgrades"
-
-shell do
-  <<~EOS
-    apt-get update && apt-get upgrade -y
-  EOS
-end