daddy 0.5.14 → 0.5.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3a5cca7d6764d60692724975965fec3f20c9b445
-  data.tar.gz: 1a275d8a6663a7f97c3509f428d413a4b93c90c1
+  metadata.gz: fa92f5f719307e60e8adb76b87708c25cb6435fb
+  data.tar.gz: 39601454cf8dc69ec9e4d519b7825d0b832f2325
 SHA512:
-  metadata.gz: d44db4037303591c32446ab4854841e2703637afa90c768755e1ecce8f39ced9f1bcf50c72d78a546dc4c521fedbe49373a3d5eeabd69e8469987361f9401f46
-  data.tar.gz: b69f97324591275f7fbdbd6555806b7b50153df5f6cd8b8717ea08f5a56065861c457043bca89dabff9f880c3ac209b5a96403be96cdb0081ae3a94fe7ba88e9
+  metadata.gz: 6158483a49f6905ee88e2f2d976006efeb263319521a80428a18999e2231c5c55ea5e83ffc287d5fa7a96db1adb7fc1157ab62436754232a1454b5873fd3e3af
+  data.tar.gz: b87e96de03475a5f0d3b88100ba43a9f0c522d55e0d317d0f39b3307c0fbf74a0ecb60ed0f44527f00f19dad05b1036e335997d28f9ddd3ebb19fdcd2a576e76

data/itamae/cookbooks/letsencrypt/install.rb

@@ -0,0 +1,25 @@
+require 'daddy/itamae'
+
+%w{ git }.each do |name|
+  package name do
+    user 'root'
+  end
+end
+
+directory '/opt/letsencrypt' do
+  user 'root'
+  owner ENV['USER']
+  group ENV['USER']
+  mode '755'
+end
+
+directory '/opt/letsencrypt/certbot' do
+  user 'root'
+  owner ENV['USER']
+  group ENV['USER']
+  mode '755'
+end
+
+git '/opt/letsencrypt/certbot' do
+  repository 'https://github.com/certbot/certbot'
+end

data/itamae/cookbooks/nginx/config.rb

@@ -0,0 +1,20 @@
+require 'daddy/itamae'
+
+directory '/etc/nginx/conf.d/servers' do
+  user 'root'
+  owner 'root'
+  group 'root'
+  mode '755'
+end
+
+template "/etc/nginx/conf.d/servers/#{ENV['APP_NAME']}.conf" do
+  source 'templates/app.conf.erb'
+  user 'root'
+  owner 'root'
+  group 'root'
+  mode '644'
+  variables :app_name => ENV['APP_NAME'],
+      :server_name => ENV['SERVER_NAME'],
+      :rails_env => ENV['RAILS_ENV'],
+      :rails_root => ENV['RAILS_ROOT']
+end

data/itamae/cookbooks/nginx/install.rb

@@ -11,9 +11,11 @@ package 'nginx' do
   user 'root'
 end
 
-execute 'mv -f /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.org' do
+template '/etc/nginx/nginx.conf' do
   user 'root'
-  not_if 'test -e /etc/nginx/conf.d/default.conf.org'
+  owner 'root'
+  group 'root'
+  mode '644'
 end
 
 template '/etc/nginx/conf.d/default.conf' do

data/itamae/cookbooks/nginx/templates/app.conf.erb

@@ -0,0 +1,53 @@
+<%-
+  @ssl = system("sudo test -e /etc/letsencrypt/live/#{@server_name}/fullchain.pem") &&
+         system("sudo test -e /etc/letsencrypt/live/#{@server_name}/privkey.pem")
+-%>
+upstream <%= @app_name %> {
+  server unix:<%= @rails_root %>/tmp/sockets/unicorn.sock fail_timeout=0;
+}
+
+server {
+  listen 80;
+<%- if @ssl -%>
+  listen 443 ssl;
+<%- end -%>
+  server_name <%= @server_name %>;
+  access_log /var/log/nginx/<%= @app_name %>_access.log ltsv;
+
+<%- if @ssl -%>
+  ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;
+<%- end -%>
+
+  root <%= @rails_root %>/public;
+  try_files $uri/index.html $uri @app;
+
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 500;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+
+  location @app {
+    proxy_pass http://<%= @app_name %>;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+<%- if @rails_env == 'production' -%>
+  location ~ ^/(assets)/ {
+    gzip_vary on;
+    gzip_static always;
+    gunzip on;
+    expires 1y;
+    add_header Cache-Control public;
+    add_header ETag "";
+  }
+<%- end -%>
+}

data/itamae/cookbooks/unicorn/install.rb

@@ -0,0 +1,45 @@
+require 'daddy/itamae'
+
+template 'config/unicorn.rb' do
+  variables :rails_root => ENV['RAILS_ROOT'],
+      :worker_processes => ENV['RAILS_ROOT'] == 'production' ? 2 : 1,
+      :timeout => 300
+end
+
+case os_version
+when /rhel-6\.(.*?)/
+  template "/etc/init.d/#{ENV['APP_NAME']}" do
+    source File.join(File.dirname(__FILE__), 'templates/init.d/app.erb')
+    user 'root'
+    owner 'root'
+    group 'root'
+    mode '755'
+    variables :app_name => ENV['APP_NAME'],
+        :rails_env => ENV['RAILS_ENV'],
+        :rails_root => ENV['RAILS_ROOT']
+  end
+when /rhel-7\.(.*?)/
+  template "/etc/systemd/system/#{ENV['APP_NAME']}.service" do
+    source File.join(File.dirname(__FILE__), 'templates/systemd/app.service.erb')
+    user 'root'
+    owner 'root'
+    group 'root'
+    mode '644'
+    variables :app_name => ENV['APP_NAME'],
+        :rails_env => ENV['RAILS_ENV'],
+        :rails_root => ENV['RAILS_ROOT'],
+        :user => ENV['USER'],
+        :timeout => 305
+  end
+
+  execute 'systemctl daemon-reload' do
+    user 'root'
+    subscribes :run, "template[/etc/systemd/system/#{ENV['APP_NAME']}.service]"
+    action :nothing
+  end
+end
+
+service "#{ENV['APP_NAME']}" do
+  user 'root'
+  action :enable
+end

data/{lib/tasks/unicorn/unicorn.erb → itamae/cookbooks/unicorn/templates/init.d/app.erb}

@@ -1,13 +1,13 @@
 #!/bin/sh
 #
 # chkconfig: - 85 15
-# description: <%= app_name %>
+# description: <%= @app_name %>
 
 . /etc/rc.d/init.d/functions
 
 RAILS_USER=<%= ENV['USER'] %>
-RAILS_ENV=<%= rails_env %>
-RAILS_ROOT=<%= rails_root %>
+RAILS_ENV=<%= @rails_env %>
+RAILS_ROOT=<%= @rails_root %>
 
 PID=${RAILS_ROOT}/tmp/pids/unicorn.pid
 CONFIG=${RAILS_ROOT}/config/unicorn.rb
@@ -15,13 +15,13 @@ CONFIG=${RAILS_ROOT}/config/unicorn.rb
 export PATH="${PATH}":/usr/local/bin
 
 start() {
-  echo -n 'Starting <%= app_name %>: '
+  echo -n 'Starting <%= @app_name %>: '
   daemon --user=${RAILS_USER} --pidfile=$PID bundle exec unicorn_rails -c ${CONFIG} -E ${RAILS_ENV} -D
   echo
 }
 
 stop() {
-  echo -n 'Stopping <%= app_name %>: '
+  echo -n 'Stopping <%= @app_name %>: '
   killproc -p ${PID} -QUIT
   echo
 }

data/itamae/cookbooks/unicorn/templates/systemd/app.service.erb

@@ -0,0 +1,15 @@
+[Unit]
+Description = unicorn server for <%= @app_name %>
+Wants = mariadb.service
+After = mariadb.service
+
+[Service]
+User = <%= @user %>
+WorkingDirectory = <%= @rails_root %>
+SyslogIdentifier = <%= @app_name %>
+PIDFile = <%= @rails_root %>/tmp/pids/unicorn.pid
+ExecStart = /usr/local/bin/bundle exec unicorn_rails -c <%= @rails_root %>/config/unicorn.rb -E <%= @rails_env %> -D
+ExecStop = <%= `which kill`.strip %> -s QUIT $MAINPID
+
+[Install]
+WantedBy = multi-user.target

data/itamae/cookbooks/unicorn/templates/unicorn.rb.erb

@@ -0,0 +1,29 @@
+rails_root = "#{File.expand_path(File.dirname(File.dirname(__FILE__)))}"
+
+worker_processes <%= @worker_processes %>
+working_directory rails_root
+
+listen "#{rails_root}/tmp/sockets/unicorn.sock"
+timeout <%= @timeout %>
+
+stdout_path 'log/unicorn.log'
+stderr_path 'log/unicorn.log'
+
+preload_app true
+
+before_fork do |server, worker|
+  defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
+
+  old_pid = "#{server.config[:pid]}.oldbin"
+  if old_pid != server.pid
+    begin
+      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+      Process.kill(sig, File.read(old_pid).to_i)
+    rescue Errno::ENOENT, Errno::ESRCH
+    end
+  end
+end
+
+after_fork do |server, worker|
+  defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
+end

data/itamae/cookbooks/vsftpd/install.rb

@@ -0,0 +1,25 @@
+require 'daddy/itamae'
+
+%w{ mod_ssl vsftpd }.each do |name|
+  package name do
+    user 'root'
+  end
+end
+
+template '/etc/vsftpd/vsftpd.conf' do
+  user 'root'
+  owner 'root'
+  group 'root'
+  mode '600'
+end
+
+service 'vsftpd' do
+  user 'root'
+  action [:enable, :start]
+end
+
+service 'vsftpd' do
+  user 'root'
+  subscribes :restart, "template[/etc/vsftpd/vsftpd.conf]"
+  action :nothing
+end

data/itamae/templates/etc/nginx/nginx.conf.erb

@@ -0,0 +1,49 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+  worker_connections  1024;
+}
+
+
+http {
+  include        /etc/nginx/mime.types;
+  default_type   application/octet-stream;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  log_format  ltsv  'time:$time_local\t'
+                    'msec:$msec\t'
+                    'host:$remote_addr\t'
+                    'forwardedfor:$http_x_forwarded_for\t'
+                    'req:$request\t'
+                    'method:$request_method\t'
+                    'uri:$request_uri\t'
+                    'status:$status\t'
+                    'size:$body_bytes_sent\t'
+                    'referer:$http_referer\t'
+                    'ua:$http_user_agent\t'
+                    'reqtime:$request_time\t'
+                    'upsttime:$upstream_response_time\t'
+                    'cache:$upstream_http_x_cache\t'
+                    'runtime:$upstream_http_x_runtime\t'
+                    'vhost:$host';
+
+  access_log  /var/log/nginx/access.log  main;
+
+  sendfile        on;
+  #tcp_nopush     on;
+
+  keepalive_timeout  65;
+
+  #gzip  on;
+
+  include /etc/nginx/conf.d/*.conf;
+}

data/itamae/templates/etc/vsftpd/vsftpd.conf.erb

@@ -0,0 +1,146 @@
+# Example config file /etc/vsftpd/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=NO
+#
+# Uncomment this to allow local users to log in.
+# When SELinux is enforcing check for SE bool ftp_home_dir
+local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/xferlog
+#
+# If you want, you can have your log file in standard ftpd xferlog format.
+# Note that the default log file location is /var/log/xferlog in this case.
+xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that on some FTP servers, ASCII support allows a denial of service
+# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
+# predicted this attack and has always been safe, reporting the size of the
+# raw file.
+# ASCII mangling is a horrible feature of the protocol.
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd/banned_emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
+# the user does not have write access to the top level directory within the
+# chroot)
+#chroot_local_user=YES
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd/chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# When "listen" directive is enabled, vsftpd runs in standalone mode and
+# listens on IPv4 sockets. This directive cannot be used in conjunction
+# with the listen_ipv6 directive.
+listen=NO
+#
+# This directive enables listening on IPv6 sockets. By default, listening
+# on the IPv6 "any" address (::) will accept connections from both IPv6
+# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
+# sockets. If you want that (perhaps because you want to listen on specific
+# addresses) then you must run two copies of vsftpd with two configuration
+# files.
+# Make sure, that one of the listen options is commented !!
+listen_ipv6=YES
+
+pam_service_name=vsftpd
+userlist_enable=YES
+tcp_wrappers=NO
+
+ssl_enable=YES
+listen_port=990
+rsa_cert_file=/etc/pki/tls/certs/localhost.crt
+rsa_private_key_file=/etc/pki/tls/private/localhost.key
+ssl_tlsv1=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+ssl_ciphers=HIGH
+allow_anon_ssl=NO
+force_local_data_ssl=YES
+force_local_logins_ssl=YES
+require_ssl_reuse=NO
+
+pasv_enable=YES
+pasv_promiscuous=YES
+implicit_ssl=YES
+pasv_min_port=50990
+pasv_max_port=50999

data/lib/daddy/itamae/env/dad_env.rb

@@ -1,4 +1,5 @@
 def dad_env
-  ENV['DAD_ENV'] ||= ENV['RAILS_ENV']
-  ENV['DAD_ENV'] ||= 'development'
+  ret = ENV['DAD_ENV']
+  ret ||= ENV['RAILS_ENV']
+  ret ||= 'development'
 end

data/lib/daddy/itamae/env/os_version.rb

@@ -1,3 +1,3 @@
 def os_version
-  ENV['DAD_OS_VERSION'] ||= "#{node[:platform_family]}-#{node[:platform_version]}"
+  "#{node.platform_family}-#{node.platform_version}"
 end

data/lib/daddy/version.rb

@@ -1,3 +1,3 @@
 module Daddy
-  VERSION = '0.5.14'
+  VERSION = '0.5.15'
 end

data/lib/tasks/docker.rake

@@ -13,7 +13,7 @@ namespace :dad do
       end
     end
 
-    desc 'install Docker'
+    desc I18n.t('docker.install')
     task :install do
       run_itamae 'docker/install'
     end

data/lib/tasks/letsencrypt.rake

@@ -0,0 +1,12 @@
+require_relative 'task_helper'
+
+namespace :dad do
+  namespace :letsencrypt do
+
+    desc I18n.t('letsencrypt.install')
+    task :install do
+      run_itamae 'letsencrypt/install'
+    end
+
+  end
+end

data/lib/tasks/locale/en.yml

@@ -1,9 +1,17 @@
 en:
+  docker:
+    install: install Docker
   god:
     install: install God
   jenkins:
     install: install Jenkins
     plugins:
       install: install Jenkins plugins
+  letsencrypt:
+    install: install Let's Eencrypt certbot
   nginx:
     install: install Nginx
+  unicorn:
+    install: install application as unicorn service
+  vsftpd:
+    install: install vsftpd

data/lib/tasks/locale/ja.yml

@@ -1,9 +1,17 @@
 ja:
+  docker:
+    install: Docker をインストールします
   god:
     install: God をインストールします
   jenkins:
     install: Jenkinsをインストールします
     plugins:
       install: Jenkinsプラグインをインストールします
+  letsencrypt:
+    install: Let's Eencrypt の certbot をインストールします
   nginx:
-    install: Nginxをインストールします。
+    install: Nginxをインストールします
+  unicorn:
+    install: アプリをUnicornサービスとしてインストールします
+  vsftpd:
+    install: vsftpd をインストールします

data/lib/tasks/nginx.rake

@@ -10,15 +10,11 @@ namespace :dad do
 
     desc 'Nginxにアプリの設定ファイルをインストールします。'
     task :config do
-      @server_name = ENV['SERVER_NAME'] || ask('SERVER_NAME', :default => 'localhost', :required => true)
-      @rails_env = rails_env(:default => 'production')
-      app_conf = render File.join(File.dirname(__FILE__), 'nginx', 'app.conf.erb'),
-          :to => "tmp/daddy/nginx/#{app_name}.conf"
-
-      unless dry_run?
-        run "sudo mkdir -p /etc/nginx/conf.d/servers",
-            "sudo cp -f #{app_conf.path} /etc/nginx/conf.d/servers/"
-      end
+      ENV['APP_NAME'] ||= app_name
+      ENV['SERVER_NAME'] ||= ask('SERVER_NAME', :default => 'localhost', :required => true)
+      ENV['RAILS_ENV'] ||= rails_env(:default => 'development')
+      ENV['RAILS_ROOT'] ||= rails_root
+      run_itamae 'nginx/config'
     end
 
   end

data/lib/tasks/task_helper.rb

@@ -12,7 +12,7 @@ def self.daddy_version
 end
 
 def self.rails_root
-  ENV['RAILS_ROOT'] || @_rails_root ||= ask('RAILS_ROOT', :default => Rails.root)
+  ENV['RAILS_ROOT'] || @_rails_root ||= ask('RAILS_ROOT', :default => Dir.pwd)
 end
 
 def self.rails_env(options = {})
@@ -20,7 +20,7 @@ def self.rails_env(options = {})
 end
 
 def self.app_name
-  YAML.load_file("#{rails_root}/config/database.yml")[rails_env]['database']
+  ENV['APP_NAME'] || @_app_name ||= ask('APP_NAME', :default => File.basename(Dir.pwd))
 end
 
 def self.template_dir
@@ -72,18 +72,18 @@ def self.ask(prompt, options = {})
   end
 
   answer = STDIN.gets.strip
-  answer = options[:default] if answer.blank?
+  answer = options[:default] if answer.empty?
 
   if options[:password]
     system("stty echo")
     puts
   end
 
-  if options[:required] and answer.blank?
+  if options[:required] and answer.empty?
     raise "必須です。処理を中止します。"
   end
 
-  answer.blank? ? nil : answer
+  answer.empty? ? nil : answer
 end
 
 def self.quiet?

data/lib/tasks/unicorn.rake

@@ -3,32 +3,13 @@ require_relative 'task_helper'
 namespace :dad do
   namespace :unicorn do
 
-    desc 'Unicornの設定を行います。'
-    task :config do
-      config = render File.join(File.dirname(__FILE__), 'unicorn', 'unicorn.rb.erb'),
-          :to => File.join('tmp', 'unicorn', 'unicorn.rb')
-
-      init_script = render File.join(File.dirname(__FILE__), 'unicorn', 'unicorn.erb'),
-          :to => File.join('tmp', 'unicorn', "unicorn_#{app_name}")
-
-      if dry_run?
-        puts "----------------------------------------"
-        puts config
-        puts "----------------------------------------"
-        puts File.read(config)
-        puts "----------------------------------------"
-        puts init_script
-        puts "----------------------------------------"
-        puts File.read(init_script)
-        puts "----------------------------------------"
-      else
-        run "cp -f #{config.path} config/",
-            "sudo cp -f #{init_script.path} /etc/init.d/",
-            "sudo chown root:root /etc/init.d/#{File.basename(init_script.path)}",
-            "sudo chmod 755 /etc/init.d/#{File.basename(init_script.path)}",
-            "sudo /sbin/chkconfig #{File.basename(init_script.path)} on"
-      end
-    end  
+    desc I18n.t('unicorn.install')
+    task :install do
+      ENV['APP_NAME'] ||= app_name
+      ENV['RAILS_ENV'] ||= rails_env(:default => 'development')
+      ENV['RAILS_ROOT'] ||= rails_root
+      run_itamae 'unicorn/install'
+    end
 
   end
 end

data/lib/tasks/vsftpd.rake

@@ -0,0 +1,12 @@
+require_relative 'task_helper'
+
+namespace :dad do
+  namespace :vsftpd do
+
+    desc I18n.t('vsftpd.install')
+    task :install do
+      run_itamae 'vsftpd/install'
+    end
+
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: daddy
 version: !ruby/object:Gem::Version
-  version: 0.5.14
+  version: 0.5.15
 platform: ruby
 authors:
 - ichy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-28 00:00:00.000000000 Z
+date: 2016-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capybara
@@ -253,12 +253,20 @@ files:
 - itamae/cookbooks/god/install.rb
 - itamae/cookbooks/jenkins/install.rb
 - itamae/cookbooks/jenkins/plugins/install.rb
+- itamae/cookbooks/letsencrypt/install.rb
 - itamae/cookbooks/mysql/install.rb
 - itamae/cookbooks/mysql/mysql_secure_installation.sh
 - itamae/cookbooks/netdata/install.rb
 - itamae/cookbooks/netdata/netdata-installer.sh
+- itamae/cookbooks/nginx/config.rb
 - itamae/cookbooks/nginx/install.rb
+- itamae/cookbooks/nginx/templates/app.conf.erb
 - itamae/cookbooks/phantomjs/install.rb
+- itamae/cookbooks/unicorn/install.rb
+- itamae/cookbooks/unicorn/templates/init.d/app.erb
+- itamae/cookbooks/unicorn/templates/systemd/app.service.erb
+- itamae/cookbooks/unicorn/templates/unicorn.rb.erb
+- itamae/cookbooks/vsftpd/install.rb
 - itamae/locale/en.yml
 - itamae/locale/ja.yml
 - itamae/templates/etc/god/master.conf.erb
@@ -267,7 +275,9 @@ files:
 - itamae/templates/etc/my.cnf.d/daddy.cnf.erb
 - itamae/templates/etc/my.cnf.erb
 - itamae/templates/etc/nginx/conf.d/default.conf.erb
+- itamae/templates/etc/nginx/nginx.conf.erb
 - itamae/templates/etc/sysconfig/jenkins.erb
+- itamae/templates/etc/vsftpd/vsftpd.conf.erb
 - itamae/templates/etc/yum.repos.d/docker.repo.erb
 - itamae/templates/etc/yum.repos.d/nginx.repo.erb
 - lib/active_support/cache/null_store.rb
@@ -343,12 +353,12 @@ files:
 - lib/tasks/kibana/configure.sh
 - lib/tasks/kibana/install.sh
 - lib/tasks/kibana/nginx.conf.erb
+- lib/tasks/letsencrypt.rake
 - lib/tasks/locale/en.yml
 - lib/tasks/locale/ja.yml
 - lib/tasks/mysql.rake
 - lib/tasks/netdata.rake
 - lib/tasks/nginx.rake
-- lib/tasks/nginx/app.conf.erb
 - lib/tasks/phantomjs.rake
 - lib/tasks/publish.rake
 - lib/tasks/redis.rake
@@ -359,8 +369,7 @@ files:
 - lib/tasks/tesseract.rake
 - lib/tasks/test.rake
 - lib/tasks/unicorn.rake
-- lib/tasks/unicorn/unicorn.erb
-- lib/tasks/unicorn/unicorn.rb.erb
+- lib/tasks/vsftpd.rake
 - ssl/cert.pem
 - templates/Gemfile.erb
 - templates/app/controllers/controller.rb.erb
@@ -384,7 +393,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: '2.0'
+      version: '2.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/tasks/nginx/app.conf.erb

@@ -1,28 +0,0 @@
-upstream <%= app_name %> {
-  server unix:/tmp/<%= app_name %>.sock;
-}
-
-server {
-  listen 80;
-  server_name <%= @server_name %>;
-  
-  root <%= rails_root %>/public;
-  try_files $uri/index.html $uri @app;
-  
-  location @app {
-    proxy_pass http://<%= app_name %>;
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  }
-
-<% if @rails_env == 'production' -%>
-  location ~ ^/(assets)/ {
-    gzip_vary on;
-    gzip_static on;
-    expires 1y;
-    add_header Cache-Control public;
-    add_header ETag "";
-  }
-<% end -%>
-}

data/lib/tasks/unicorn/unicorn.rb.erb

@@ -1,32 +0,0 @@
-require 'yaml'
-
-rails_root = "#{File.dirname(File.expand_path(__FILE__))}/.."
-rails_env = ENV['RAILS_ENV'] || 'development'
-
-worker_processes 2
-working_directory rails_root
-
-app_name = YAML.load_file("#{File.dirname(__FILE__)}/database.yml")[rails_env]['database']
-listen "/tmp/#{app_name}.sock"
-timeout 300
-
-stdout_path rails_root + '/log/unicorn.log'
-stderr_path rails_root + '/log/unicorn.log'
-
-preload_app true
-
-before_fork do |server, worker|
-  ActiveRecord::Base.connection.disconnect!
-  old_pid = "#{server.config[:pid]}.oldbin"
-  if old_pid != server.pid
-    begin
-      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
-      Process.kill(sig, File.read(old_pid).to_i)
-    rescue Errno::ENOENT, Errno::ESRCH
-    end
-  end
-end
-
-after_fork do |server, worker|
-  ActiveRecord::Base.establish_connection
-end