danarchy_deploy 0.2.6 → 0.2.8

data/lib/danarchy_deploy/users.rb

@@ -8,6 +8,7 @@ module DanarchyDeploy
 
       deployment[:users].each do |username, user|
         user[:username] = username.to_s
+        user[:home]   ||= '/home/' + username.to_s
         puts "\n > Checking if user '#{user[:username]}' already exists."
         usercheck_result = usercheck(user, options)
 
@@ -15,8 +16,8 @@ module DanarchyDeploy
           puts "   - User: #{user[:username]} already exists!"
         else
           group = { groupname: user[:username] }
-          group[:gid] = user[:gid] ? user[:gid] : nil
-          group[:system] = user[:system] ? user[:system] : nil
+          group[:gid]    = user[:gid]    || nil
+          group[:system] = user[:system] || nil
 
           groupcheck_result = DanarchyDeploy::Groups.groupcheck(group, options)
           if !groupcheck_result[:stdout] && group[:gid]
@@ -40,12 +41,12 @@ module DanarchyDeploy
 
           if user[:authorized_keys]
             puts "\n > Checking on #{user[:authorized_keys].count} authorized_keys for user: #{user[:username]}"
-            authorized_keys(user)
+            authorized_keys(user, options)
           end
           
           if user[:sudoer]
             puts "\n > Checking sudo rules for user: #{user[:username]}"
-            sudoer(user)
+            sudoer(user, options)
           end
         end
 
@@ -63,13 +64,13 @@ module DanarchyDeploy
     private
     def self.useradd(user, options)
       useradd_cmd  = "useradd #{user[:username]} "
-      useradd_cmd += "--home-dir #{user[:home]} " if user[:home]
-      useradd_cmd += "--create-home " if !Dir.exist?(user[:home])
-      useradd_cmd += "--uid #{user[:uid]} " if user[:uid]
-      useradd_cmd += "--gid #{user[:gid]} " if user[:gid]
+      useradd_cmd += "--home-dir #{user[:home]} "           if user[:home]
+      useradd_cmd += "--create-home "                       if ! Dir.exist?(user[:home])
+      useradd_cmd += "--uid #{user[:uid]} "                 if user[:uid]
+      useradd_cmd += "--gid #{user[:gid]} "                 if user[:gid]
       useradd_cmd += "--groups #{user[:groups].join(',')} " if user[:groups]
-      useradd_cmd += "--shell /sbin/nologin " if user[:nologin]
-      useradd_cmd += "--system " if user[:system]
+      useradd_cmd += "--shell /sbin/nologin "               if user[:nologin]
+      useradd_cmd += "--system "                            if user[:system]
       DanarchyDeploy::Helpers.run_command(useradd_cmd, options)
     end
 
@@ -111,40 +112,47 @@ module DanarchyDeploy
       DanarchyDeploy::Helpers.run_command(removegroup_cmd, options)
     end
 
-    def self.authorized_keys(user)
-      ssh_path = user[:home] + '/.ssh'
-      authkeys = ssh_path + '/authorized_keys'
-
-      Dir.exist?(ssh_path) || Dir.mkdir(ssh_path, 0700)
-      File.chown(user[:uid], user[:gid], ssh_path)
-      File.open(authkeys, 'a+') do |f|
-        contents = f.read
-        user[:authorized_keys].each do |authkey|
-          if contents.include?(authkey)
-            puts "   - Key already in place: #{authkey}"
-          else
-            puts "   + Adding authorized_key: #{authkey}"
-            f.puts authkey
-          end
-        end
-
-        f.chown(user[:uid], user[:gid])
-        f.close
-      end
+    def self.authorized_keys(user, options)
+      templates = [
+        {
+          source: 'builtin::system/authorized_keys.erb',
+          target: user[:home] + '/.ssh/authorized_keys',
+          dir_perms: {
+            owner: user[:username],
+            group: user[:username],
+            mode:  '0700'
+          },
+          file_perms: {
+            owner: user[:username],
+            group: user[:username],
+            mode:  '0644'
+          },
+          variables: {
+            authorized_keys: user[:authorized_keys]
+          }
+        }
+      ]
+
+      DanarchyDeploy::Templater.new(templates, options)
     end
 
-    def self.sudoer(user)
-      sudoer_file = '/etc/sudoers.d/danarchy_deploy-' + user[:username]
-      File.open(sudoer_file, 'a+') do |f|
-        if !f.read.include?(user[:sudoer])
-          puts "   |+ Added: '#{user[:sudoer]}'"
-          f.puts user[:sudoer]
-        else
-          puts '   - No change needed'
-        end
-
-        f.close
-      end
+    def self.sudoer(user, options)
+      templates = [
+        {
+          source: 'builtin::system/sudoers.erb',
+          target: '/etc/sudoers.d/danarchy_deploy-' + user[:username],
+          file_perms: {
+            owner: 'root',
+            group: 'root',
+            mode: '0440'
+          },
+          variables: {
+            rules: user[:sudoer]
+          }
+        }
+      ]
+
+      DanarchyDeploy::Templater.new(templates, options)
     end
   end
 end

data/lib/danarchy_deploy/version.rb

@@ -1,3 +1,3 @@
 module DanarchyDeploy
-  VERSION = "0.2.6"
+  VERSION = "0.2.8"
 end

data/lib/danarchy_deploy.rb

@@ -43,13 +43,15 @@ module DanarchyDeploy
     def self.new(deployment, options)
       puts "\n" + self.name
 
-      options[:working_dir] = options[:deploy_dir] + '/' + deployment[:hostname]
+      @working_dir = File.dirname(options[:deploy_file]) + '/'
       connector = { hostname: deployment[:hostname],
                     ipv4:     deployment[:ipv4],
                     ssh_user: deployment[:ssh_user],
                     ssh_key:  deployment[:ssh_key] }
 
+      pretend = options[:pretend] ; options[:pretend] = false
       remote_mkdir(connector, options)
+      # asdf_install(connector, options)
 
       if options[:dev_gem]
         puts "\nDev Gem mode: Building and pushing gem..."
@@ -63,6 +65,8 @@ module DanarchyDeploy
       gem_binary = _locate_gem_binary(connector, options) # this should run before any install; check version too
       push_templates(connector, options)
       push_deployment(connector, options)
+
+      options[:pretend] = pretend
       deploy_result = remote_LocalDeploy(connector, gem_binary, options)
 
       abort("\n ! Deployment failed to complete!") if !deploy_result
@@ -71,15 +75,15 @@ module DanarchyDeploy
       # remote_cleanup(connector, options) if !options[:pretend]
 
       puts "\nRemote deployment complete!"
-      deployment = JSON.parse(File.read(options[:deploy_file]), symbolize_names: true) if options[:deploy_file].end_with?('.json')
-      deployment = YAML.load_file(options[:deploy_file]) if options[:deploy_file].end_with?('.yaml')
-      deployment
+      options[:deploy_file].end_with?('.json') ?
+        JSON.parse(File.read(options[:deploy_file]), symbolize_names: true) :
+        YAML.load_file(options[:deploy_file]) if options[:deploy_file].end_with?('.yaml')
     end
 
     private
     def self.remote_mkdir(connector, options)
-      puts "\n > Creating directory: #{options[:working_dir]}"
-      mkdir_cmd = _ssh_command(connector, "test -d #{options[:working_dir]} && echo 'Directory exists!' || sudo mkdir -vp #{options[:working_dir]}")
+      puts "\n > Creating directory: #{@working_dir}"
+      mkdir_cmd = _ssh_command(connector, "test -d #{@working_dir} && echo 'Directory exists!' || sudo mkdir -vp #{@working_dir}")
       mkdir_result = DanarchyDeploy::Helpers.run_command(mkdir_cmd, options)
 
       if mkdir_result[:stderr] && ! mkdir_result[:stdout]
@@ -100,12 +104,48 @@ module DanarchyDeploy
       end
     end
 
+    # def self.asdf_install(connector, options)
+    #   versions = JSON.parse(
+    #     File.read(File.expand_path('../', __dir__) + '/.asdf_versions.json'),
+    #     symbolize_names: true)
+
+    #   template = {
+    #     target:    '/tmp/asdf.sh_' + Random.hex(6),
+    #     source:    'builtin::asdf/asdf.sh.erb',
+    #     variables: versions
+    #   }
+
+    #   DanarchyDeploy::Templater.new([template], options)
+    #   push_cmd    = _scp_push(connector, template[:target], '/tmp')
+    #   push_result = DanarchyDeploy::Helpers.run_command(push_cmd, options)
+
+    #   if push_result[:stderr]
+    #     abort('   ! Asdf push failed!')
+    #   else
+    #     puts '   |+ Asdf pushed!'
+    #     asdf_chown_cmd    = _ssh_command(
+    #       connector,
+    #       "sudo mv -v #{template[:target]} /etc/profile.d/asdf.sh && " +
+    #       'sudo chown -c root:root /etc/profile.d/asdf.sh')
+    #     asdf_chown_result = DanarchyDeploy::Helpers.run_command(asdf_chown_cmd, options)
+    #     File.delete(template[:target])
+    #   end
+
+    #   asdf_current_cmd    = _ssh_command(connector, 'sudo -i asdf current')
+    #   asdf_current_result = DanarchyDeploy::Helpers.run_command(asdf_current_cmd, options)
+
+    #   puts asdf_current_result[:stderr] if asdf_current_result[:stderr]
+    #   puts asdf_current_result[:stdout]
+    # end
+
     def self.gem_install(connector, options)
       puts "\n > Installing danarchy_deploy on #{connector[:hostname]}"
-      install_cmd = _ssh_command(connector, 'sudo gem install -f danarchy_deploy')
+      install_cmd    = _ssh_command(connector, 'sudo -i gem install -f danarchy_deploy')
       install_result = DanarchyDeploy::Helpers.run_command(install_cmd, options)
 
-      if install_result[:stderr]
+      if install_result[:stderr] =~ /WARN/i
+        puts '   ! ' + install_result[:stderr]
+      elsif install_result[:stderr]
         abort('   ! Gem install failed!')
       else
         puts "   |+ Gem installed!"
@@ -134,7 +174,7 @@ module DanarchyDeploy
 
     def self.dev_gem_install(connector, gem, options)
       puts "\n > Pushing gem: #{gem} to #{connector[:hostname]}"
-      push_cmd = _scp_push(connector, gem, options[:deploy_dir])
+      push_cmd    = _scp_push(connector, gem, options[:deploy_dir])
       push_result = DanarchyDeploy::Helpers.run_command(push_cmd, options)
 
       if push_result[:stderr]
@@ -144,10 +184,12 @@ module DanarchyDeploy
       end
       
       puts "\n > Installing gem: #{gem} on #{connector[:hostname]}"
-      install_cmd = _ssh_command(connector, "sudo gem install --bindir /usr/local/bin -f #{options[:deploy_dir]}/#{File.basename(gem)}")
+      install_cmd    = _ssh_command(connector, "sudo -i gem install --bindir /usr/local/bin -f #{options[:deploy_dir]}/#{File.basename(gem)}")
       install_result = DanarchyDeploy::Helpers.run_command(install_cmd, options)
 
-      if install_result[:stderr]
+      if install_result[:stderr] =~ /WARN/i
+        puts '   ! ' + install_result[:stderr]
+      elsif install_result[:stderr]
         abort('   ! Gem install failed!')
       else
         puts '   |+ Gem installed!'
@@ -155,39 +197,39 @@ module DanarchyDeploy
     end
 
     def self.gem_clean(connector, options)
-      clean_cmd = _ssh_command(connector, 'sudo gem clean danarchy_deploy 2&>/dev/null')
+      clean_cmd = _ssh_command(connector, 'sudo -i gem clean danarchy_deploy 2&>/dev/null')
       system(clean_cmd)
     end
 
     def self.push_templates(connector, options)
       template_dir = options[:deploy_dir] + '/templates'
       puts "\n > Pushing templates: #{template_dir}"
-      push_cmd = _rsync_push(connector, template_dir, template_dir)
+      push_cmd    = _rsync_push(connector, template_dir, template_dir)
       push_result = DanarchyDeploy::Helpers.run_command(push_cmd, options)
       
       if push_result[:stderr]
         abort('   ! Templates push failed!')
       else
-        puts "   |+ Templates pushed to '#{options[:working_dir]}'!"
+        puts "   |+ Templates pushed to '#{template_dir}'!"
       end
     end
 
     def self.push_deployment(connector, options)
       puts "\n > Pushing deployment: #{options[:deploy_file]}"
-      push_cmd = _rsync_push(connector, options[:working_dir], options[:working_dir])
+      push_cmd    = _rsync_push(connector, @working_dir, @working_dir)
       push_result = DanarchyDeploy::Helpers.run_command(push_cmd, options)
 
       if push_result[:stderr]
         abort('   ! Deployment push failed!')
       else
-        puts "   |+ Deployment pushed to '#{options[:working_dir]}'!"
+        puts "   |+ Deployment pushed to '#{@working_dir}'!"
       end
     end
 
     def self.remote_LocalDeploy(connector, gem_binary, options)
       puts "\n > Running LocalDeploy on #{connector[:hostname]}.\n\n"
 
-      deploy_cmd  = "sudo #{gem_binary} local "
+      deploy_cmd  = "sudo -i #{gem_binary} local "
       deploy_cmd += '--first-run '    if options[:first_run]
       deploy_cmd += '--ssh-verbose '  if options[:ssh_verbose]
       deploy_cmd += '--vars-verbose ' if options[:vars_verbose]
@@ -214,7 +256,7 @@ module DanarchyDeploy
 
     def self.remote_cleanup(connector, options)
       puts "\n > Cleaning up: #{options[:deploy_dir]}"
-      cleanup_cmd = _ssh_command(connector, "sudo rm -rfv #{options[:working_dir]}")
+      cleanup_cmd    = _ssh_command(connector, "sudo rm -rfv #{@working_dir}")
       cleanup_result = DanarchyDeploy::Helpers.run_command(cleanup_cmd, options)
 
       if cleanup_result[:stderr]
@@ -225,7 +267,7 @@ module DanarchyDeploy
     end
 
     def self._locate_gem_binary(connector, options)
-      locate_cmd = _ssh_command(connector, 'sudo which danarchy_deploy')
+      locate_cmd    = _ssh_command(connector, 'sudo -i which danarchy_deploy')
       locate_result = DanarchyDeploy::Helpers.run_command(locate_cmd, options)
 
       if locate_result[:stderr]

data/templates/applications/nginx/domain.conf.erb

@@ -0,0 +1,38 @@
+server {
+    server_name www.<%= @variables[:domain] %>;
+    listen 80;
+    return 301 http://<%= @variables[:domain] %>/$request_uri;
+}
+
+server {
+    server_name <%= @variables[:domain] %>;
+    listen 80;
+
+    server_tokens off;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    access_log /home/<%= @variables[:username] %>/nginx/logs/<%= @variables[:domain] %>/access_log main;
+    error_log /home/<%= @variables[:username] %>/nginx/logs/<%= @variables[:domain] %>/error_log info;
+
+    root /home/<%= @variables[:username] %>/<%= @variables[:domain] %>;
+    index index.php;
+
+    location / {
+	try_files $uri $uri/ /index.php?q=$uri&$args;
+
+    }
+
+    location ~ \.php$ {
+	try_files $uri =404;
+	include /etc/nginx/fastcgi_params;
+	fastcgi_buffers 16 16k;
+	fastcgi_buffer_size 32k;
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	fastcgi_pass unix:/var/run/php-fpm-<%= @variables[:domain].gsub('.','_') %>.sock;
+	fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+	fastcgi_index index.php;
+
+    }
+}

data/templates/applications/php/phpfpm.conf.erb

@@ -0,0 +1,19 @@
+[<%= @variables[:pool] %>]
+user = <%= @variables[:username] %>
+group = <%= @variables[:username] %>
+
+listen = /var/run/php-fpm-<%= @variables[:pool] %>.sock
+<% if @variables[:web_user] %>
+listen.owner = <%= @variables[:web_user] %>
+listen.group = <%= @variables[:web_user] %>
+<% end %>
+pm = dynamic
+pm.max_children = 4
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 2
+
+env[TMP] = <%= @variables[:tmp] %>
+env[TMPDIR] = <%= @variables[:tmp] %>
+env[TEMP] = <%= @variables[:tmp] %>
+env[PATH] = /usr/local/bin:/usr/bin:/bin

data/templates/applications/php/user.conf.erb

@@ -0,0 +1,19 @@
+[<%= @variables[:username] %>]
+user = <%= @variables[:username] %>
+group = <%= @variables[:username] %>
+
+listen = /var/run/php7-fpm-<%= @variables[:username] %>.sock
+<% if @variables[:web_user] %>
+listen.owner = <%= @variables[:web_user] %>
+listen.group = <%= @variables[:web_user] %>
+<% end %>
+pm = dynamic
+pm.max_children = 4
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 2
+
+env[TMP] = <%= @variables[:tmp] %>
+env[TMPDIR] = <%= @variables[:tmp] %>
+env[TEMP] = <%= @variables[:tmp] %>
+env[PATH] = /usr/local/bin:/usr/bin:/bin

data/templates/applications/wordpress/mysql_user_privileges.sql.erb

@@ -0,0 +1,2 @@
+GRANT ALL PRIVILEGES ON `<%= @variables[:db_name] %>`.`*` TO `<%= @variables[:db_user] %>`@`<%= @variables[:db_host] %>` IDENTIFIED BY `<%= @variables[:db_pass] %>`;
+FLUSH PRIVILEGES;

data/templates/applications/wordpress/wp-config.php.erb

@@ -0,0 +1,82 @@
+<?php
+/**
+* The base configuration for WordPress
+*
+* The wp-config.php creation script uses this file during the
+* installation. You don't have to use the web site, you can
+* copy this file to "wp-config.php" and fill in the values.
+*
+* This file contains the following configurations:
+*
+* * MySQL settings
+* * Secret keys
+* * Database table prefix
+* * ABSPATH
+*
+* @link https://codex.wordpress.org/Editing_wp-config.php
+*
+* @package WordPress
+*/
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', '<%= @variables[:db_name] %>');
+
+/** MySQL database username */
+define('DB_USER', '<%= @variables[:db_user] %>');
+
+/** MySQL database password */
+define('DB_PASSWORD', '<%= DanarchyDeploy::Helpers.decode_base64(@variables[:db_pass]) %>');
+
+/** MySQL hostname */
+define('DB_HOST', '<%= @variables[:db_host] %>');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+* Authentication Unique Keys and Salts.
+*
+* Change these to different unique phrases!
+* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+*
+* @since 2.6.0
+*/
+<%= @variables[:salts] %>
+
+/**#@-*/
+
+/**
+* WordPress Database Table prefix.
+*
+* You can have multiple installations in one database if you give each
+* a unique prefix. Only numbers, letters, and underscores please!
+*/
+$table_prefix  = '<%= @variables[:table_prefix] ? @variables[:table_prefix] : "wp_" %>';
+
+/**
+* For developers: WordPress debugging mode.
+*
+* Change this to true to enable the display of notices during development.
+* It is strongly recommended that plugin and theme developers use WP_DEBUG
+* in their development environments.
+*
+* For information on other constants that can be used for debugging,
+* visit the Codex.
+*
+* @link https://codex.wordpress.org/Debugging_in_WordPress
+*/
+define('WP_DEBUG', false);
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+        define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');

data/templates/asdf/asdf.sh.erb

@@ -0,0 +1,52 @@
+#!/bin/bash
+# Deployed by danarchy_deploy
+#   manages system-wide asdf; still allows for local ~/.asdf
+
+function _run_now() {
+    tmp_file=/tmp/asdf_next_run.tmp
+    next_run=$(cat ${tmp_file} 2>/dev/null || echo 0)
+
+    if [[ $(date '+%s') -gt ${next_run} ]]; then
+        echo 'true'
+    else
+        echo 'false'
+    fi
+}
+
+function _load_asdf() {
+    path=${1}
+    export ASDF_DATA_DIR=${path}
+    source ${path}/asdf.sh
+    source ${path}/completions/asdf.bash
+}
+
+if [[ ${UID} == 0 && $(_run_now) == 'true' ]]; then
+    if [[ ! -d /opt/asdf ]]; then
+        git clone https://github.com/asdf-vm/asdf.git /opt/asdf
+    fi
+
+    asdf update >/dev/null 2>&1
+    _load_asdf /opt/asdf
+
+    <%- @variables.each do |lang, versions| -%>
+    asdf plugin add <%= lang -%>
+
+    <%- versions.each do |version| -%>
+    asdf install <%= lang -%> <%= version -%>
+    <% end %>
+
+    asdf global <%= lang %> <%= versions.first -%>
+    <% end %>
+
+    date -d '1 hour' '+%s' > /tmp/asdf_next_run.tmp
+    asdf current
+fi
+
+if [[ -d ${HOME}/.asdf ]]; then
+    _load_asdf ${HOME}/.asdf
+elif [[ -d /opt/asdf ]]; then
+    _load_asdf /opt/asdf
+fi
+
+unset -f _run_now
+unset -f _load_asdf