magic_recipes_two 0.0.89 → 0.0.93

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ZDU0YmVhOTliMDEwNzNmZWY0NTU1OWM0YTRlNjhhYzliMWI4YmZlMg==
-  data.tar.gz: !binary |-
-    NmE5YzA4MDZkODAxMTE4YWU2MTAzOTQwN2JhM2I0YTRhMmRhZDA0Yg==
+SHA256:
+  metadata.gz: de82290a078d6de6dd0db27958456070b1cb88ef998c46bd84472743bf252983
+  data.tar.gz: c326693d2f0a94bb3ec60c5d3abd47ebc2ae63f9179186511322bf4931e4f1e0
 SHA512:
-  metadata.gz: !binary |-
-    MzMwYWVmMzQzMTNjZjBlNzkxNTc2MmExMGQ5OTA3ZGE4MThmNTc3MDA4YmJl
-    N2UyNDBjMjRlMTkzNGMyNjk3YzExMmU3N2RlYmFiOWFjMGUxZmY3NDg5YmEy
-    YmE0NTNkNmE4MTdlZmZmMzc4Y2NkYjczODY0NzZkMGVjMTBiODg=
-  data.tar.gz: !binary |-
-    YWM2NjFmZDU2NjIxMzcyNTE1MDU3ODM5YmQxM2QxNzEwNTI3ZTgxMDU3NDY3
-    NTFjY2Q5MTkwZTQyYjA1ZWYxYjM5NjEyY2FjN2Q5MWIyYTdlZTZkYzA4NGQ5
-    YjIxYWRlN2I4YmFkMjdkZGJlMTYwODRjNGJlNGJiM2Y5NjIxN2M=
+  metadata.gz: 8de6f633599241a991d78fc9741b4a0829f1accfb43357002332ec9c497a2aba8a24871f77a36a145b53678217748bf9b2af06017b295b59176064c072d0373a
+  data.tar.gz: 3caf010043617bb8cdf99332bf12d6e3da066875042b53d061c182c9740ae1fa9df75d1eb32a776810bd7a1f76e7cb4fc7c3215e0889efec90d5af20733ddb6b

data/lib/capistrano/magic_recipes/backup.rb

@@ -0,0 +1 @@
+load File.expand_path("../../tasks/backup.rake", __FILE__)

data/lib/capistrano/magic_recipes/base_helpers.rb

@@ -61,6 +61,7 @@ module Capistrano
         raise "File '#{from}' was not found!!!"
       end
       
+      
     end
   end
 end

data/lib/capistrano/magic_recipes/redirect_page.rb

@@ -0,0 +1 @@
+load File.expand_path("../../tasks/redirect_page.rake", __FILE__)

data/lib/capistrano/magic_recipes/sidekiq_six.rb

@@ -0,0 +1 @@
+load File.expand_path("../../tasks/sidekiq_six.rake", __FILE__)

data/lib/capistrano/magic_recipes/thin_sysd.rb

@@ -0,0 +1 @@
+load File.expand_path("../../tasks/thin_sysd.rake", __FILE__)

data/lib/capistrano/magic_recipes/version.rb

@@ -1,5 +1,5 @@
 module Capistrano
   module MagicRecipes
-    VERSION = "0.0.89"
+    VERSION = "0.0.93"
   end
 end

data/lib/capistrano/tasks/backup.rake

@@ -0,0 +1,38 @@
+require 'capistrano/magic_recipes/base_helpers'
+include Capistrano::MagicRecipes::BaseHelpers
+
+
+namespace :load do
+  task :defaults do
+    
+    set :backup_attachment_roles,       -> { :web }
+    set :backup_attachment_name,        -> { 'dragonfly' }
+    set :backup_attachment_remote_path, -> { "#{host.user}@#{host.hostname}:#{shared_path}/public/system/dragonfly/live" }
+    set :backup_attachment_local_path,  -> { "backups/#{ fetch(:backup_attachment_name) }/#{ fetch(:stage) }" }
+    
+  end
+end
+
+
+
+namespace :backup do
+
+  desc "download attachment files from server"
+  task :get_attachments do
+    on roles fetch(:backup_attachment_roles) do
+      run_locally do
+        execute :mkdir, "-p #{fetch(:backup_attachment_local_path)}"
+      end
+      run_locally { execute "rsync -av --delete #{ fetch(:backup_attachment_remote_path) }/ #{ fetch(:backup_attachment_local_path) }" }
+    end
+  end
+
+  desc "upload attachment files from local machine"
+  task :push_attachment do
+    on roles fetch(:backup_attachment_roles) do
+      run_locally { execute "rsync -av --delete #{ fetch(:backup_attachment_local_path) }/ #{ fetch(:backup_attachment_remote_path) }" }
+    end
+  end
+
+
+end

data/lib/capistrano/tasks/db.rake

@@ -34,6 +34,35 @@ namespace :db do
     end
   end
   
+  
+  desc "upload data.yml to server and load it = DELETES EXISTING DATA"
+  task :upload_and_replace_data do
+    on roles fetch(:db_roles) do
+      puts()
+      puts()
+      puts("   ! ! !     C A U T I O N !     ! ! ! ")
+      puts()
+      puts()
+      puts("This will upload 'local-App/db/data.yml' and load it in current DB")
+      puts()
+      puts("This will   DELETE ALL DATA   in your #{ fetch(:stage) } DB!!")
+      puts()
+      ask(:are_you_sure, 'no')
+      if fetch(:are_you_sure, 'no').to_s.downcase == 'yes'
+        local_dir = "./db/data.yml"
+        remote_dir = "#{host.user}@#{host.hostname}:#{release_path}/db/data.yml"
+        puts(".. uploading db/data.yml")
+        run_locally { execute "rsync -av --delete #{local_dir} #{remote_dir}" }
+        puts(".. loading data.yml in #{ fetch(:stage) } DB")
+        within release_path do
+          execute :bundle, :exec, :rake, "db:data:load RAILS_ENV=#{fetch(:stage)}"
+        end
+      else
+        puts(".. stoped process ..")
+      end
+    end
+  end
+  
 end
 
 namespace :deploy do

data/lib/capistrano/tasks/lets_encrypt.rake

@@ -7,12 +7,14 @@ namespace :load do
     set :lets_encrypt_path,         -> { "~" }
     set :lets_encrypt_domains,      -> { fetch(:nginx_major_domain,false) ? [fetch(:nginx_major_domain)] + Array(fetch(:nginx_domains)) : Array(fetch(:nginx_domains)) }
     set :lets_encrypt__www_domains, -> { true }
-    set :lets_encrypt_renew_minute, -> { "23" }
-    set :lets_encrypt_renew_hour1,  -> { "0" }
-    set :lets_encrypt_renew_hour2,  -> { "12" }
-    set :lets_encrypt_renew_hour,   -> { "#{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) }" }
+    # set :lets_encrypt_renew_minute, -> { "23" }
+    # set :lets_encrypt_renew_hour1,  -> { "0" }
+    # set :lets_encrypt_renew_hour2,  -> { "12" }
+    # # set :lets_encrypt_renew_hour,   -> { "#{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) }" }
+    # set :lets_encrypt_renew_hour,   -> { "3" }
     set :lets_encrypt_cron_log,     -> { "#{shared_path}/log/lets_encrypt_cron.log" }
     set :lets_encrypt_email,        -> { "ssl@example.com" }
+    set :lets_encrypt_client,       -> { "certbot-auto" }   # "new: certbot" / "certbot-auto"
   end
 end
 
@@ -22,8 +24,16 @@ namespace :lets_encrypt do
   task :install do
     on release_roles fetch(:lets_encrypt_roles) do
       within fetch(:lets_encrypt_path) do
-        execute "wget https://dl.eff.org/certbot-auto"
-        execute "chmod a+x certbot-auto"
+        if fetch(:lets_encrypt_client) == "certbot-auto"
+          execute "wget https://dl.eff.org/certbot-auto"
+          execute "chmod a+x certbot-auto"
+        else
+          execute :sudo, "snap install core"
+          execute :sudo, "snap refresh core"
+          execute :sudo, "snap install --classic certbot"
+          execute :sudo, "ln -s /snap/bin/certbot /usr/bin/certbot"
+          execute :sudo, "snap set certbot trust-plugin-with-root=ok"
+        end
       end
     end
   end
@@ -33,7 +43,11 @@ namespace :lets_encrypt do
   task :certonly do
     on release_roles fetch(:lets_encrypt_roles) do
       # execute "./certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is"
-      execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") }"
+      if fetch(:lets_encrypt_client) == "certbot-auto"
+        execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") }"
+      else
+        execute :sudo, "certbot --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") }"
+      end
     end
   end
   
@@ -43,7 +57,13 @@ namespace :lets_encrypt do
   task :auto_renew do
     on release_roles fetch(:lets_encrypt_roles) do
       # execute :sudo, "echo '42 0,12 * * * root (#{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet) >> #{shared_path}/lets_encrypt_cron.log 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
-      execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --post-hook \"#{fetch(:nginx_service_path)} restart\"  >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
+      # execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\"  >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
+      # just once a week
+      if fetch(:lets_encrypt_client) == "certbot-auto"
+        execute :sudo, "echo '0 0 * * 0 root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\"  >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
+      else
+        execute :sudo, "echo '0 0 * * 0 root certbot renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\"  >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
+      end
       execute :sudo, "mv -f #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
       execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
       execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
@@ -55,7 +75,11 @@ namespace :lets_encrypt do
   task :dry_renew do
     on release_roles fetch(:lets_encrypt_roles) do
       # execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
-      output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
+      if fetch(:lets_encrypt_client) == "certbot-auto"
+        output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
+      else
+        output = capture(:sudo, "certbot renew --dry-run")
+      end
       puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
       output.each_line do |line|
           puts line
@@ -94,7 +118,11 @@ namespace :lets_encrypt do
   task :certonly_expand do
     on release_roles fetch(:lets_encrypt_roles) do
       # execute "./certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is"
-      execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") } --expand"
+      if fetch(:lets_encrypt_client) == "certbot-auto"
+        execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") } --expand"
+      else
+        execute :sudo, "certbot --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") } --expand"
+      end
     end
   end
   

data/lib/capistrano/tasks/monit.rake

@@ -14,7 +14,7 @@ namespace :load do
     ## Status
     set :monit_active,                -> { true }
     set :monit_main_rc,               -> { true }
-    # set :monit_processes,             -> { %w[nginx pm2 postgresql pwa redis sidekiq thin website] }
+    # set :monit_processes,             -> { %w[nginx pm2 postgresql pwa redis sidekiq thin website website2 website3] }
     set :monit_processes,             -> { %w[nginx postgresql thin website] }
     set :monit_name,                  -> { "#{ fetch(:application) }_#{ fetch(:stage) }" }
     ## Mailer
@@ -61,6 +61,18 @@ namespace :load do
     set :monit_website_check_content, -> { false }
     set :monit_website_check_path,    -> { "/" }
     set :monit_website_check_text,    -> { "<!DOCTYPE html>" }
+    ## Website2
+    set :monit_website2_check_domains, -> { [] }
+    set :monit_website2_check_ssl,     -> { false }
+    set :monit_website2_check_content, -> { false }
+    set :monit_website2_check_path,    -> { "/" }
+    set :monit_website2_check_text,    -> { "<!DOCTYPE html>" }
+    ## Website3
+    set :monit_website3_check_domains, -> { [] }
+    set :monit_website3_check_ssl,     -> { false }
+    set :monit_website3_check_content, -> { false }
+    set :monit_website3_check_path,    -> { "/" }
+    set :monit_website3_check_text,    -> { "<!DOCTYPE html>" }
     ## M/Monit
     set :monit_mmonit_url,            -> { false }
     
@@ -103,7 +115,7 @@ namespace :monit do
       # invoke "monit:redis"
       # invoke "monit:thin"
       # invoke "monit:configure_website"
-      %w[nginx pm2 postgresql redis sidekiq thin website].each do |command|
+      %w[nginx pm2 postgresql pwa redis sidekiq thin website website2 website3].each do |command|
         invoke "monit:configure_#{command}" if Array(fetch(:monit_processes)).include?(command)
       end
       if fetch(:monit_webclient, false) && fetch(:monit_webclient_domain, false)
@@ -124,10 +136,11 @@ namespace :monit do
   end
   
   %w[nginx pm2 postgresql redis sidekiq thin].each do |process|
+    namespace process.to_sym do
       
       %w[monitor unmonitor start stop restart].each do |command|
         desc "#{command} monit-service for: #{process}"
-        task "#{command}_#{process}" do
+        task "#{command}" do
           if Array(fetch(:monit_processes)).include?(process)
             on roles(fetch("#{process}_roles".to_sym)) do
               if process == "sidekiq"
@@ -154,7 +167,7 @@ namespace :monit do
       if %w[nginx postgresql redis].include?(process)
         ## Server specific tasks (gets overwritten by other environments!)
         desc "Upload Monit #{process} config file (server specific)"
-        task "configure_#{process}" do
+        task "configure" do
           if Array(fetch(:monit_processes)).include?(process)
             on release_roles fetch("#{process}_roles".to_sym) do |role|
               monit_config( process, nil, role )
@@ -164,7 +177,7 @@ namespace :monit do
       elsif %w[pm2 pwa sidekiq thin].include?(process)
         ## App specific tasks (unique for app and environment)
         desc "Upload Monit #{process} config file (app specific)"
-        task "configure_#{process}" do
+        task "configure" do
           if Array(fetch(:monit_processes)).include?(process)
             on release_roles fetch("#{process}_roles".to_sym) do |role|
               monit_config process, "/etc/monit/conf.d/#{fetch(:application)}_#{fetch(:stage)}_#{process}.conf", role
@@ -173,18 +186,27 @@ namespace :monit do
         end
       end
       
+    end
   end
   
-  
-  desc "Upload Monit website config file (app specific)"
-  task "configure_website" do
-    if Array(fetch(:monit_processes)).include?("website")
-      on release_roles fetch(:nginx_roles, :web) do |role|
-        monit_config "website", "/etc/monit/conf.d/#{fetch(:application)}_#{fetch(:stage)}_website.conf", role
+  %w[pwa website website2 website3].each do |process|
+    namespace process.to_sym do
+      
+      desc "Upload Monit #{process} config file (app specific)"
+      task "configure_#{process}" do
+        if Array(fetch(:monit_processes)).include?(process)
+          on release_roles fetch("#{process =~ /website/ ? 'nginx' : process}_roles".to_sym, :web) do |role|
+            process_file = process =~ /^website\d{1}$/ ? 'websiteX' : process
+            monit_config process, "/etc/monit/conf.d/#{fetch(:application)}_#{fetch(:stage)}_#{process}.conf", role
+          end
+        end
       end
+      
     end
   end
   
+  
+  
 
   %w[start stop restart syntax reload].each do |command|
     desc "Run Monit #{command} script"

data/lib/capistrano/tasks/nginx.rake

@@ -210,6 +210,7 @@ namespace :nginx do
     end
     
     
+    
     desc 'Creates the site configuration and upload it to the available folder'
     task :add => ['nginx:load_vars'] do
       on release_roles fetch(:nginx_roles) do
@@ -257,6 +258,8 @@ namespace :nginx do
         end
       end
     end
+    
+    
   end
 end
 

data/lib/capistrano/tasks/redirect_page.rake

@@ -0,0 +1,118 @@
+namespace :load do
+  task :defaults do
+    set :redirect_page_active,        -> { false }
+    set :redirect_old_domains,        -> { [] }
+    set :redirect_old_ssl_domains,    -> { [] }
+    set :redirect_new_domain,         -> { '' }
+    set :redirect_new_name,           -> { '' }
+    set :redirect_ssl_cert,           -> { '' }
+    set :redirect_ssl_key,            -> { '' }
+    set :redirect_roles,              -> { :app }
+    set :redirect_index_path,         -> { "redirector" }
+    set :redirect_index_parent,       -> { "#{ shared_path }" }
+    set :redirect_index_template,     -> { :default }
+    set :redirect_nginx_template,     -> { :default }
+    set :redirect_conf_name,          -> { "redirector_#{fetch(:application)}_#{fetch(:stage)}" }
+  end
+end
+
+namespace :redirect_page do
+  
+  desc 'upload the redirect page'
+  task :upload do
+    on release_roles fetch(:redirect_roles) do
+      within fetch(:redirect_index_parent, shared_path) do
+        # create dir if not existing
+        execute :mkdir, "-p #{ fetch(:redirect_index_path, 'redirector') }" 
+        # upload index.html file
+        config_file = fetch(:redirect_index_template, :default)
+        if config_file == :default
+          magic_template("redirect_page.html", '/tmp/redirect_page.html')
+        else
+          magic_template(config_file, '/tmp/redirect_page.html')
+        end
+        execute :sudo, :mv, '/tmp/redirect_page.html', "#{ fetch(:redirect_index_path, 'redirector') }/index.html"
+      end
+    end
+  end
+  
+  desc 'Creates the redirect-site configuration and upload it to the available folder'
+  task :add => ['nginx:load_vars'] do
+    on release_roles fetch(:nginx_roles) do
+      within fetch(:sites_available) do
+        config_file = fetch(:redirect_nginx_template, :default)
+        if config_file == :default
+          magic_template("nginx_redirect_page.conf", '/tmp/nginx_redirector.conf')
+        else
+          magic_template(config_file, '/tmp/nginx_redirector.conf')
+        end
+        execute :sudo, :mv, '/tmp/nginx_redirector.conf', "#{ fetch(:redirect_conf_name) }"
+      end
+    end
+  end
+
+  desc 'Enables the redirect-site creating a symbolic link into the enabled folder'
+  task :enable => ['nginx:load_vars'] do
+    on release_roles fetch(:nginx_roles) do
+      if test "! [ -h #{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) } ]"
+        within fetch(:sites_enabled) do
+          execute :sudo, :ln, '-nfs', "#{fetch(:sites_available)}/#{ fetch(:redirect_conf_name) }", "#{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) }"
+        end
+      end
+    end
+  end
+
+  desc 'Disables the redirect-site removing the symbolic link located in the enabled folder'
+  task :disable => ['nginx:load_vars'] do
+    on release_roles fetch(:nginx_roles) do
+      if test "[ -f #{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) } ]"
+        within fetch(:sites_enabled) do
+          execute :sudo, :rm, '-f', "#{ fetch(:redirect_conf_name) }"
+        end
+      end
+    end
+  end
+
+  desc 'Removes the redirect-site removing the configuration file from the available folder'
+  task :remove => ['nginx:load_vars'] do
+    on release_roles fetch(:nginx_roles) do
+      if test "[ -f #{fetch(:sites_available)}/#{ fetch(:redirect_conf_name) } ]"
+        within fetch(:sites_available) do
+          execute :sudo, :rm, "#{ fetch(:redirect_conf_name) }"
+        end
+      end
+    end
+  end
+  
+  
+  desc 'upload redirect-page and activate nginx config'
+  task :upload_and_enable do
+    invoke "redirect_page:upload"
+    invoke "redirect_page:add"
+    invoke "redirect_page:enable"
+  end
+  
+  namespace :lets_encrypt do
+  
+    desc "Generate MONIT-WebClient LetsEncrypt certificate"
+    task :certonly do
+      on release_roles fetch(:lets_encrypt_roles) do
+        execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:redirect_old_ssl_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")} -d www.#{d.gsub(/^\*?\./, "")}" }.join(" ") }"
+      end
+    end
+  
+  end
+  
+end
+
+
+
+
+
+namespace :deploy do
+  after :finishing, :include_redirect_page do
+    if fetch(:redirect_page_active, false)
+      invoke "redirect_page:upload_and_enable"
+    end
+  end
+end

data/lib/capistrano/tasks/secrets.rake

@@ -116,6 +116,24 @@ namespace :secrets do
 end
 
 
+namespace :keys do
+  
+  desc "upload master.key to server"
+  task :upload_master do
+    on roles %w{app db web} do
+      
+      %w(master.key credentials.yml.enc).each do |that|
+        puts "syncing: #{that}"
+        local_dir = "./config/#{ that }"
+        remote_dir = "#{host.user}@#{host.hostname}:#{shared_path}/config/#{ that }"
+        run_locally { execute "rsync -av --delete #{local_dir} #{remote_dir}" }
+      end
+      
+    end
+  end
+  
+end
+
 
 
 desc 'Server setup tasks'