magic_recipes_two 0.0.90 → 0.0.94
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/lib/capistrano/magic_recipes/backup.rb +1 -0
- data/lib/capistrano/magic_recipes/base_helpers.rb +1 -0
- data/lib/capistrano/magic_recipes/redirect_page.rb +1 -0
- data/lib/capistrano/magic_recipes/sidekiq_six.rb +1 -0
- data/lib/capistrano/magic_recipes/thin_sysd.rb +1 -0
- data/lib/capistrano/magic_recipes/version.rb +1 -1
- data/lib/capistrano/tasks/backup.rake +38 -0
- data/lib/capistrano/tasks/db.rake +29 -0
- data/lib/capistrano/tasks/lets_encrypt.rake +38 -10
- data/lib/capistrano/tasks/monit.rake +30 -13
- data/lib/capistrano/tasks/nginx.rake +3 -0
- data/lib/capistrano/tasks/redirect_page.rake +118 -0
- data/lib/capistrano/tasks/secrets.rake +18 -0
- data/lib/capistrano/tasks/sidekiq_six.rake +199 -0
- data/lib/capistrano/tasks/thin.rake +2 -1
- data/lib/capistrano/tasks/thin_sysd.rake +139 -0
- data/lib/generators/capistrano/magic_recipes/templates/monit/website.erb +0 -8
- data/lib/generators/capistrano/magic_recipes/templates/monit/websiteX.erb +23 -0
- data/lib/generators/capistrano/magic_recipes/templates/nginx_redirect_page.conf.erb +50 -0
- data/lib/generators/capistrano/magic_recipes/templates/redirect_page.html.erb +114 -0
- data/lib/generators/capistrano/magic_recipes/templates/sidekiq.docu-service.erb +79 -0
- data/lib/generators/capistrano/magic_recipes/templates/sidekiq.service.erb +33 -0
- data/lib/generators/capistrano/magic_recipes/templates/thin.service.erb +33 -0
- data/lib/generators/capistrano/magic_recipes/templates/thin_app_yml.erb +1 -1
- metadata +41 -27
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
NjVmMWE5M2IxMDYxYmJiOWUxZjZlNTllYjYxNzM2MjdlZGFhMGFhOQ==
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: b50067781cfa8d65ac3c4ae487d5fa03dbe28ef2d26e7941219df9cee775a0cf
|
4
|
+
data.tar.gz: a9c3c528b5786f54ce9c239f74eb4f1a067fb5706b788bfc593b44d96ca65054
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
YTRlYzFkZTcyZWZlYzNhOTIxMDEzNmI0MjBjNDc3YzYxZWE2OWYzZDc4Y2Rj
|
11
|
-
MTFlYTA1MmEzMDg0YjJhNGU4MjI2NDlkZTcyMWM0MTY3ZTI3ODA=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
YmE0ZmE3OTcwMjJhZDk0ZGFjOTgwMWNlM2E2Nzc3ZmNlYmI3YmEzNjk4NTAy
|
14
|
-
MzMxYjYxYTQ3M2NmOWE1ZGUyMzY2MWMxMzc5ODU0NDgwMTdmYjEwOTZhMzk4
|
15
|
-
YTgxMmRlNTJmZjkwNThhMjFjZGY0NjllOTNjNWI2YjlmYjczODI=
|
6
|
+
metadata.gz: b1009790183b10583e375dfaed183b921d422ae90118bc6b6b06b2b423696b1dbacc080c00476652cb44fbc4065085578c34a2f2cc935477dbe281307e8203bc
|
7
|
+
data.tar.gz: d8c692af47aa1e66249a1ebd6d0d453ac61d509cb37a2e708aee2f2682bb71757d500d2daa0ddb6effe0755c666e69215e60e7c1447b89b73b515ce185482f98
|
@@ -0,0 +1 @@
|
|
1
|
+
load File.expand_path("../../tasks/backup.rake", __FILE__)
|
@@ -0,0 +1 @@
|
|
1
|
+
load File.expand_path("../../tasks/redirect_page.rake", __FILE__)
|
@@ -0,0 +1 @@
|
|
1
|
+
load File.expand_path("../../tasks/sidekiq_six.rake", __FILE__)
|
@@ -0,0 +1 @@
|
|
1
|
+
load File.expand_path("../../tasks/thin_sysd.rake", __FILE__)
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'capistrano/magic_recipes/base_helpers'
|
2
|
+
include Capistrano::MagicRecipes::BaseHelpers
|
3
|
+
|
4
|
+
|
5
|
+
namespace :load do
|
6
|
+
task :defaults do
|
7
|
+
|
8
|
+
set :backup_attachment_roles, -> { :web }
|
9
|
+
set :backup_attachment_name, -> { 'dragonfly' }
|
10
|
+
set :backup_attachment_remote_path, -> { "#{host.user}@#{host.hostname}:#{shared_path}/public/system/dragonfly/live" }
|
11
|
+
set :backup_attachment_local_path, -> { "backups/#{ fetch(:backup_attachment_name) }/#{ fetch(:stage) }" }
|
12
|
+
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
|
17
|
+
|
18
|
+
namespace :backup do
|
19
|
+
|
20
|
+
desc "download attachment files from server"
|
21
|
+
task :get_attachments do
|
22
|
+
on roles fetch(:backup_attachment_roles) do
|
23
|
+
run_locally do
|
24
|
+
execute :mkdir, "-p #{fetch(:backup_attachment_local_path)}"
|
25
|
+
end
|
26
|
+
run_locally { execute "rsync -av --delete #{ fetch(:backup_attachment_remote_path) }/ #{ fetch(:backup_attachment_local_path) }" }
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
desc "upload attachment files from local machine"
|
31
|
+
task :push_attachment do
|
32
|
+
on roles fetch(:backup_attachment_roles) do
|
33
|
+
run_locally { execute "rsync -av --delete #{ fetch(:backup_attachment_local_path) }/ #{ fetch(:backup_attachment_remote_path) }" }
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
end
|
@@ -34,6 +34,35 @@ namespace :db do
|
|
34
34
|
end
|
35
35
|
end
|
36
36
|
|
37
|
+
|
38
|
+
desc "upload data.yml to server and load it = DELETES EXISTING DATA"
|
39
|
+
task :upload_and_replace_data do
|
40
|
+
on roles fetch(:db_roles) do
|
41
|
+
puts()
|
42
|
+
puts()
|
43
|
+
puts(" ! ! ! C A U T I O N ! ! ! ! ")
|
44
|
+
puts()
|
45
|
+
puts()
|
46
|
+
puts("This will upload 'local-App/db/data.yml' and load it in current DB")
|
47
|
+
puts()
|
48
|
+
puts("This will DELETE ALL DATA in your #{ fetch(:stage) } DB!!")
|
49
|
+
puts()
|
50
|
+
ask(:are_you_sure, 'no')
|
51
|
+
if fetch(:are_you_sure, 'no').to_s.downcase == 'yes'
|
52
|
+
local_dir = "./db/data.yml"
|
53
|
+
remote_dir = "#{host.user}@#{host.hostname}:#{release_path}/db/data.yml"
|
54
|
+
puts(".. uploading db/data.yml")
|
55
|
+
run_locally { execute "rsync -av --delete #{local_dir} #{remote_dir}" }
|
56
|
+
puts(".. loading data.yml in #{ fetch(:stage) } DB")
|
57
|
+
within release_path do
|
58
|
+
execute :bundle, :exec, :rake, "db:data:load RAILS_ENV=#{fetch(:stage)}"
|
59
|
+
end
|
60
|
+
else
|
61
|
+
puts(".. stoped process ..")
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
37
66
|
end
|
38
67
|
|
39
68
|
namespace :deploy do
|
@@ -7,12 +7,14 @@ namespace :load do
|
|
7
7
|
set :lets_encrypt_path, -> { "~" }
|
8
8
|
set :lets_encrypt_domains, -> { fetch(:nginx_major_domain,false) ? [fetch(:nginx_major_domain)] + Array(fetch(:nginx_domains)) : Array(fetch(:nginx_domains)) }
|
9
9
|
set :lets_encrypt__www_domains, -> { true }
|
10
|
-
set :lets_encrypt_renew_minute, -> { "23" }
|
11
|
-
set :lets_encrypt_renew_hour1, -> { "0" }
|
12
|
-
set :lets_encrypt_renew_hour2, -> { "12" }
|
13
|
-
set :lets_encrypt_renew_hour, -> { "#{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) }" }
|
10
|
+
# set :lets_encrypt_renew_minute, -> { "23" }
|
11
|
+
# set :lets_encrypt_renew_hour1, -> { "0" }
|
12
|
+
# set :lets_encrypt_renew_hour2, -> { "12" }
|
13
|
+
# # set :lets_encrypt_renew_hour, -> { "#{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) }" }
|
14
|
+
# set :lets_encrypt_renew_hour, -> { "3" }
|
14
15
|
set :lets_encrypt_cron_log, -> { "#{shared_path}/log/lets_encrypt_cron.log" }
|
15
16
|
set :lets_encrypt_email, -> { "ssl@example.com" }
|
17
|
+
set :lets_encrypt_client, -> { "certbot-auto" } # "new: certbot" / "certbot-auto"
|
16
18
|
end
|
17
19
|
end
|
18
20
|
|
@@ -22,8 +24,16 @@ namespace :lets_encrypt do
|
|
22
24
|
task :install do
|
23
25
|
on release_roles fetch(:lets_encrypt_roles) do
|
24
26
|
within fetch(:lets_encrypt_path) do
|
25
|
-
|
26
|
-
|
27
|
+
if fetch(:lets_encrypt_client) == "certbot-auto"
|
28
|
+
execute "wget https://dl.eff.org/certbot-auto"
|
29
|
+
execute "chmod a+x certbot-auto"
|
30
|
+
else
|
31
|
+
execute :sudo, "snap install core"
|
32
|
+
execute :sudo, "snap refresh core"
|
33
|
+
execute :sudo, "snap install --classic certbot"
|
34
|
+
execute :sudo, "ln -s /snap/bin/certbot /usr/bin/certbot"
|
35
|
+
execute :sudo, "snap set certbot trust-plugin-with-root=ok"
|
36
|
+
end
|
27
37
|
end
|
28
38
|
end
|
29
39
|
end
|
@@ -33,7 +43,11 @@ namespace :lets_encrypt do
|
|
33
43
|
task :certonly do
|
34
44
|
on release_roles fetch(:lets_encrypt_roles) do
|
35
45
|
# execute "./certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is"
|
36
|
-
|
46
|
+
if fetch(:lets_encrypt_client) == "certbot-auto"
|
47
|
+
execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") }"
|
48
|
+
else
|
49
|
+
execute :sudo, "certbot --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") }"
|
50
|
+
end
|
37
51
|
end
|
38
52
|
end
|
39
53
|
|
@@ -43,7 +57,13 @@ namespace :lets_encrypt do
|
|
43
57
|
task :auto_renew do
|
44
58
|
on release_roles fetch(:lets_encrypt_roles) do
|
45
59
|
# execute :sudo, "echo '42 0,12 * * * root (#{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet) >> #{shared_path}/lets_encrypt_cron.log 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
46
|
-
execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
60
|
+
# execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
61
|
+
# just once a week
|
62
|
+
if fetch(:lets_encrypt_client) == "certbot-auto"
|
63
|
+
execute :sudo, "echo '0 0 * * 0 root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
64
|
+
else
|
65
|
+
execute :sudo, "echo '0 0 * * 0 root certbot renew --no-self-upgrade --allow-subset-of-names --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
66
|
+
end
|
47
67
|
execute :sudo, "mv -f #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
|
48
68
|
execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
|
49
69
|
execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
|
@@ -55,7 +75,11 @@ namespace :lets_encrypt do
|
|
55
75
|
task :dry_renew do
|
56
76
|
on release_roles fetch(:lets_encrypt_roles) do
|
57
77
|
# execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
|
58
|
-
|
78
|
+
if fetch(:lets_encrypt_client) == "certbot-auto"
|
79
|
+
output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
|
80
|
+
else
|
81
|
+
output = capture(:sudo, "certbot renew --dry-run")
|
82
|
+
end
|
59
83
|
puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
|
60
84
|
output.each_line do |line|
|
61
85
|
puts line
|
@@ -94,7 +118,11 @@ namespace :lets_encrypt do
|
|
94
118
|
task :certonly_expand do
|
95
119
|
on release_roles fetch(:lets_encrypt_roles) do
|
96
120
|
# execute "./certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is"
|
97
|
-
|
121
|
+
if fetch(:lets_encrypt_client) == "certbot-auto"
|
122
|
+
execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") } --expand"
|
123
|
+
else
|
124
|
+
execute :sudo, "certbot --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:lets_encrypt_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")}#{ fetch(:lets_encrypt__www_domains,false) ? " -d www.#{d.gsub(/^\*?\./, "")}" : "" }" }.join(" ") } --expand"
|
125
|
+
end
|
98
126
|
end
|
99
127
|
end
|
100
128
|
|
@@ -14,7 +14,7 @@ namespace :load do
|
|
14
14
|
## Status
|
15
15
|
set :monit_active, -> { true }
|
16
16
|
set :monit_main_rc, -> { true }
|
17
|
-
# set :monit_processes, -> { %w[nginx pm2 postgresql pwa redis sidekiq thin website] }
|
17
|
+
# set :monit_processes, -> { %w[nginx pm2 postgresql pwa redis sidekiq thin website website2 website3] }
|
18
18
|
set :monit_processes, -> { %w[nginx postgresql thin website] }
|
19
19
|
set :monit_name, -> { "#{ fetch(:application) }_#{ fetch(:stage) }" }
|
20
20
|
## Mailer
|
@@ -61,6 +61,18 @@ namespace :load do
|
|
61
61
|
set :monit_website_check_content, -> { false }
|
62
62
|
set :monit_website_check_path, -> { "/" }
|
63
63
|
set :monit_website_check_text, -> { "<!DOCTYPE html>" }
|
64
|
+
## Website2
|
65
|
+
set :monit_website2_check_domains, -> { [] }
|
66
|
+
set :monit_website2_check_ssl, -> { false }
|
67
|
+
set :monit_website2_check_content, -> { false }
|
68
|
+
set :monit_website2_check_path, -> { "/" }
|
69
|
+
set :monit_website2_check_text, -> { "<!DOCTYPE html>" }
|
70
|
+
## Website3
|
71
|
+
set :monit_website3_check_domains, -> { [] }
|
72
|
+
set :monit_website3_check_ssl, -> { false }
|
73
|
+
set :monit_website3_check_content, -> { false }
|
74
|
+
set :monit_website3_check_path, -> { "/" }
|
75
|
+
set :monit_website3_check_text, -> { "<!DOCTYPE html>" }
|
64
76
|
## M/Monit
|
65
77
|
set :monit_mmonit_url, -> { false }
|
66
78
|
|
@@ -103,7 +115,7 @@ namespace :monit do
|
|
103
115
|
# invoke "monit:redis"
|
104
116
|
# invoke "monit:thin"
|
105
117
|
# invoke "monit:configure_website"
|
106
|
-
%w[nginx pm2 postgresql pwa redis sidekiq thin website].each do |command|
|
118
|
+
%w[nginx pm2 postgresql pwa redis sidekiq thin website website2 website3].each do |command|
|
107
119
|
invoke "monit:configure_#{command}" if Array(fetch(:monit_processes)).include?(command)
|
108
120
|
end
|
109
121
|
if fetch(:monit_webclient, false) && fetch(:monit_webclient_domain, false)
|
@@ -124,10 +136,11 @@ namespace :monit do
|
|
124
136
|
end
|
125
137
|
|
126
138
|
%w[nginx pm2 postgresql redis sidekiq thin].each do |process|
|
139
|
+
namespace process.to_sym do
|
127
140
|
|
128
141
|
%w[monitor unmonitor start stop restart].each do |command|
|
129
142
|
desc "#{command} monit-service for: #{process}"
|
130
|
-
task "#{command}
|
143
|
+
task "#{command}" do
|
131
144
|
if Array(fetch(:monit_processes)).include?(process)
|
132
145
|
on roles(fetch("#{process}_roles".to_sym)) do
|
133
146
|
if process == "sidekiq"
|
@@ -154,7 +167,7 @@ namespace :monit do
|
|
154
167
|
if %w[nginx postgresql redis].include?(process)
|
155
168
|
## Server specific tasks (gets overwritten by other environments!)
|
156
169
|
desc "Upload Monit #{process} config file (server specific)"
|
157
|
-
task "
|
170
|
+
task "configure" do
|
158
171
|
if Array(fetch(:monit_processes)).include?(process)
|
159
172
|
on release_roles fetch("#{process}_roles".to_sym) do |role|
|
160
173
|
monit_config( process, nil, role )
|
@@ -164,7 +177,7 @@ namespace :monit do
|
|
164
177
|
elsif %w[pm2 pwa sidekiq thin].include?(process)
|
165
178
|
## App specific tasks (unique for app and environment)
|
166
179
|
desc "Upload Monit #{process} config file (app specific)"
|
167
|
-
task "
|
180
|
+
task "configure" do
|
168
181
|
if Array(fetch(:monit_processes)).include?(process)
|
169
182
|
on release_roles fetch("#{process}_roles".to_sym) do |role|
|
170
183
|
monit_config process, "/etc/monit/conf.d/#{fetch(:application)}_#{fetch(:stage)}_#{process}.conf", role
|
@@ -173,19 +186,23 @@ namespace :monit do
|
|
173
186
|
end
|
174
187
|
end
|
175
188
|
|
189
|
+
end
|
176
190
|
end
|
177
191
|
|
178
|
-
%w[pwa website].each do |process|
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
192
|
+
%w[pwa website website2 website3].each do |process|
|
193
|
+
namespace process.to_sym do
|
194
|
+
|
195
|
+
desc "Upload Monit #{process} config file (app specific)"
|
196
|
+
task "configure_#{process}" do
|
197
|
+
if Array(fetch(:monit_processes)).include?(process)
|
198
|
+
on release_roles fetch("#{process =~ /website/ ? 'nginx' : process}_roles".to_sym, :web) do |role|
|
199
|
+
process_file = process =~ /^website\d{1}$/ ? 'websiteX' : process
|
200
|
+
monit_config process, "/etc/monit/conf.d/#{fetch(:application)}_#{fetch(:stage)}_#{process}.conf", role
|
201
|
+
end
|
185
202
|
end
|
186
203
|
end
|
204
|
+
|
187
205
|
end
|
188
|
-
|
189
206
|
end
|
190
207
|
|
191
208
|
|
@@ -210,6 +210,7 @@ namespace :nginx do
|
|
210
210
|
end
|
211
211
|
|
212
212
|
|
213
|
+
|
213
214
|
desc 'Creates the site configuration and upload it to the available folder'
|
214
215
|
task :add => ['nginx:load_vars'] do
|
215
216
|
on release_roles fetch(:nginx_roles) do
|
@@ -257,6 +258,8 @@ namespace :nginx do
|
|
257
258
|
end
|
258
259
|
end
|
259
260
|
end
|
261
|
+
|
262
|
+
|
260
263
|
end
|
261
264
|
end
|
262
265
|
|
@@ -0,0 +1,118 @@
|
|
1
|
+
namespace :load do
|
2
|
+
task :defaults do
|
3
|
+
set :redirect_page_active, -> { false }
|
4
|
+
set :redirect_old_domains, -> { [] }
|
5
|
+
set :redirect_old_ssl_domains, -> { [] }
|
6
|
+
set :redirect_new_domain, -> { '' }
|
7
|
+
set :redirect_new_name, -> { '' }
|
8
|
+
set :redirect_ssl_cert, -> { '' }
|
9
|
+
set :redirect_ssl_key, -> { '' }
|
10
|
+
set :redirect_roles, -> { :app }
|
11
|
+
set :redirect_index_path, -> { "redirector" }
|
12
|
+
set :redirect_index_parent, -> { "#{ shared_path }" }
|
13
|
+
set :redirect_index_template, -> { :default }
|
14
|
+
set :redirect_nginx_template, -> { :default }
|
15
|
+
set :redirect_conf_name, -> { "redirector_#{fetch(:application)}_#{fetch(:stage)}" }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
namespace :redirect_page do
|
20
|
+
|
21
|
+
desc 'upload the redirect page'
|
22
|
+
task :upload do
|
23
|
+
on release_roles fetch(:redirect_roles) do
|
24
|
+
within fetch(:redirect_index_parent, shared_path) do
|
25
|
+
# create dir if not existing
|
26
|
+
execute :mkdir, "-p #{ fetch(:redirect_index_path, 'redirector') }"
|
27
|
+
# upload index.html file
|
28
|
+
config_file = fetch(:redirect_index_template, :default)
|
29
|
+
if config_file == :default
|
30
|
+
magic_template("redirect_page.html", '/tmp/redirect_page.html')
|
31
|
+
else
|
32
|
+
magic_template(config_file, '/tmp/redirect_page.html')
|
33
|
+
end
|
34
|
+
execute :sudo, :mv, '/tmp/redirect_page.html', "#{ fetch(:redirect_index_path, 'redirector') }/index.html"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
desc 'Creates the redirect-site configuration and upload it to the available folder'
|
40
|
+
task :add => ['nginx:load_vars'] do
|
41
|
+
on release_roles fetch(:nginx_roles) do
|
42
|
+
within fetch(:sites_available) do
|
43
|
+
config_file = fetch(:redirect_nginx_template, :default)
|
44
|
+
if config_file == :default
|
45
|
+
magic_template("nginx_redirect_page.conf", '/tmp/nginx_redirector.conf')
|
46
|
+
else
|
47
|
+
magic_template(config_file, '/tmp/nginx_redirector.conf')
|
48
|
+
end
|
49
|
+
execute :sudo, :mv, '/tmp/nginx_redirector.conf', "#{ fetch(:redirect_conf_name) }"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
desc 'Enables the redirect-site creating a symbolic link into the enabled folder'
|
55
|
+
task :enable => ['nginx:load_vars'] do
|
56
|
+
on release_roles fetch(:nginx_roles) do
|
57
|
+
if test "! [ -h #{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) } ]"
|
58
|
+
within fetch(:sites_enabled) do
|
59
|
+
execute :sudo, :ln, '-nfs', "#{fetch(:sites_available)}/#{ fetch(:redirect_conf_name) }", "#{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) }"
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
desc 'Disables the redirect-site removing the symbolic link located in the enabled folder'
|
66
|
+
task :disable => ['nginx:load_vars'] do
|
67
|
+
on release_roles fetch(:nginx_roles) do
|
68
|
+
if test "[ -f #{fetch(:sites_enabled)}/#{ fetch(:redirect_conf_name) } ]"
|
69
|
+
within fetch(:sites_enabled) do
|
70
|
+
execute :sudo, :rm, '-f', "#{ fetch(:redirect_conf_name) }"
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
desc 'Removes the redirect-site removing the configuration file from the available folder'
|
77
|
+
task :remove => ['nginx:load_vars'] do
|
78
|
+
on release_roles fetch(:nginx_roles) do
|
79
|
+
if test "[ -f #{fetch(:sites_available)}/#{ fetch(:redirect_conf_name) } ]"
|
80
|
+
within fetch(:sites_available) do
|
81
|
+
execute :sudo, :rm, "#{ fetch(:redirect_conf_name) }"
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
|
88
|
+
desc 'upload redirect-page and activate nginx config'
|
89
|
+
task :upload_and_enable do
|
90
|
+
invoke "redirect_page:upload"
|
91
|
+
invoke "redirect_page:add"
|
92
|
+
invoke "redirect_page:enable"
|
93
|
+
end
|
94
|
+
|
95
|
+
namespace :lets_encrypt do
|
96
|
+
|
97
|
+
desc "Generate MONIT-WebClient LetsEncrypt certificate"
|
98
|
+
task :certonly do
|
99
|
+
on release_roles fetch(:lets_encrypt_roles) do
|
100
|
+
execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto --non-interactive --agree-tos --allow-subset-of-names --email #{fetch(:lets_encrypt_email)} certonly --webroot -w #{current_path}/public #{ Array(fetch(:redirect_old_ssl_domains)).map{ |d| "-d #{d.gsub(/^\*?\./, "")} -d www.#{d.gsub(/^\*?\./, "")}" }.join(" ") }"
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
108
|
+
|
109
|
+
|
110
|
+
|
111
|
+
|
112
|
+
namespace :deploy do
|
113
|
+
after :finishing, :include_redirect_page do
|
114
|
+
if fetch(:redirect_page_active, false)
|
115
|
+
invoke "redirect_page:upload_and_enable"
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -116,6 +116,24 @@ namespace :secrets do
|
|
116
116
|
end
|
117
117
|
|
118
118
|
|
119
|
+
namespace :keys do
|
120
|
+
|
121
|
+
desc "upload master.key to server"
|
122
|
+
task :upload_master do
|
123
|
+
on roles %w{app db web} do
|
124
|
+
|
125
|
+
%w(master.key credentials.yml.enc).each do |that|
|
126
|
+
puts "syncing: #{that}"
|
127
|
+
local_dir = "./config/#{ that }"
|
128
|
+
remote_dir = "#{host.user}@#{host.hostname}:#{shared_path}/config/#{ that }"
|
129
|
+
run_locally { execute "rsync -av --delete #{local_dir} #{remote_dir}" }
|
130
|
+
end
|
131
|
+
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
end
|
136
|
+
|
119
137
|
|
120
138
|
|
121
139
|
desc 'Server setup tasks'
|