nvoi 0.1.5 → 0.1.6

data/lib/nvoi/objects/firewall.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # Firewall-related structs
+    module Firewall
+      # Record represents a firewall configuration
+      Record = Struct.new(:id, :name, keyword_init: true)
+    end
+  end
+end

data/lib/nvoi/objects/network.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # Network-related structs
+    module Network
+      # Record represents a virtual network
+      Record = Struct.new(:id, :name, :ip_range, keyword_init: true)
+    end
+  end
+end

data/lib/nvoi/objects/server.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # Server-related structs
+    module Server
+      # Record represents a compute server/instance
+      Record = Struct.new(:id, :name, :status, :public_ipv4, :private_ipv4, keyword_init: true)
+
+      # CreateOptions contains options for creating a server
+      CreateOptions = Struct.new(:name, :type, :image, :location, :user_data, :network_id, :firewall_id, :ssh_keys, keyword_init: true)
+    end
+  end
+end

data/lib/nvoi/objects/service_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # ServiceSpec is the CORE primitive - pure K8s deployment specification
+    class ServiceSpec
+      attr_accessor :name, :image, :port, :command, :env, :mounts, :replicas,
+                    :healthcheck, :stateful_set, :secrets, :servers
+
+      def initialize(name:, image:, port: 0, command: [], env: nil, mounts: nil,
+                     replicas: 1, healthcheck: nil, stateful_set: false, secrets: nil, servers: [])
+        @name = name
+        @image = image
+        @port = port
+        @command = command || []
+        @env = env || {}
+        @mounts = mounts || {}
+        @replicas = replicas
+        @healthcheck = healthcheck
+        @stateful_set = stateful_set
+        @secrets = secrets || {}
+        @servers = servers || []
+      end
+    end
+  end
+end

data/lib/nvoi/objects/tunnel.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # Tunnel-related structs
+    module Tunnel
+      # Record represents a Cloudflare tunnel
+      Record = Struct.new(:id, :name, :token, keyword_init: true)
+
+      # Info holds information about a configured tunnel
+      Info = Struct.new(:service_name, :hostname, :tunnel_id, :tunnel_token, :port, keyword_init: true)
+    end
+  end
+end

data/lib/nvoi/objects/volume.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Objects
+    # Volume-related structs
+    module Volume
+      # Volume represents a block storage volume
+      Record = Struct.new(:id, :name, :size, :location, :status, :server_id, :device_path, keyword_init: true)
+
+      # CreateOptions contains options for creating a volume
+      CreateOptions = Struct.new(:name, :size, :server_id, :location, keyword_init: true)
+
+      # MountOptions contains options for mounting a volume
+      MountOptions = Struct.new(:device_path, :mount_path, :fs_type, keyword_init: true)
+    end
+  end
+end

data/lib/nvoi/utils/config_loader.rb

@@ -0,0 +1,172 @@
+# frozen_string_literal: true
+
+require "tempfile"
+require "fileutils"
+
+module Nvoi
+  module Utils
+    # ConfigLoader handles loading and initializing configuration from encrypted files
+    module ConfigLoader
+      class << self
+        # Load reads and parses the deployment configuration from encrypted file
+        def load(config_path, credentials_path: nil, master_key_path: nil)
+          working_dir = config_path && !config_path.empty? ? File.dirname(config_path) : "."
+          enc_path = credentials_path.nil? || credentials_path.empty? ? config_path : credentials_path
+
+          manager = CredentialStore.new(working_dir, enc_path, master_key_path)
+          plaintext = manager.read
+          raise Errors::ConfigError, "Failed to decrypt credentials" unless plaintext
+
+          data = YAML.safe_load(plaintext, permitted_classes: [Symbol])
+          raise Errors::ConfigError, "Invalid config format" unless data.is_a?(Hash)
+
+          deploy_config = Objects::Configuration::Deploy.new(data)
+          cfg = Objects::Configuration::Root.new(deploy_config)
+
+          load_ssh_keys(cfg)
+          cfg.validate_config
+          generate_resource_names(cfg)
+
+          cfg
+        end
+
+        # Get database credentials from config
+        def get_database_credentials(db_config, namer = nil)
+          return nil unless db_config
+
+          adapter = db_config.adapter&.downcase
+          return nil unless adapter
+
+          provider = External::Database.provider_for(adapter)
+
+          if db_config.url && !db_config.url.empty?
+            creds = provider.parse_url(db_config.url)
+            host_path = nil
+
+            if provider.is_a?(External::Database::Sqlite) && namer && db_config.servers&.any?
+              host_path = resolve_sqlite_host_path(db_config, namer, creds.database || "app.db")
+            end
+
+            return Objects::Database::Credentials.new(
+              user: creds.user,
+              password: creds.password,
+              host: creds.host,
+              port: creds.port,
+              database: creds.database,
+              path: creds.path,
+              host_path:
+            )
+          end
+
+          # Fall back to secrets-based credentials
+          case adapter
+          when "postgres", "postgresql"
+            Objects::Database::Credentials.new(
+              port: provider.default_port,
+              user: db_config.secrets["POSTGRES_USER"],
+              password: db_config.secrets["POSTGRES_PASSWORD"],
+              database: db_config.secrets["POSTGRES_DB"]
+            )
+          when "mysql", "mysql2"
+            Objects::Database::Credentials.new(
+              port: provider.default_port,
+              user: db_config.secrets["MYSQL_USER"],
+              password: db_config.secrets["MYSQL_PASSWORD"],
+              database: db_config.secrets["MYSQL_DATABASE"]
+            )
+          when "sqlite", "sqlite3"
+            Objects::Database::Credentials.new(
+              database: "app.db",
+              host_path: resolve_sqlite_host_path(db_config, namer, "app.db")
+            )
+          else
+            raise Errors::ConfigError, "Unsupported database adapter: #{adapter}"
+          end
+        end
+
+        private
+
+          def load_ssh_keys(cfg)
+            ssh_keys = cfg.deploy.application.ssh_keys
+
+            unless ssh_keys
+              raise Errors::ConfigError, "ssh_keys section is required in config. Run 'nvoi credentials edit' to generate keys."
+            end
+
+            raise Errors::ConfigError, "ssh_keys.private_key is required" unless ssh_keys.private_key && !ssh_keys.private_key.empty?
+            raise Errors::ConfigError, "ssh_keys.public_key is required" unless ssh_keys.public_key && !ssh_keys.public_key.empty?
+
+            temp_dir = Dir.mktmpdir("nvoi-ssh-")
+
+            private_key_path = File.join(temp_dir, "id_nvoi")
+            File.write(private_key_path, ssh_keys.private_key)
+            File.chmod(0o600, private_key_path)
+
+            public_key_path = File.join(temp_dir, "id_nvoi.pub")
+            File.write(public_key_path, ssh_keys.public_key)
+            File.chmod(0o644, public_key_path)
+
+            cfg.ssh_key_path = private_key_path
+            cfg.ssh_public_key = ssh_keys.public_key.strip
+          end
+
+          def generate_resource_names(cfg)
+            namer = cfg.namer
+            cfg.container_prefix = namer.infer_container_prefix
+            master_group = find_master_server_group(cfg)
+            cfg.server_name = namer.server_name(master_group, 1)
+            cfg.firewall_name = namer.firewall_name
+            cfg.network_name = namer.network_name
+            cfg.docker_network_name = namer.docker_network_name
+          end
+
+          def find_master_server_group(cfg)
+            servers = cfg.deploy.application.servers
+            return "master" if servers.empty?
+
+            servers.each { |name, srv_cfg| return name if srv_cfg&.master }
+            return servers.keys.first if servers.size == 1
+
+            "master"
+          end
+
+          def resolve_sqlite_host_path(db_config, namer, filename = "app.db")
+            return nil unless namer && db_config.servers&.any?
+
+            server_name = db_config.servers.first
+            mount = db_config.mount
+
+            if mount && !mount.empty?
+              vol_name = mount.keys.first
+              base_path = namer.server_volume_host_path(server_name, vol_name)
+              return "#{base_path}/#{filename}"
+            end
+
+            nil
+          end
+      end
+
+      # Generate a new Ed25519 keypair using ssh-keygen
+      def self.generate_keypair
+        temp_dir = Dir.mktmpdir("nvoi-keygen-")
+        key_path = File.join(temp_dir, "id_nvoi")
+
+        begin
+          result = system(
+            "ssh-keygen", "-t", "ed25519", "-N", "", "-C", "nvoi-deploy", "-f", key_path,
+            out: File::NULL, err: File::NULL
+          )
+
+          raise Errors::ConfigError, "Failed to generate SSH keypair (ssh-keygen not available?)" unless result
+
+          private_key = File.read(key_path)
+          public_key = File.read("#{key_path}.pub").strip
+
+          [private_key, public_key]
+        ensure
+          FileUtils.rm_rf(temp_dir)
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/utils/constants.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Utils
+    module Constants
+      # Default deployment configuration file
+      DEFAULT_CONFIG_FILE = "deploy.enc"
+
+      # Network configuration
+      NETWORK_CIDR = "10.0.0.0/16"
+      SUBNET_CIDR = "10.0.1.0/24"
+
+      # Server configuration
+      DEFAULT_IMAGE = "ubuntu-24.04"
+      SERVER_READY_INTERVAL = 10 # seconds
+      SERVER_READY_MAX_ATTEMPTS = 60
+      SSH_READY_INTERVAL = 5 # seconds
+      SSH_READY_MAX_ATTEMPTS = 60
+
+      # Deployment configuration
+      MAX_DEPLOYMENT_RETRIES = 3
+      STALE_DEPLOYMENT_LOCK_AGE = 3600 # 1 hour in seconds
+      KEEP_COUNT_DEFAULT = 3
+
+      # K3s configuration
+      DEFAULT_K3S_VERSION = "v1.28.5+k3s1"
+
+      # Registry configuration
+      REGISTRY_PORT = 30500
+      REGISTRY_NAME = "nvoi-registry"
+
+      # Cloudflare
+      CLOUDFLARE_API_BASE = "https://api.cloudflare.com/client/v4"
+      TUNNEL_CONFIG_VERIFY_ATTEMPTS = 10
+
+      # Traffic verification
+      TRAFFIC_VERIFY_ATTEMPTS = 10
+      TRAFFIC_VERIFY_CONSECUTIVE = 3
+      TRAFFIC_VERIFY_INTERVAL = 5 # seconds
+
+      # Paths
+      DEPLOYMENT_LOCK_FILE = "/tmp/nvoi-deployment.lock"
+      APP_BASE_DIR = "/opt/nvoi"
+
+      # Database defaults
+      DATABASE_PORTS = {
+        "postgresql" => 5432,
+        "postgres" => 5432,
+        "mysql" => 3306,
+        "redis" => 6379
+      }.freeze
+
+      # Default database images
+      DATABASE_IMAGES = {
+        "postgresql" => "postgres:15-alpine",
+        "postgres" => "postgres:15-alpine",
+        "mysql" => "mysql:8.0"
+      }.freeze
+    end
+  end
+end

data/lib/nvoi/{credentials/manager.rb → utils/credential_store.rb}

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
 module Nvoi
-  module Credentials
+  module Utils
     # Default filenames
     DEFAULT_ENCRYPTED_FILE = "deploy.enc"
     DEFAULT_KEY_FILE = "deploy.key"
     MASTER_KEY_ENV_VAR = "NVOI_MASTER_KEY"
 
-    # Manager handles encrypted credentials operations
-    class Manager
+    # CredentialStore handles encrypted credentials file operations
+    class CredentialStore
       attr_reader :encrypted_path, :key_path
 
-      # Create a new credentials manager
+      # Create a new credentials store
       # working_dir: base directory to search for files
       # encrypted_path: explicit path to encrypted file (optional, nil = auto-discover)
       # key_path: explicit path to key file (optional, nil = auto-discover)
@@ -24,14 +24,14 @@ module Nvoi
         resolve_key(key_path)
       end
 
-      # Create a manager for initial setup (no existing files required)
+      # Create a store for initial setup (no existing files required)
       def self.for_init(working_dir)
-        manager = allocate
-        manager.instance_variable_set(:@working_dir, working_dir)
-        manager.instance_variable_set(:@encrypted_path, File.join(working_dir, DEFAULT_ENCRYPTED_FILE))
-        manager.instance_variable_set(:@key_path, nil)
-        manager.instance_variable_set(:@master_key, nil)
-        manager
+        store = allocate
+        store.instance_variable_set(:@working_dir, working_dir)
+        store.instance_variable_set(:@encrypted_path, File.join(working_dir, DEFAULT_ENCRYPTED_FILE))
+        store.instance_variable_set(:@key_path, nil)
+        store.instance_variable_set(:@master_key, nil)
+        store
       end
 
       # Check if the encrypted credentials file exists
@@ -39,14 +39,14 @@ module Nvoi
         File.exist?(@encrypted_path)
       end
 
-      # Check if the manager has a master key loaded
+      # Check if the store has a master key loaded
       def has_key?
         !@master_key.nil? && !@master_key.empty?
       end
 
       # Decrypt and return the credentials content
       def read
-        raise CredentialError, "master key not loaded" unless has_key?
+        raise Errors::CredentialError, "master key not loaded" unless has_key?
 
         ciphertext = File.binread(@encrypted_path)
         Crypto.decrypt(ciphertext, @master_key)
@@ -54,7 +54,7 @@ module Nvoi
 
       # Encrypt and save the credentials content
       def write(plaintext)
-        raise CredentialError, "master key not loaded" unless has_key?
+        raise Errors::CredentialError, "master key not loaded" unless has_key?
 
         ciphertext = Crypto.encrypt(plaintext, @master_key)
 
@@ -66,7 +66,7 @@ module Nvoi
           File.rename(tmp_path, @encrypted_path)
         rescue StandardError => e
           File.delete(tmp_path) if File.exist?(tmp_path)
-          raise CredentialError, "failed to rename temp file: #{e.message}"
+          raise Errors::CredentialError, "failed to rename temp file: #{e.message}"
         end
       end
 
@@ -160,7 +160,7 @@ module Nvoi
             return
           end
 
-          raise CredentialError, "master key not found: set #{MASTER_KEY_ENV_VAR} or create #{DEFAULT_KEY_FILE}"
+          raise Errors::CredentialError, "master key not found: set #{MASTER_KEY_ENV_VAR} or create #{DEFAULT_KEY_FILE}"
         end
 
         def load_key_from_file(path)

data/lib/nvoi/{credentials → utils}/crypto.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
+require "openssl"
+require "securerandom"
+
 module Nvoi
-  module Credentials
+  module Utils
     # Crypto handles AES-256-GCM encryption/decryption
     module Crypto
       KEY_SIZE = 32 # 256 bits
@@ -42,7 +45,7 @@ module Nvoi
 
           min_size = NONCE_SIZE + 16 # nonce + auth tag
           if ciphertext.bytesize < min_size
-            raise DecryptionError, "ciphertext too short: need at least #{min_size} bytes, got #{ciphertext.bytesize}"
+            raise Errors::DecryptionError, "ciphertext too short: need at least #{min_size} bytes, got #{ciphertext.bytesize}"
           end
 
           # Extract nonce and auth tag
@@ -59,18 +62,18 @@ module Nvoi
           begin
             cipher.update(encrypted_data) + cipher.final
           rescue OpenSSL::Cipher::CipherError => e
-            raise DecryptionError, "decryption failed (wrong key or corrupted data): #{e.message}"
+            raise Errors::DecryptionError, "decryption failed (wrong key or corrupted data): #{e.message}"
           end
         end
 
         # Validate a hex-encoded key
         def validate_key(hex_key)
           unless hex_key.length == KEY_HEX_LENGTH
-            raise InvalidKeyError, "invalid key length: expected #{KEY_HEX_LENGTH} hex characters, got #{hex_key.length}"
+            raise Errors::InvalidKeyError, "invalid key length: expected #{KEY_HEX_LENGTH} hex characters, got #{hex_key.length}"
           end
 
           unless hex_key.match?(/\A[0-9a-fA-F]+\z/)
-            raise InvalidKeyError, "invalid hex key: contains non-hex characters"
+            raise Errors::InvalidKeyError, "invalid hex key: contains non-hex characters"
           end
 
           true

data/lib/nvoi/{config → utils}/env_resolver.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Nvoi
-  module Config
+  module Utils
     # EnvResolver handles environment variable resolution and injection
     class EnvResolver
       def initialize(config)
@@ -48,7 +48,7 @@ module Nvoi
 
           # Handle database URL
           if db.adapter == "sqlite3"
-            env["DATABASE_URL"] = "sqlite://data/db/production.sqlite3"
+            env["DATABASE_URL"] = sqlite_database_url(db)
           elsif db.url && !db.url.empty?
             env["DATABASE_URL"] = db.url
           end
@@ -58,6 +58,14 @@ module Nvoi
             env[key] = value
           end
         end
+
+        def sqlite_database_url(db)
+          raise Errors::ConfigError, "sqlite3 requires database.mount to be configured" if db.mount.nil? || db.mount.empty?
+
+          mount_path = db.mount.values.first
+          app_name = @config.deploy.application.name
+          "sqlite://#{mount_path}/#{app_name}-database.sqlite3"
+        end
     end
   end
 end

data/lib/nvoi/utils/logger.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Utils
+    class Logger
+      COLORS = {
+        reset: "\e[0m",
+        red: "\e[31m",
+        green: "\e[32m",
+        yellow: "\e[33m",
+        blue: "\e[34m",
+        magenta: "\e[35m",
+        cyan: "\e[36m",
+        white: "\e[37m",
+        bold: "\e[1m"
+      }.freeze
+
+      def initialize(output: $stdout, color: true)
+        @output = output
+        @color = color && output.tty?
+      end
+
+      def info(message, *args)
+        log(:blue, "INFO", format_message(message, args))
+      end
+
+      def success(message, *args)
+        log(:green, "SUCCESS", format_message(message, args))
+      end
+
+      def warning(message, *args)
+        log(:yellow, "WARNING", format_message(message, args))
+      end
+
+      def error(message, *args)
+        log(:red, "ERROR", format_message(message, args))
+      end
+
+      def debug(message, *args)
+        return unless ENV["NVOI_DEBUG"]
+
+        log(:magenta, "DEBUG", format_message(message, args))
+      end
+
+      # Step indicator for multi-step operations
+      def step(message, *args)
+        log(:cyan, "STEP", format_message(message, args))
+      end
+
+      # OK indicator for step completion
+      def ok(message, *args)
+        log(:green, "OK", format_message(message, args))
+      end
+
+      def separator
+        @output.puts colorize(:cyan, "-" * 60)
+      end
+
+      def blank
+        @output.puts
+      end
+
+      private
+
+        def format_message(message, args)
+          return message if args.empty?
+
+          format(message, *args)
+        end
+
+        def log(color, level, message)
+          timestamp = Time.now.strftime("%H:%M:%S")
+          prefix = colorize(color, "[#{timestamp}] [#{level}]")
+          @output.puts "#{prefix} #{message}"
+        end
+
+        def colorize(color, text)
+          return text unless @color
+
+          "#{COLORS[color]}#{text}#{COLORS[:reset]}"
+        end
+    end
+  end
+end

data/lib/nvoi/{config/naming.rb → utils/namer.rb}

@@ -3,9 +3,9 @@
 require "digest"
 
 module Nvoi
-  module Config
-    # ResourceNamer handles resource naming and inference
-    class ResourceNamer
+  module Utils
+    # Namer handles resource naming and inference
+    class Namer
       def initialize(config)
         @config = config
       end
@@ -72,6 +72,10 @@ module Nvoi
         "app=db-#{@config.deploy.application.name}"
       end
 
+      def database_pod_name
+        "db-#{@config.deploy.application.name}-0"
+      end
+
       # ============================================================================
       # KUBERNETES APP RESOURCES
       # ============================================================================
@@ -153,20 +157,32 @@ module Nvoi
       # VOLUME RESOURCES
       # ============================================================================
 
-      def volume_name(service_type, service_name, volume_key)
-        "#{@config.deploy.application.name}-#{service_type}-#{service_name}-#{volume_key}"
+      # Server-level volume naming: {app}-{server}-{volume}
+      def server_volume_name(server_name, volume_name)
+        "#{@config.deploy.application.name}-#{server_name}-#{volume_name}"
       end
 
-      def database_volume_name
-        "#{@config.deploy.application.name}-db-data"
+      # Host mount path for a server volume
+      def server_volume_host_path(server_name, volume_name)
+        "/opt/nvoi/volumes/#{server_volume_name(server_name, volume_name)}"
       end
 
-      def service_volume_name(service_name, volume_key)
-        "#{@config.deploy.application.name}-svc-#{service_name}-#{volume_key}"
+      # ============================================================================
+      # HOSTNAME HELPER
+      # ============================================================================
+
+      # Build full hostname from subdomain and domain
+      def hostname(subdomain, domain)
+        self.class.build_hostname(subdomain, domain)
       end
 
-      def app_volume_name(service_name, volume_key)
-        "#{@config.deploy.application.name}-app-#{service_name}-#{volume_key}"
+      # Class method for building hostname without instance
+      def self.build_hostname(subdomain, domain)
+        if subdomain.nil? || subdomain.empty? || subdomain == "@"
+          domain
+        else
+          "#{subdomain}.#{domain}"
+        end
       end
 
       private
@@ -176,20 +192,7 @@ module Nvoi
         end
 
         def infer_base_prefix
-          output = `git config --get remote.origin.url 2>/dev/null`.strip
-          return "app" if output.empty?
-
-          # Extract username/repo from: git@github.com:user/repo.git or https://github.com/user/repo.git
-          repo_url = output.sub(/\.git$/, "")
-          parts = repo_url.split(%r{[/:]+})
-
-          if parts.length >= 2
-            username = parts[-2]
-            repo = parts[-1]
-            "#{username}-#{repo}"
-          else
-            "app"
-          end
+          "nvoi"
         end
     end
   end