nvoi 0.1.5 → 0.1.7

data/examples/golang/deploy.yml

@@ -1,54 +0,0 @@
-application:
-  name: example-golang
-  environment: production
-
-  # Provider configuration
-  domain_provider:
-    cloudflare:
-      api_token: $CLOUDFLARE_API_TOKEN
-      account_id: $CLOUDFLARE_ACCOUNT_ID
-
-  compute_provider:
-    hetzner:
-      api_token: $HETZNER_API_TOKEN
-      server_type: cx22 # Explicit server type
-      server_location: fsn1 # Explicit location
-
-  # Server configuration (single server, master: true is implicit)
-  servers:
-    master:
-      type: cx22
-      location: fsn1
-
-  # Container retention
-  keep_count: 2
-
-  app:
-    web:
-      servers: [master]
-      domain: rb.run # Your domain (must be on Cloudflare)
-      subdomain: golang # Subdomain for this app
-      port: 3000
-
-      # Nested health check configuration
-      healthcheck:
-        type: http
-        path: /health
-        port: 3000
-        interval: 10s
-        timeout: 5s
-        retries: 3
-
-      # Volume mounts for SQLite data persistence
-      volumes:
-        data: /app/data
-
-  # SQLite database (adapter specified, volume configured at service level)
-  database:
-    servers: [master]
-    adapter: sqlite3
-
-  env:
-    APP_NAME: nvoi-example-app
-    LOG_LEVEL: info
-    GIN_MODE: release

data/lib/nvoi/cloudflare/client.rb

@@ -1,287 +0,0 @@
-# frozen_string_literal: true
-
-require "faraday"
-require "base64"
-
-module Nvoi
-  module Cloudflare
-    # Tunnel represents a Cloudflare tunnel
-    Tunnel = Struct.new(:id, :name, :token, keyword_init: true)
-
-    # Zone represents a Cloudflare DNS zone
-    Zone = Struct.new(:id, :name, keyword_init: true)
-
-    # DNSRecord represents a Cloudflare DNS record
-    DNSRecord = Struct.new(:id, :type, :name, :content, :proxied, :ttl, keyword_init: true)
-
-    # Client handles Cloudflare API operations
-    class Client
-      BASE_URL = "https://api.cloudflare.com/client/v4"
-
-      def initialize(token, account_id)
-        @token = token
-        @account_id = account_id
-        @conn = Faraday.new(url: BASE_URL) do |f|
-          f.request :json
-          f.response :json
-          f.adapter Faraday.default_adapter
-        end
-      end
-
-      # Tunnel operations
-
-      def create_tunnel(name)
-        url = "accounts/#{@account_id}/cfd_tunnel"
-        tunnel_secret = generate_tunnel_secret
-
-        response = post(url, {
-          name:,
-          tunnel_secret:,
-          config_src: "cloudflare"
-        })
-
-        result = response["result"]
-        Tunnel.new(
-          id: result["id"],
-          name: result["name"],
-          token: result["token"]
-        )
-      end
-
-      def find_tunnel(name)
-        url = "accounts/#{@account_id}/cfd_tunnel"
-        response = get(url, { name:, is_deleted: false })
-
-        results = response["result"]
-        return nil if results.nil? || results.empty?
-
-        result = results[0]
-        Tunnel.new(
-          id: result["id"],
-          name: result["name"],
-          token: result["token"]
-        )
-      end
-
-      def get_tunnel_token(tunnel_id)
-        url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/token"
-        response = get(url)
-        response["result"]
-      end
-
-      def update_tunnel_configuration(tunnel_id, hostname, service_url)
-        url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
-
-        config = {
-          ingress: [
-            {
-              hostname:,
-              service: service_url,
-              originRequest: { httpHostHeader: hostname }
-            },
-            { service: "http_status:404" }
-          ]
-        }
-
-        put(url, { config: })
-      end
-
-      def verify_tunnel_configuration(tunnel_id, expected_hostname, expected_service, max_attempts)
-        url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
-
-        max_attempts.times do
-          begin
-            response = get(url)
-
-            if response["success"]
-              config = response.dig("result", "config")
-              config&.dig("ingress")&.each do |rule|
-                if rule["hostname"] == expected_hostname && rule["service"] == expected_service
-                  return true
-                end
-              end
-            end
-          rescue StandardError
-            # Continue retrying
-          end
-
-          sleep(2)
-        end
-
-        raise TunnelError, "tunnel configuration not propagated after #{max_attempts} attempts"
-      end
-
-      def delete_tunnel(tunnel_id)
-        # Clean up all connections first
-        connections_url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/connections"
-        begin
-          delete(connections_url)
-        rescue StandardError
-          # Ignore connection cleanup errors
-        end
-
-        # Now delete the tunnel
-        url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}"
-        delete(url)
-      end
-
-      # DNS operations
-
-      def find_zone(domain)
-        url = "zones"
-        response = get(url)
-
-        results = response["result"]
-        return nil unless results
-
-        zone_data = results.find { |z| z["name"] == domain }
-        return nil unless zone_data
-
-        Zone.new(id: zone_data["id"], name: zone_data["name"])
-      end
-
-      def find_dns_record(zone_id, name, record_type)
-        url = "zones/#{zone_id}/dns_records"
-        response = get(url)
-
-        results = response["result"]
-        return nil unless results
-
-        record_data = results.find { |r| r["name"] == name && r["type"] == record_type }
-        return nil unless record_data
-
-        DNSRecord.new(
-          id: record_data["id"],
-          type: record_data["type"],
-          name: record_data["name"],
-          content: record_data["content"],
-          proxied: record_data["proxied"],
-          ttl: record_data["ttl"]
-        )
-      end
-
-      def create_dns_record(zone_id, name, record_type, content, proxied: true)
-        url = "zones/#{zone_id}/dns_records"
-
-        response = post(url, {
-          type: record_type,
-          name:,
-          content:,
-          proxied:,
-          ttl: 1
-        })
-
-        result = response["result"]
-        DNSRecord.new(
-          id: result["id"],
-          type: result["type"],
-          name: result["name"],
-          content: result["content"],
-          proxied: result["proxied"],
-          ttl: result["ttl"]
-        )
-      end
-
-      def update_dns_record(zone_id, record_id, name, record_type, content, proxied: true)
-        url = "zones/#{zone_id}/dns_records/#{record_id}"
-
-        response = patch(url, {
-          type: record_type,
-          name:,
-          content:,
-          proxied:,
-          ttl: 1
-        })
-
-        result = response["result"]
-        DNSRecord.new(
-          id: result["id"],
-          type: result["type"],
-          name: result["name"],
-          content: result["content"],
-          proxied: result["proxied"],
-          ttl: result["ttl"]
-        )
-      end
-
-      def create_or_update_dns_record(zone_id, name, record_type, content, proxied: true)
-        existing = find_dns_record(zone_id, name, record_type)
-
-        if existing
-          update_dns_record(zone_id, existing.id, name, record_type, content, proxied:)
-        else
-          create_dns_record(zone_id, name, record_type, content, proxied:)
-        end
-      end
-
-      def delete_dns_record(zone_id, record_id)
-        url = "zones/#{zone_id}/dns_records/#{record_id}"
-        delete(url)
-      end
-
-      private
-
-        def get(url, params = {})
-          response = @conn.get(url) do |req|
-            req.headers["Authorization"] = "Bearer #{@token}"
-            req.params = params unless params.empty?
-          end
-          handle_response(response)
-        end
-
-        def post(url, body)
-          response = @conn.post(url) do |req|
-            req.headers["Authorization"] = "Bearer #{@token}"
-            req.body = body
-          end
-          handle_response(response)
-        end
-
-        def put(url, body)
-          response = @conn.put(url) do |req|
-            req.headers["Authorization"] = "Bearer #{@token}"
-            req.body = body
-          end
-          handle_response(response)
-        end
-
-        def patch(url, body)
-          response = @conn.patch(url) do |req|
-            req.headers["Authorization"] = "Bearer #{@token}"
-            req.body = body
-          end
-          handle_response(response)
-        end
-
-        def delete(url)
-          response = @conn.delete(url) do |req|
-            req.headers["Authorization"] = "Bearer #{@token}"
-          end
-
-          # 404 is ok for idempotent delete
-          return { "success" => true } if response.status == 404
-
-          handle_response(response)
-        end
-
-        def handle_response(response)
-          body = response.body
-
-          unless body.is_a?(Hash)
-            raise CloudflareError, "unexpected response format"
-          end
-
-          unless body["success"]
-            errors = body["errors"]&.map { |e| e["message"] }&.join(", ") || "unknown error"
-            raise CloudflareError, "API error: #{errors}"
-          end
-
-          body
-        end
-
-        def generate_tunnel_secret
-          Base64.strict_encode64(SecureRandom.random_bytes(32))
-        end
-    end
-  end
-end

data/lib/nvoi/config/config.rb

@@ -1,248 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Config
-    # Configuration holds the complete configuration including deployment config and runtime settings
-    class Configuration
-      attr_accessor :deploy, :ssh_key_path, :ssh_public_key, :server_name,
-                    :firewall_name, :network_name, :docker_network_name, :container_prefix
-
-      def initialize(deploy_config)
-        @deploy = deploy_config
-        @namer = nil
-      end
-
-      # Returns the ResourceNamer for centralized naming
-      def namer
-        @namer ||= ResourceNamer.new(self)
-      end
-
-      # Returns environment variables for a specific service
-      def env_for_service(service_name)
-        resolver = EnvResolver.new(self)
-        resolver.env_for_service(service_name)
-      end
-
-      # Validate config structure
-      def validate_config
-        app = @deploy.application
-
-        # Validate provider configuration
-        validate_providers_config
-
-        # Validate database secrets (if database configured)
-        validate_database_secrets(app.database) if app.database
-
-        # Auto-inject database environment variables into app services
-        inject_database_env_vars
-
-        # Validate service-to-server bindings
-        validate_service_server_bindings
-      end
-
-      # ProviderName returns the name of the configured compute provider
-      def provider_name
-        return "hetzner" if @deploy.application.compute_provider.hetzner
-        return "aws" if @deploy.application.compute_provider.aws
-
-        ""
-      end
-
-      def hetzner
-        @deploy.application.compute_provider.hetzner
-      end
-
-      def aws
-        @deploy.application.compute_provider.aws
-      end
-
-      def cloudflare
-        @deploy.application.domain_provider.cloudflare
-      end
-
-      def keep_count_value
-        count = @deploy.application.keep_count
-        count && count.positive? ? count : 2
-      end
-
-      private
-
-        def validate_service_server_bindings
-          app = @deploy.application
-
-          # Collect all defined server names and validate single master
-          defined_servers = {}
-          master_count = 0
-
-          app.servers.each do |server_name, server_config|
-            defined_servers[server_name] = true
-            master_count += 1 if server_config&.master
-          end
-
-          # Require servers to be defined if any services exist
-          if app.servers.empty?
-            has_services = !app.app.empty? || app.database || !app.services.empty?
-            raise ConfigValidationError, "servers must be defined when deploying services" if has_services
-          end
-
-          # Validate master designation
-          if app.servers.size > 1
-            raise ConfigValidationError, "when multiple servers are defined, exactly one must have master: true" if master_count.zero?
-            raise ConfigValidationError, "only one server can have master: true, found #{master_count}" if master_count > 1
-          elsif app.servers.size == 1 && master_count > 1
-            raise ConfigValidationError, "only one server can have master: true, found #{master_count}"
-          end
-
-          # Validate app services
-          app.app.each do |service_name, service_config|
-            raise ConfigValidationError, "app.#{service_name}: servers field is required" if service_config.servers.empty?
-
-            service_config.servers.each do |server_ref|
-              unless defined_servers[server_ref]
-                raise ConfigValidationError, "app.#{service_name}: references undefined server '#{server_ref}'"
-              end
-            end
-          end
-
-          # Validate database
-          if app.database
-            raise ConfigValidationError, "database: servers field is required" if app.database.servers.empty?
-
-            app.database.servers.each do |server_ref|
-              raise ConfigValidationError, "database: references undefined server '#{server_ref}'" unless defined_servers[server_ref]
-            end
-          end
-
-          # Validate additional services
-          app.services.each do |service_name, service_config|
-            raise ConfigValidationError, "services.#{service_name}: servers field is required" if service_config.servers.empty?
-
-            service_config.servers.each do |server_ref|
-              unless defined_servers[server_ref]
-                raise ConfigValidationError, "services.#{service_name}: references undefined server '#{server_ref}'"
-              end
-            end
-          end
-        end
-
-        def validate_database_secrets(db)
-          adapter = db.adapter&.downcase
-
-          case adapter
-          when "postgres", "postgresql"
-            required_keys = %w[POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DB]
-            required_keys.each do |key|
-              raise ConfigValidationError, "postgres database requires #{key} in secrets" unless db.secrets[key]
-            end
-          when "mysql"
-            required_keys = %w[MYSQL_USER MYSQL_PASSWORD MYSQL_DATABASE]
-            required_keys.each do |key|
-              raise ConfigValidationError, "mysql database requires #{key} in secrets" unless db.secrets[key]
-            end
-          when "sqlite3"
-            # SQLite doesn't require secrets
-          end
-        end
-
-        def validate_providers_config
-          app = @deploy.application
-
-          # Validate domain provider (required)
-          unless app.domain_provider.cloudflare
-            raise ConfigValidationError, "domain provider required: currently only cloudflare is supported"
-          end
-
-          cf = app.domain_provider.cloudflare
-          raise ConfigValidationError, "cloudflare api_token is required" if cf.api_token.nil? || cf.api_token.empty?
-          raise ConfigValidationError, "cloudflare account_id is required" if cf.account_id.nil? || cf.account_id.empty?
-
-          # Validate compute provider (at least one required)
-          has_provider = false
-
-          if app.compute_provider.hetzner
-            has_provider = true
-            h = app.compute_provider.hetzner
-            raise ConfigValidationError, "hetzner api_token is required" if h.api_token.nil? || h.api_token.empty?
-            raise ConfigValidationError, "hetzner server_type is required" if h.server_type.nil? || h.server_type.empty?
-            raise ConfigValidationError, "hetzner server_location is required" if h.server_location.nil? || h.server_location.empty?
-          end
-
-          if app.compute_provider.aws
-            has_provider = true
-            a = app.compute_provider.aws
-            raise ConfigValidationError, "aws access_key_id is required" if a.access_key_id.nil? || a.access_key_id.empty?
-            raise ConfigValidationError, "aws secret_access_key is required" if a.secret_access_key.nil? || a.secret_access_key.empty?
-            raise ConfigValidationError, "aws region is required" if a.region.nil? || a.region.empty?
-            raise ConfigValidationError, "aws instance_type is required" if a.instance_type.nil? || a.instance_type.empty?
-          end
-
-          raise ConfigValidationError, "compute provider required: hetzner or aws must be configured" unless has_provider
-        end
-
-        def inject_database_env_vars
-          app = @deploy.application
-
-          # Skip if no database configured
-          return unless app.database
-
-          db = app.database
-          adapter = db.adapter&.downcase
-
-          # SQLite doesn't need network connection vars
-          return if adapter == "sqlite3"
-
-          # Build connection variables
-          db_host = namer.database_service_name
-          db_port, db_user, db_password, db_name = extract_db_credentials(adapter, db)
-
-          return unless db_user && db_password && db_name
-
-          # Build DATABASE_URL
-          database_url = case adapter
-          when "postgres", "postgresql"
-            "postgresql://#{db_user}:#{db_password}@#{db_host}:#{db_port}/#{db_name}"
-          when "mysql"
-            "mysql://#{db_user}:#{db_password}@#{db_host}:#{db_port}/#{db_name}"
-          end
-
-          # Inject into all app services
-          app.app.each_value do |service_config|
-            service_config.env ||= {}
-
-            # Only inject if not already set by user
-            service_config.env["DATABASE_URL"] ||= database_url
-
-            case adapter
-            when "postgres", "postgresql"
-              unless service_config.env.key?("POSTGRES_HOST")
-                service_config.env["POSTGRES_HOST"] = db_host
-                service_config.env["POSTGRES_PORT"] = db_port
-                service_config.env["POSTGRES_USER"] = db_user
-                service_config.env["POSTGRES_PASSWORD"] = db_password
-                service_config.env["POSTGRES_DB"] = db_name
-              end
-            when "mysql"
-              unless service_config.env.key?("MYSQL_HOST")
-                service_config.env["MYSQL_HOST"] = db_host
-                service_config.env["MYSQL_PORT"] = db_port
-                service_config.env["MYSQL_USER"] = db_user
-                service_config.env["MYSQL_PASSWORD"] = db_password
-                service_config.env["MYSQL_DATABASE"] = db_name
-              end
-            end
-          end
-        end
-
-        def extract_db_credentials(adapter, db)
-          case adapter
-          when "postgres", "postgresql"
-            ["5432", db.secrets["POSTGRES_USER"], db.secrets["POSTGRES_PASSWORD"], db.secrets["POSTGRES_DB"]]
-          when "mysql"
-            ["3306", db.secrets["MYSQL_USER"], db.secrets["MYSQL_PASSWORD"], db.secrets["MYSQL_DATABASE"]]
-          else
-            [nil, nil, nil, nil]
-          end
-        end
-    end
-  end
-end

data/lib/nvoi/config/loader.rb

@@ -1,102 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Config
-    # ConfigLoader handles loading and initializing configuration
-    class ConfigLoader
-      attr_accessor :credentials_path, :master_key_path
-
-      def initialize
-        @credentials_path = nil
-        @master_key_path = nil
-      end
-
-      # Set explicit path to encrypted credentials file
-      def with_credentials_path(path)
-        @credentials_path = path
-        self
-      end
-
-      # Set explicit path to master key file
-      def with_master_key_path(path)
-        @master_key_path = path
-        self
-      end
-
-      # Load reads and parses the deployment configuration from encrypted file
-      def load(config_path)
-        # Determine working directory
-        working_dir = config_path && !config_path.empty? ? File.dirname(config_path) : "."
-
-        # Use explicit credentials path or derive from config_path
-        enc_path = @credentials_path
-        enc_path = config_path if enc_path.nil? || enc_path.empty?
-
-        # Create credentials manager
-        manager = Credentials::Manager.new(working_dir, enc_path, @master_key_path)
-
-        # Decrypt credentials
-        plaintext = manager.read
-        raise ConfigError, "Failed to decrypt credentials" unless plaintext
-
-        # Parse YAML
-        data = YAML.safe_load(plaintext, permitted_classes: [Symbol])
-        raise ConfigError, "Invalid config format" unless data.is_a?(Hash)
-
-        deploy_config = DeployConfig.new(data)
-
-        # Create config
-        cfg = Configuration.new(deploy_config)
-
-        # Load SSH keys from config content
-        key_loader = SSHKeyLoader.new(cfg)
-        key_loader.load_keys
-
-        # Validate config structure
-        cfg.validate_config
-
-        # Generate resource names
-        namer = ResourceNamer.new(cfg)
-        cfg.container_prefix = namer.infer_container_prefix
-        master_group = find_master_server_group(cfg)
-        cfg.server_name = namer.server_name(master_group, 1)
-        cfg.firewall_name = namer.firewall_name
-        cfg.network_name = namer.network_name
-        cfg.docker_network_name = namer.docker_network_name
-
-        cfg
-      end
-
-      private
-
-        def find_master_server_group(cfg)
-          servers = cfg.deploy.application.servers
-          return "master" if servers.empty?
-
-          # Find explicit master
-          servers.each do |name, server_cfg|
-            return name if server_cfg&.master
-          end
-
-          # Single server group: use it as master
-          return servers.keys.first if servers.size == 1
-
-          # Fallback
-          "master"
-        end
-    end
-
-    # Module-level load function
-    def self.load(config_path)
-      ConfigLoader.new.load(config_path)
-    end
-
-    # Module-level load with explicit key paths
-    def self.load_with_keys(config_path, credentials_path, master_key_path)
-      ConfigLoader.new
-                  .with_credentials_path(credentials_path)
-                  .with_master_key_path(master_key_path)
-                  .load(config_path)
-    end
-  end
-end