nvoi 0.1.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fb54d0e596f64c761d8c3b6f38e6ae0ea7f71186e89744078e6b09e9906bfc1a
+  data.tar.gz: 22eca4a7d6bc75e7d5f9c0372a261d3c82b88b07f3d82db38828c486249495c7
+SHA512:
+  metadata.gz: 2f18b886aa28994c1f6f8caace570f1ad714815f4161ce2bbb48b00be06f7f3f60e7fa14e04d8c1423aa0b55039ca43165bf360c73fc11e8ccb73ea7a7b0a67f
+  data.tar.gz: 53d83331ca4ecd654fb1d563149f04ffae292474b2cf930cbeefafa00f6bbb746ade07fc1c400409445282718bb50eaf5db26dd0df187ac011313a242b3ca6a0

data/.rubocop.yml

@@ -0,0 +1,19 @@
+# Omakase Ruby styling for Rails
+inherit_gem: { rubocop-rails-omakase: rubocop.yml }
+
+# Overwrite or add rules to create your own house style
+#
+# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
+Layout/SpaceInsideArrayLiteralBrackets:
+  Enabled: false
+
+# Enforce Ruby 3.1+ hash shorthand syntax
+Style/HashSyntax:
+  EnforcedStyle: ruby19_no_mixed_keys
+  EnforcedShorthandSyntax: always
+
+Layout/IndentationConsistency:
+  Enabled: true
+
+Layout/IndentationWidth:
+  Enabled: true

data/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+group :development, :test do
+  gem "rubocop-rails-omakase", require: false
+end

data/Gemfile.lock

@@ -0,0 +1,151 @@
+PATH
+  remote: .
+  specs:
+    nvoi (0.1.5)
+      aws-sdk-ec2 (~> 1.400)
+      faraday (~> 2.7)
+      net-scp (~> 4.0)
+      net-ssh (~> 7.2)
+      thor (~> 1.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (8.1.1)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      json
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    addressable (2.8.8)
+      public_suffix (>= 2.0.2, < 8.0)
+    ast (2.4.3)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1191.0)
+    aws-sdk-core (3.239.2)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      bigdecimal
+      jmespath (~> 1, >= 1.6.1)
+      logger
+    aws-sdk-ec2 (1.584.0)
+      aws-sdk-core (~> 3, >= 3.239.1)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.12.1)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.3.0)
+    bigdecimal (3.3.1)
+    concurrent-ruby (1.3.5)
+    connection_pool (3.0.2)
+    crack (1.0.1)
+      bigdecimal
+      rexml
+    drb (2.2.3)
+    faraday (2.14.0)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
+    hashdiff (1.2.1)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    jmespath (1.6.2)
+    json (2.17.1)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    minitest (5.26.2)
+    net-http (0.8.0)
+      uri (>= 0.11.1)
+    net-scp (4.1.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-ssh (7.3.0)
+    parallel (1.27.0)
+    parser (3.3.10.0)
+      ast (~> 2.4.1)
+      racc
+    prism (1.6.0)
+    public_suffix (7.0.0)
+    racc (1.8.1)
+    rack (3.2.4)
+    rainbow (3.1.1)
+    rake (13.3.1)
+    regexp_parser (2.11.3)
+    rexml (3.4.4)
+    rubocop (1.81.7)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.48.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.26.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+    rubocop-rails (2.34.2)
+      activesupport (>= 4.2.0)
+      lint_roller (~> 1.1)
+      rack (>= 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
+    rubocop-rails-omakase (1.1.0)
+      rubocop (>= 1.72)
+      rubocop-performance (>= 1.24)
+      rubocop-rails (>= 2.30)
+    ruby-progressbar (1.13.0)
+    securerandom (0.4.1)
+    thor (1.4.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
+    uri (1.1.1)
+    webmock (3.26.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  ruby
+  x86-linux-gnu
+  x86-linux-musl
+  x86_64-darwin
+  x86_64-linux
+  x86_64-linux-gnu
+  x86_64-linux-musl
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  minitest (~> 5.20)
+  nvoi!
+  rake (~> 13.0)
+  rubocop (~> 1.57)
+  rubocop-rails-omakase
+  webmock (~> 3.19)
+
+BUNDLED WITH
+   2.6.5

data/Makefile

@@ -0,0 +1,26 @@
+NVOI = ruby -I$(PWD)/lib $(PWD)/exe/nvoi
+EXAMPLES = $(PWD)/examples
+
+deploy-golang:
+	cd $(EXAMPLES)/golang && $(NVOI) deploy
+
+exec-golang:
+	cd $(EXAMPLES)/golang && $(NVOI) exec -i
+
+show-golang:
+	cd $(EXAMPLES)/golang && $(NVOI) credentials show
+
+delete-golang:
+	cd $(EXAMPLES)/golang && $(NVOI) delete
+
+deploy-rails:
+	cd $(EXAMPLES)/rails-single && $(NVOI) deploy
+
+delete-rails:
+	cd $(EXAMPLES)/rails-single && $(NVOI) delete
+
+test:
+	bundle exec rake test
+
+lint:
+	bundle exec rubocop

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+require "rubocop/rake_task"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.warning = false
+end
+
+RuboCop::RakeTask.new
+
+task default: %i[test]

data/doc/config-schema.yaml

@@ -0,0 +1,357 @@
+openapi: 3.1.0
+info:
+  title: NVOI Configuration Schema
+  version: 0.1.2
+  description: |
+    OpenAPI 3.1 / JSON Schema definition for NVOI deployment configuration.
+    This schema defines the structure of deploy.yml / deploy.enc files.
+
+components:
+  schemas:
+    DeployConfig:
+      type: object
+      description: Root deployment configuration
+      required:
+        - application
+      properties:
+        application:
+          $ref: "#/components/schemas/Application"
+
+    Application:
+      type: object
+      description: Application-level configuration
+      required:
+        - name
+      properties:
+        name:
+          type: string
+          description: Application name (used for resource naming)
+          example: myapp
+        environment:
+          type: string
+          description: Deployment environment
+          default: production
+          example: production
+        domain_provider:
+          $ref: "#/components/schemas/DomainProviderConfig"
+        compute_provider:
+          $ref: "#/components/schemas/ComputeProviderConfig"
+        keep_count:
+          type: integer
+          description: Number of old deployments to keep for rollback
+          minimum: 0
+          example: 3
+        servers:
+          type: object
+          description: Server group definitions (key is group name)
+          additionalProperties:
+            $ref: "#/components/schemas/ServerConfig"
+          example:
+            master:
+              type: cx32
+              location: fsn1
+            workers:
+              count: 2
+              type: cx22
+        app:
+          type: object
+          description: Application services (key is service name)
+          additionalProperties:
+            $ref: "#/components/schemas/AppServiceConfig"
+          example:
+            web:
+              port: 3000
+              domain: example.com
+        database:
+          $ref: "#/components/schemas/DatabaseConfig"
+        services:
+          type: object
+          description: Additional services like Redis, etc. (key is service name)
+          additionalProperties:
+            $ref: "#/components/schemas/ServiceConfig"
+          example:
+            redis:
+              image: redis:7-alpine
+        env:
+          type: object
+          description: Global environment variables
+          additionalProperties:
+            type: string
+          example:
+            RAILS_ENV: production
+            LOG_LEVEL: info
+        secrets:
+          type: object
+          description: Secret environment variables (stored encrypted)
+          additionalProperties:
+            type: string
+          example:
+            DATABASE_URL: postgres://user:pass@host/db
+        ssh_keys:
+          $ref: "#/components/schemas/SSHKeyConfig"
+
+    DomainProviderConfig:
+      type: object
+      description: Domain/DNS provider configuration
+      properties:
+        cloudflare:
+          $ref: "#/components/schemas/CloudflareConfig"
+
+    ComputeProviderConfig:
+      type: object
+      description: Compute provider configuration (one of hetzner or aws)
+      properties:
+        hetzner:
+          $ref: "#/components/schemas/HetznerConfig"
+        aws:
+          $ref: "#/components/schemas/AWSConfig"
+
+    CloudflareConfig:
+      type: object
+      description: Cloudflare provider configuration
+      required:
+        - api_token
+        - account_id
+      properties:
+        api_token:
+          type: string
+          description: Cloudflare API token with tunnel and DNS permissions
+          example: xxxxx
+        account_id:
+          type: string
+          description: Cloudflare account ID
+          example: xxxxx
+
+    HetznerConfig:
+      type: object
+      description: Hetzner Cloud provider configuration
+      required:
+        - api_token
+      properties:
+        api_token:
+          type: string
+          description: Hetzner Cloud API token
+          example: xxxxx
+        server_type:
+          type: string
+          description: Default server type for all server groups
+          example: cx22
+        server_location:
+          type: string
+          description: Default datacenter location
+          enum: [fsn1, nbg1, hel1, ash, hil]
+          example: fsn1
+
+    AWSConfig:
+      type: object
+      description: AWS provider configuration
+      required:
+        - access_key_id
+        - secret_access_key
+        - region
+      properties:
+        access_key_id:
+          type: string
+          description: AWS access key ID
+        secret_access_key:
+          type: string
+          description: AWS secret access key
+        region:
+          type: string
+          description: AWS region
+          example: us-east-1
+        instance_type:
+          type: string
+          description: Default EC2 instance type
+          example: t3.medium
+
+    ServerConfig:
+      type: object
+      description: Server group configuration
+      properties:
+        master:
+          type: boolean
+          description: Whether this group contains the K3s master node
+          default: false
+        type:
+          type: string
+          description: Server type (overrides compute_provider default)
+          example: cx32
+        location:
+          type: string
+          description: Datacenter location (overrides compute_provider default)
+          example: fsn1
+        count:
+          type: integer
+          description: Number of servers in this group
+          minimum: 1
+          default: 1
+          example: 2
+
+    AppServiceConfig:
+      type: object
+      description: Application service configuration (web, worker, etc.)
+      properties:
+        servers:
+          type: array
+          description: Server groups this service runs on
+          items:
+            type: string
+          example: [master]
+        domain:
+          type: string
+          description: Domain for this service (must be on Cloudflare)
+          example: example.com
+        subdomain:
+          type: string
+          description: Subdomain for this service (use @ for apex)
+          example: www
+        port:
+          type: integer
+          description: Container port to expose
+          minimum: 1
+          maximum: 65535
+          example: 3000
+        healthcheck:
+          $ref: "#/components/schemas/HealthCheckConfig"
+        command:
+          type: string
+          description: Override container command
+          example: bundle exec puma -C config/puma.rb
+        pre_run_command:
+          type: string
+          description: Command to run before deployment (e.g., migrations)
+          example: bundle exec rails db:migrate
+        env:
+          type: object
+          description: Service-specific environment variables
+          additionalProperties:
+            type: string
+        volumes:
+          type: object
+          description: Volume mounts (key is volume name, value is mount path)
+          additionalProperties:
+            type: string
+          example:
+            data: /app/data
+            uploads: /app/public/uploads
+
+    HealthCheckConfig:
+      type: object
+      description: Health check configuration for readiness/liveness probes
+      properties:
+        type:
+          type: string
+          description: Health check type
+          enum: [http, tcp, exec]
+          example: http
+        path:
+          type: string
+          description: HTTP path for health check (type=http)
+          example: /health
+        port:
+          type: integer
+          description: Port for health check (defaults to service port)
+          example: 3000
+        command:
+          type: string
+          description: Command for exec health check (type=exec)
+          example: /bin/healthcheck
+        interval:
+          type: string
+          description: Time between health checks
+          example: 10s
+        timeout:
+          type: string
+          description: Health check timeout
+          example: 5s
+        retries:
+          type: integer
+          description: Number of retries before marking unhealthy
+          minimum: 1
+          example: 3
+
+    DatabaseConfig:
+      type: object
+      description: Database configuration
+      properties:
+        servers:
+          type: array
+          description: Server groups to run database on
+          items:
+            type: string
+          example: [master]
+        adapter:
+          type: string
+          description: Database adapter type
+          enum: [postgresql, postgres, mysql, sqlite3]
+          example: postgres
+        url:
+          type: string
+          description: Database connection URL (for external databases)
+          example: postgres://user:pass@host:5432/dbname
+        image:
+          type: string
+          description: Docker image for database (managed databases only)
+          example: postgres:15-alpine
+        volume:
+          type: string
+          description: Volume mount path for data persistence
+          example: /var/lib/postgresql/data
+        secrets:
+          type: object
+          description: Database secrets (POSTGRES_PASSWORD, etc.)
+          additionalProperties:
+            type: string
+          example:
+            POSTGRES_USER: app
+            POSTGRES_PASSWORD: secretpassword
+            POSTGRES_DB: app_production
+
+    ServiceConfig:
+      type: object
+      description: Additional service configuration (Redis, etc.)
+      properties:
+        servers:
+          type: array
+          description: Server groups to run service on
+          items:
+            type: string
+          example: [master]
+        image:
+          type: string
+          description: Docker image for service
+          example: redis:7-alpine
+        command:
+          type: string
+          description: Override container command
+          example: redis-server --appendonly yes
+        env:
+          type: object
+          description: Service environment variables
+          additionalProperties:
+            type: string
+        volume:
+          type: string
+          description: Volume mount path for data persistence
+          example: /data
+
+    SSHKeyConfig:
+      type: object
+      description: SSH key content for server access (auto-generated on first run)
+      required:
+        - private_key
+        - public_key
+      properties:
+        private_key:
+          type: string
+          description: Private SSH key content (Ed25519 format, auto-generated)
+          example: |
+            -----BEGIN OPENSSH PRIVATE KEY-----
+            b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+            ...
+            -----END OPENSSH PRIVATE KEY-----
+        public_key:
+          type: string
+          description: Public SSH key content (OpenSSH format, auto-generated)
+          example: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... nvoi-deploy

data/examples/apex-wildcard/deploy.yml

@@ -0,0 +1,68 @@
+# Example: Apex domain and wildcard subdomain support
+#
+# This example demonstrates three subdomain patterns:
+# - "@" or "" : Apex domain (example.com)
+# - "*"       : Wildcard (*.example.com)
+# - "app"     : Standard subdomain (app.example.com)
+
+application:
+  name: apex-wildcard-demo
+  environment: production
+
+  domain_provider:
+    cloudflare:
+      api_token: $CLOUDFLARE_API_TOKEN
+      account_id: $CLOUDFLARE_ACCOUNT_ID
+
+  compute_provider:
+    hetzner:
+      api_token: $HETZNER_API_TOKEN
+      server_type: cx22
+      server_location: fsn1
+
+  servers:
+    master:
+      type: cx22
+      location: fsn1
+
+  keep_count: 2
+
+  app:
+    # Apex domain: accessible at example.com (no subdomain)
+    # Use "@" or "" for apex/root domain
+    main:
+      servers: [master]
+      domain: example.com
+      subdomain: "@" # or use: subdomain: ""
+      port: 3000
+      healthcheck:
+        type: http
+        path: /health
+        port: 3000
+
+    # Wildcard subdomain: accessible at *.example.com
+    # Catches all subdomains not explicitly defined
+    wildcard:
+      servers: [master]
+      domain: example.com
+      subdomain: "*"
+      port: 3001
+      healthcheck:
+        type: http
+        path: /health
+        port: 3001
+
+    # Standard subdomain: accessible at api.example.com
+    api:
+      servers: [master]
+      domain: example.com
+      subdomain: api
+      port: 3002
+      healthcheck:
+        type: http
+        path: /health
+        port: 3002
+
+  env:
+    APP_NAME: apex-wildcard-demo
+    LOG_LEVEL: info

data/examples/golang/.gitignore

@@ -0,0 +1,19 @@
+# Environment files
+.env
+.env.*
+!.env.example
+
+# Database files
+data/
+*.db
+*.sqlite3
+
+# Build artifacts
+app
+*.exe
+
+# Go workspace
+go.work
+
+# NVOI master key (do not commit)
+deploy.key