shippy 0.2.3 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb76c344e614e5c9a5b7d9ffe7f59bbce5890e9815d28a404b952dc19c07a8e9
-  data.tar.gz: 4966608befe17e8cdd38a06aa69bf64457319953b6ac304b700e418439fce4cc
+  metadata.gz: 2c8514e699c44724105cd11bc6b9034e7fe36c992403642bba781a16e7c74aac
+  data.tar.gz: 5356c87f5316dff2637f5f78a0271a8fdcce4a41bfbd6fb128e3aca654087452
 SHA512:
-  metadata.gz: c5510d52b7e52700bd74e0c0805db203c1aee5f42324f6bb92091a2dc2c72f91bf2b4bdff4b5e1fccc8be4b78c32b028fe25d6a35527159e3c8aad3509e0cadf
-  data.tar.gz: 34686fba8c47ed0627727e55ba11fefd39db84c30fe076b177f4e25aa88ccd38cd882699e99141792b10fad0ee0b5c6323553b1de21b73451d2546384c402b9f
+  metadata.gz: e25771e02e107140eebaf7f8f0f90c66974040d3ebdb0258e819da8a508060d9e297d37e2e2b2e9a4d355f2f4f5491963aa7bd5440c45ca6751170d241fafc72
+  data.tar.gz: ea3feb9af3d644ef5e82149d09da0479cb46f010e07cdb1422dd73a58d90afac106c0db47f3b7e59b5732dc310b8876491848263c0b228fdbb4b1866d71689f2

data/lib/shippy/cli/app.rb

@@ -2,10 +2,17 @@ class Shippy::Cli::App < Shippy::Cli::Base
   argument :app_name, type: :string
 
   def initialize(...)
-    super(...)
+    super
     load_app
   end
 
+  desc "compile", "compile application"
+  def compile
+    say "compiling #{app_name} on #{SHIPPY.host}...", :magenta
+
+    SHIPPY.compile
+  end
+
   desc "deploy", "Deploy application"
   def deploy
     say "Deploying #{app_name} on #{SHIPPY.host}...", :magenta

data/lib/shippy/cli/main.rb

@@ -55,4 +55,7 @@ class Shippy::Cli::Main < Shippy::Cli::Base
 
   desc "prune", "Prune old application images and containers"
   subcommand "prune", Shippy::Cli::Prune
+
+  desc "secrets", "Manage secrets"
+  subcommand "secrets", Shippy::Cli::Secrets
 end

data/lib/shippy/cli/secrets.rb

@@ -0,0 +1,11 @@
+class Shippy::Cli::Secrets < Shippy::Cli::Base
+  desc "edit", "Edit secrets"
+  def edit
+    Shippy::SecretsManager.new.edit
+  end
+
+  desc "view", "View secrets"
+  def view
+    puts JSON.pretty_generate(Shippy::SecretsManager.new.read)
+  end
+end

data/lib/shippy/cli/templates/apps/proxy/docker-compose.rb

@@ -1,6 +1,6 @@
 Shippy.define do
   service :proxy do
-    image { "traefik:v2.9" }
+    image { "traefik:v3.5" }
     command { "--configFile=/config/config.yml" }
 
     environment do

data/lib/shippy/cli/templates/config/shippy.yml

@@ -4,4 +4,4 @@ ssh:
 wildcard_domain: 'local.homelab.com'
 local_domain: local
 deploy_to: '/var/lib/homelab'
-secrets_file: 'config/secrets.yml'
+secrets_file: 'config/secrets.yml.enc'

data/lib/shippy/cli.rb

@@ -3,6 +3,7 @@ require_relative "cli/init"
 require_relative "cli/server"
 require_relative "cli/app"
 require_relative "cli/prune"
+require_relative "cli/secrets"
 require_relative "cli/main"
 
 module Shippy::Cli

data/lib/shippy/compiler.rb

@@ -56,7 +56,7 @@ module Shippy
     def copy_template_files(file)
       new_path = build_dest(file.gsub(".erb", ""))
       mode = File.stat(file).mode
-      template = ERB.new(File.read(file))
+      template = ERB.new(File.read(file), trim_mode: "-")
       result = template.result(app.get_binding)
       File.open(new_path, "wb", mode) { |f| f.write(result) }
     end

data/lib/shippy/config.rb

@@ -4,7 +4,7 @@ module Shippy
 
     def initialize(file)
       @data = YAML.load_file(file).deep_symbolize_keys
-      @secrets = Secrets.new(@data.fetch(:secrets_file))
+      @secrets = Secrets.new(@data.fetch(:secrets_file) { "config/secrets.yml.enc" })
     end
 
     def secrets(app, name)

data/lib/shippy/secrets.rb

@@ -3,7 +3,7 @@ module Shippy
     attr_reader :data
 
     def initialize(file)
-      @data = YAML.load_file(file).deep_symbolize_keys
+      @data = Shippy::SecretsManager.new(content_path: file).read.deep_symbolize_keys
     end
 
     def fetch(app, name)

data/lib/shippy/secrets_manager.rb

@@ -0,0 +1,74 @@
+require "active_support"
+require "active_support/encrypted_configuration"
+require "tempfile"
+require "fileutils"
+
+module Shippy
+  class SecretsManager
+    attr_reader :content_path, :key_path, :output
+
+    def initialize(
+      content_path: "config/secrets.yml.enc",
+      key_path: "config/master.key",
+      env_key: "SHIPPY_MASTER_KEY",
+      output: $stdout
+    )
+      @content_path = content_path
+      @key_path = key_path
+      @env_key = env_key
+      @output = output
+
+      @config = ActiveSupport::EncryptedConfiguration.new(
+        config_path: @content_path,
+        key_path: @key_path,
+        env_key: @env_key,
+        raise_if_missing_key: true
+      )
+    end
+
+    def edit
+      ensure_key_exists!
+
+      original_content = if File.exist?(content_path)
+        @config.read
+      else
+        "# Add your secrets here. They will be encrypted on save.\n" \
+        "# keys: values\n"
+      end
+
+      Tempfile.create(["secrets", ".yml"]) do |tmp_file|
+        tmp_file.write(original_content)
+        tmp_file.close
+
+        editor = ENV["EDITOR"] || "vim"
+        system("#{editor} #{tmp_file.path}")
+
+        new_content = File.read(tmp_file.path)
+
+        if new_content != original_content
+          @config.write(new_content)
+          output.puts "✅ Secrets updated and encrypted to #{content_path}"
+        else
+          output.puts "⚠️ No changes detected."
+        end
+      end
+    rescue ActiveSupport::EncryptedFile::MissingKeyError
+      output.puts "❌ Error: Missing '#{key_path}'. Run 'setup' first to generate a key."
+    end
+
+    def read
+      YAML.safe_load(@config.read, symbolize_names: true).to_h
+    rescue Errno::ENOENT
+      {}
+    end
+
+    def ensure_key_exists!
+      return if File.exist?(key_path)
+
+      output.puts "Generating new master key at #{key_path}..."
+      FileUtils.mkdir_p(File.dirname(key_path))
+      File.write(key_path, ActiveSupport::EncryptedConfiguration.generate_key)
+      output.puts "⚠️ IMPORTANT: Add #{key_path} to your .gitignore!"
+    end
+  end
+end

data/lib/shippy/service.rb

@@ -1,7 +1,7 @@
 module Shippy
   class Service
     ATTRIBUTES = %i[
-      build command depends_on devices entrypoint environment extra_hosts hostname 
+      build command depends_on devices entrypoint environment extra_hosts hostname
       image labels logging networks user ports restart volumes volumes_from
       working_dir security_opt
     ].freeze
@@ -56,21 +56,23 @@ module Shippy
       networks { ["lan_access"] }
     end
 
-    def use_traefik(name:, alt: nil, port: nil, healthcheck: false)
+    def use_traefik(name:, alt: nil, port: nil, &block)
       labels do
         all_labels = ["traefik.enable=true"]
         all_labels += ["traefik.docker.network=lan_access"]
-        all_labels += build_traefik_labels(name: name, port: port)
-        all_labels += build_traefik_labels(name: alt, port: port) if alt
-        all_labels += build_ihxator_labels(service: "https://#{name}.#{wildcard_domain}") if healthcheck
+        all_labels += build_traefik_labels(name: name, port: port, &block)
+        all_labels += build_traefik_labels(name: alt, port: port, &block) if alt
 
         all_labels
       end
     end
 
     def build_traefik_labels(name:, port: nil)
+      rule = "Host(`#{name}.#{wildcard_domain}`)"
+      rule = yield(rule) if block_given?
+
       [
-        "traefik.http.routers.websecure-#{name}.rule=Host(`#{name}.#{wildcard_domain}`)",
+        "traefik.http.routers.websecure-#{name}.rule=#{rule}",
         "traefik.http.routers.websecure-#{name}.entrypoints=websecure",
         "traefik.http.routers.websecure-#{name}.tls=true",
         "traefik.http.routers.websecure-#{name}.tls.certresolver=ssl-resolver",
@@ -79,31 +81,16 @@ module Shippy
 
         "traefik.http.routers.web-#{name}.rule=Host(`#{name}.#{wildcard_domain}`)",
         "traefik.http.routers.web-#{name}.entrypoints=web",
-        "traefik.http.routers.web-#{name}.middlewares=secure-redirect-scheme@file",
-
-        "traefik.http.routers.#{name}-local.rule=Host(`#{name}.#{local_domain}`)",
-        "traefik.http.routers.#{name}-local.entrypoints=web",
-        "traefik.http.middlewares.#{name}-local.redirectregex.regex=^http://#{name}.#{local_domain}",
-        "traefik.http.middlewares.#{name}-local.redirectregex.replacement=https://#{name}.#{wildcard_domain}",
-        "traefik.http.middlewares.#{name}-local.redirectregex.permanent=true",
-        "traefik.http.routers.#{name}-local.middlewares=#{name}-local@docker"
+        "traefik.http.routers.web-#{name}.middlewares=secure-redirect-scheme@file"
       ].tap do |labels|
         if port
           labels << "traefik.http.services.#{name}.loadbalancer.server.port=#{port}"
           labels << "traefik.http.routers.websecure-#{name}.service=#{name}"
           labels << "traefik.http.routers.web-#{name}.service=#{name}"
-          labels << "traefik.http.routers.#{name}-local.service=#{name}"
         end
       end
     end
 
-    def build_ihxator_labels(service:)
-      [
-        "ihxator.enable=true",
-        "ihxator.service=#{service}"
-      ]
-    end
-
     def secrets(name)
       @app.secrets(name)
     end

data/lib/shippy/version.rb

@@ -1,3 +1,3 @@
 module Shippy
-  VERSION = "0.2.3"
+  VERSION = "0.2.5"
 end

data/lib/shippy.rb

@@ -10,6 +10,7 @@ require "zlib"
 
 require_relative "shippy/version"
 require_relative "shippy/secrets"
+require_relative "shippy/secrets_manager"
 require_relative "shippy/config"
 require_relative "shippy/commander"
 require_relative "shippy/cli"

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: shippy
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.2.5
 platform: ruby
 authors:
 - Marius Bobin
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-07 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -148,7 +147,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
-description:
 email:
 - marius@mbobin.me
 executables:
@@ -166,11 +164,12 @@ files:
 - lib/shippy/cli/init.rb
 - lib/shippy/cli/main.rb
 - lib/shippy/cli/prune.rb
+- lib/shippy/cli/secrets.rb
 - lib/shippy/cli/server.rb
 - lib/shippy/cli/templates/apps/proxy/docker-compose.rb
 - lib/shippy/cli/templates/apps/proxy/traefik/config.yml.erb
 - lib/shippy/cli/templates/apps/proxy/traefik/dynamic_config.yml
-- lib/shippy/cli/templates/config/secrets.yml
+- lib/shippy/cli/templates/config/secrets.yml.enc
 - lib/shippy/cli/templates/config/shippy.yml
 - lib/shippy/commander.rb
 - lib/shippy/compiler.rb
@@ -178,6 +177,7 @@ files:
 - lib/shippy/config.rb
 - lib/shippy/repo.rb
 - lib/shippy/secrets.rb
+- lib/shippy/secrets_manager.rb
 - lib/shippy/service.rb
 - lib/shippy/version.rb
 homepage: https://mbobin.me/shippy
@@ -187,7 +187,6 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://mbobin.me/shippy
   source_code_uri: https://mbobin.me/shippy
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -202,8 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.21
-signing_key:
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Deployment wrapper around docker-compose and SSH Kit
 test_files: []

data/lib/shippy/cli/templates/config/secrets.yml

@@ -1,3 +0,0 @@
-proxy:
-  cloudflare_email: me@example.org
-  cloudflare_token: token