smartmachine 1.0.1 → 1.1.0

data/lib/smart_machine/engine.rb

@@ -8,18 +8,12 @@ module SmartMachine
       @machine = SmartMachine::Machine.new
 
       @gem_cache_dir = Gem::Specification.find_by_name("smartmachine").cache_dir
-      @gem_cache_dir = "../smartmachine/pkg"
 
       if platform_on_machine?(os: "linux", distro_name: "debian")
         @docker_gid = "getent group docker | cut -d: -f3"
         @docker_gname = "docker"
         @docker_socket_path = "/var/run/docker.sock"
         @remote_smartmachine_dir = "/home/`whoami`/smartmachine"
-      # elsif platform_on_machine?(os: "mac")
-      #   @docker_gid = "id -g"
-      #   @docker_gname = "staff"
-      #   @docker_socket_path = "/Users/`whoami`/Library/Containers/com.docker.docker/Data/docker.sock"
-      #   @remote_smartmachine_dir = "/Users/`whoami`/Desktop/smartmachine"
       else
         raise("OS not supported to set docker_gid, docker_gname and docker_socket_path")
       end
@@ -29,7 +23,6 @@ module SmartMachine
       puts "-----> Installing SmartMachine Engine"
 
       if @machine.run_on_machine commands: "mkdir -p #{@remote_smartmachine_dir}/tmp/engine"
-        @scp.upload!(local_path: "#{SmartMachine.config.gem_dir}/lib/smart_machine/engine/Dockerfile", remote_path: "~/smartmachine/tmp/engine")
         @scp.upload!(local_path: "#{@gem_cache_dir}/smartmachine-#{SmartMachine.version}.gem", remote_path: "~/smartmachine/tmp/engine")
       end
 
@@ -37,12 +30,12 @@ module SmartMachine
       command = [
         "docker image build --quiet --tag #{engine_image_name_with_version}",
         "--build-arg SMARTMACHINE_MASTER_KEY=#{SmartMachine::Credentials.new.read_key}",
-        "--build-arg SMARTMACHINE_VERSION=#{SmartMachine.version}",
         "--build-arg USER_NAME=`id -un`",
         "--build-arg USER_UID=`id -u`",
         "--build-arg DOCKER_GID=`#{@docker_gid}`",
         "--build-arg DOCKER_GNAME=#{@docker_gname}",
-        "#{@remote_smartmachine_dir}/tmp/engine"
+        "-f- #{@remote_smartmachine_dir}/tmp/engine",
+        "<<'EOF'\n#{dockerfile}EOF"
       ]
       @machine.run_on_machine commands: command.join(" ")
       puts "done"
@@ -103,5 +96,47 @@ module SmartMachine
     def engine_image_name
       "smartmachine/smartengine"
     end
+
+    def dockerfile
+      file = <<~'DOCKERFILE'
+        FROM ruby:%<smartmachine_ruby_version>s-bullseye
+	LABEL maintainer="plainsource <plainsource@humanmind.me>"
+
+	# User
+	# --- Fix to change docker gid to 998 (if it is in use) so that addgroup is free to create a group with docker gid.
+	ARG USER_NAME
+	ARG USER_UID
+	ARG DOCKER_GID
+	ARG DOCKER_GNAME
+	RUN sed -i "s/$DOCKER_GID/998/" /etc/group && \
+	    adduser --disabled-password --gecos "" --uid "$USER_UID" "$USER_NAME" && \
+	    addgroup --gid "$DOCKER_GID" "$DOCKER_GNAME" && adduser "$USER_NAME" "$DOCKER_GNAME"
+
+	# Add docker repository for debian
+	RUN apt-get update && apt-get install -y --no-install-recommends lsb-release && \
+            mkdir -p /etc/apt/keyrings && \
+            curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+            echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+            apt-get update
+
+	# Essentials
+	RUN apt-get update && \
+            apt-get install -y --no-install-recommends \
+                docker-ce-cli \
+                rsync && \
+            rm -rf /var/lib/apt/lists/*
+
+	# smartmachine gem
+	COPY ./smartmachine-%<smartmachine_version>s.gem ./smartmachine-%<smartmachine_version>s.gem
+	RUN gem install --no-document ./smartmachine-%<smartmachine_version>s.gem && \
+	    rm ./smartmachine-%<smartmachine_version>s.gem
+
+	# SmartMachine master key
+	ARG SMARTMACHINE_MASTER_KEY
+	ENV SMARTMACHINE_MASTER_KEY=$SMARTMACHINE_MASTER_KEY
+      DOCKERFILE
+
+      format(file, "smartmachine_ruby_version": SmartMachine.ruby_version, "smartmachine_version": SmartMachine.version)
+    end
   end
 end

data/lib/smart_machine/grids/nextcloud.rb

@@ -0,0 +1,93 @@
+module SmartMachine
+  class Grids
+    class Nextcloud < SmartMachine::Base
+      def initialize(name:)
+        config = SmartMachine.config.grids.nextcloud.dig(name.to_sym)
+        raise "nextcloud config for #{name} not found." unless config
+
+        @image = config.dig(:image)
+        @host = config.dig(:host)
+        @admin_user = config.dig(:admin_user)
+        @admin_password = config.dig(:admin_password)
+        @mysql_host = config.dig(:mysql_host)
+        @mysql_port = config.dig(:mysql_port)
+        @mysql_user = config.dig(:mysql_user)
+        @mysql_password = config.dig(:mysql_password)
+        @mysql_database_name = config.dig(:mysql_database_name)
+        @redis_host = config.dig(:redis_host)
+        @redis_port = config.dig(:redis_port)
+        @redis_password = config.dig(:redis_password)
+
+        @name = name.to_s
+        @home_dir = File.expand_path('~')
+      end
+
+      def uper
+        FileUtils.mkdir_p("#{@home_dir}/machine/grids/nextcloud/#{@name}/html")
+
+        # Creating & Starting containers
+        print "-----> Creating container #{@name} ... "
+
+        command = [
+          "docker create",
+          "--name='#{@name}'",
+          "--env VIRTUAL_HOST=#{@host}",
+          "--env LETSENCRYPT_HOST=#{@host}",
+          "--env LETSENCRYPT_EMAIL=#{SmartMachine.config.sysadmin_email}",
+          "--env LETSENCRYPT_TEST=false",
+          "--env NEXTCLOUD_TRUSTED_DOMAINS=#{@host}",
+          "--env NEXTCLOUD_ADMIN_USER=#{@admin_user}",
+          "--env NEXTCLOUD_ADMIN_PASSWORD=#{@admin_password}",
+          "--env MYSQL_HOST=#{@mysql_host}:#{@mysql_port}",
+          "--env MYSQL_USER=#{@mysql_user}",
+          "--env MYSQL_PASSWORD=#{@mysql_password}",
+          "--env MYSQL_DATABASE=#{@mysql_database_name}",
+          "--env REDIS_HOST=#{@redis_host}",
+          "--env REDIS_HOST_PORT=#{@redis_port}",
+          "--env REDIS_HOST_PASSWORD=#{@redis_password}",
+          "--user `id -u`:`id -g`",
+          "--sysctl net.ipv4.ip_unprivileged_port_start=0",
+          "--volume='#{@home_dir}/smartmachine/grids/nextcloud/#{@name}/html:/var/www/html'",
+          "--restart='always'",
+          "--network='nginx-network'",
+          "#{@image}"
+        ]
+        if system(command.compact.join(" "), out: File::NULL)
+          system("docker network connect #{@mysql_host}-network #{@name}")
+          system("docker network connect #{@redis_host}-network #{@name}")
+
+          # This is needed to set the correct file permissions for redis-session.ini file inside the container.
+          FileUtils.touch("#{@home_dir}/machine/grids/nextcloud/#{@name}/redis-session.ini")
+          system("docker cp #{@home_dir}/machine/grids/nextcloud/#{@name}/redis-session.ini #{@name}:/usr/local/etc/php/conf.d/redis-session.ini")
+          FileUtils.rm("#{@home_dir}/machine/grids/nextcloud/#{@name}/redis-session.ini")
+
+          puts "done"
+          puts "-----> Starting container #{@name} ... "
+          if system("docker start #{@name}", out: File::NULL)
+            puts "done"
+          else
+            raise "Error: Could not start the created #{@name} container"
+          end
+        else
+          raise "Error: Could not create #{@name} container"
+        end
+      end
+
+      def downer
+        # Disconnecting networks
+        system("docker network disconnect nginx-network #{@name}")
+        system("docker network disconnect #{@mysql_host}-network #{@name}")
+
+        # Stopping & Removing containers - in reverse order
+        print "-----> Stopping container #{@name} ... "
+        if system("docker stop '#{@name}'", out: File::NULL)
+          puts "done"
+          print "-----> Removing container #{@name} ... "
+          if system("docker rm '#{@name}'", out: File::NULL)
+            puts "done"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/smart_machine/grids/prereceiver/Dockerfile

@@ -4,17 +4,14 @@ FROM smartmachine/smartengine:$SMARTMACHINE_VERSION
 LABEL maintainer="plainsource <plainsource@humanmind.me>"
 
 # FCGI Essentials
-# --- IMPORTANT NOTE: This is custom built fcgiwrap package for alpine linux to account for NO_BUFFERING option.
-# --- Original fcgiwrap: https://github.com/gnosek/fcgiwrap
-# --- Custom fcgiwrap: https://github.com/notr1ch/fcgiwrap
-COPY fcgiwrap /root/apk-packages/fcgiwrap
-RUN apk add fcgiwrap --repository /root/apk-packages/fcgiwrap/packages/main --allow-untrusted && \
-	rm -rf /root/apk-packages
-RUN apk add --update coreutils && \
-	apk add --update util-linux && \
-	apk add --update git && \
-	apk add --update git-daemon && \
-    apk add --update spawn-fcgi && \
-    rm -rf /var/cache/apk/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+	fcgiwrap \
+	coreutils \
+	util-linux \
+	git \
+	git-daemon-run \
+	spawn-fcgi && \
+    rm -rf /var/lib/apt/lists/*
 
-CMD ["spawn-fcgi", "-n", "-p", "9000", "/usr/bin/fcgiwrap", "-f"]
+CMD ["spawn-fcgi", "-n", "-p", "9000", "--", "/usr/sbin/fcgiwrap", "-f"]

data/lib/smart_machine/grids/redis.rb

@@ -5,13 +5,18 @@ module SmartMachine
         config = SmartMachine.config.grids.redis.dig(name.to_sym)
         raise "redis config for #{name} not found." unless config
 
+        @image = config.dig(:image)
         @port = config.dig(:port)
         @password = config.dig(:password)
         @appendonly = config.dig(:appendonly)
         @maxmemory = config.dig(:maxmemory)
         @maxmemory_policy = config.dig(:maxmemory_policy)
-        @modules = config.dig(:modules)&.map { |module_name| "--loadmodule /usr/lib/redis/modules/#{module_name}.so" } || []
-        @modules.push("Plugin /var/opt/redislabs/modules/rg/plugin/gears_python.so")
+        if @image.start_with?("redislabs/redismod")
+          @modules = config.dig(:modules)&.map { |module_name| "--loadmodule /usr/lib/redis/modules/#{module_name}.so" } || []
+          @modules.push("Plugin /var/opt/redislabs/modules/rg/plugin/gears_python.so")
+        else
+          @modules = []
+        end
 
         @name = name.to_s
         @home_dir = File.expand_path('~')
@@ -39,7 +44,7 @@ module SmartMachine
           "--volume='#{@home_dir}/smartmachine/grids/redis/#{@name}/data:/data'",
           "--restart='always'",
           "--network='#{@name}-network'",
-          "redislabs/redismod:latest --port #{@port} --requirepass #{@password} --appendonly #{@appendonly} --maxmemory #{@maxmemory} --maxmemory-policy #{@maxmemory_policy} #{@modules.join(' ')}"
+          "#{@image} --port #{@port} --requirepass #{@password} --appendonly #{@appendonly} --maxmemory #{@maxmemory} --maxmemory-policy #{@maxmemory_policy} #{@modules.join(' ')}".squish
         ]
         if system(command.compact.join(" "), out: File::NULL)
           puts "done"

data/lib/smart_machine/grids/redmine.rb

@@ -0,0 +1,61 @@
+# TODO: This is a placeholder for creating the Redmine grid.
+# Modify this code as needed with the latest code structure
+# and make the redmine grid functional.
+
+# # The main SmartCloud Grids Redmine driver
+# module SmartCloud
+#   class Grids
+#     class Redmine < SmartCloud::Base
+#       def initialize
+#       end
+
+#       def self.up
+#         if SmartCloud::Docker.running?
+#           # Creating & Starting containers
+#           print "-----> Creating container redmine ... "
+#           if system("docker create \
+# 		--name='redmine' \
+# 		--env VIRTUAL_HOST=redmine.#{SmartCloud.config.apps_domain} \
+# 		--env LETSENCRYPT_HOST=redmine.#{SmartCloud.config.apps_domain} \
+# 		--env LETSENCRYPT_EMAIL=#{SmartCloud.config.sysadmin_email} \
+# 		--env LETSENCRYPT_TEST=false \
+# 		--env REDMINE_SECRET_KEY_BASE=#{SmartCloud.credentials.redmine[:secret_key_base]} \
+# 		--env REDMINE_DB_MYSQL=#{SmartCloud.credentials.redmine[:database_host]} \
+# 		--env REDMINE_DB_PORT=#{SmartCloud.credentials.redmine[:database_port]} \
+# 		--env REDMINE_DB_USERNAME=#{SmartCloud.credentials.redmine[:database_username]} \
+# 		--env REDMINE_DB_PASSWORD=#{SmartCloud.credentials.redmine[:database_password]} \
+# 		--env REDMINE_DB_DATABASE=#{SmartCloud.credentials.redmine[:database_name]} \
+# 		--env REDMINE_PLUGINS_MIGRATE=#{SmartCloud.credentials.redmine[:plugins_migrate]} \
+# 		--volume='#{SmartCloud.config.user_home_path}/.smartcloud/apps/repositories:/repositories:ro' \
+# 		--volume='#{SmartCloud.config.user_home_path}/.smartcloud/grids/redmine/files:/usr/src/redmine/files' \
+# 		--restart='always' \
+# 		--network='nginx-network' \
+# 		redmine:4.0.5-alpine", out: File::NULL)
+
+#             system("docker network connect mysql-network redmine")
+
+#             puts "done"
+#             print "-----> Starting container redmine ... "
+#             if system("docker start redmine", out: File::NULL)
+#               puts "done"
+#             end
+#           end
+#         end
+#       end
+
+#       def self.down
+#         if SmartCloud::Docker.running?
+#           # Stopping & Removing containers - in reverse order
+#           print "-----> Stopping container redmine ... "
+#           if system("docker stop 'redmine'", out: File::NULL)
+#             puts "done"
+#             print "-----> Removing container redmine ... "
+#             if system("docker rm 'redmine'", out: File::NULL)
+#               puts "done"
+#             end
+#           end
+#         end
+#       end
+#     end
+#   end
+# end

data/lib/smart_machine/grids/terminal/entrypoint.rb

@@ -0,0 +1,95 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'logger'
+
+logger = Logger.new(STDOUT)
+STDOUT.sync = true
+
+# sshd
+system('service rsyslog start && service ssh start')
+
+# fail2ban
+system('fail2ban-client start')
+
+# haproxy
+# system('haproxy -W -db -f /etc/haproxy/haproxy.cfg')
+
+# initial setup
+unless File.exist?('/run/initial_container_start')
+  FileUtils.touch('/run/initial_container_start')
+
+  username       = ENV.delete('USERNAME')
+  packages       = ENV.delete('PACKAGES').to_s
+  password       = ENV.delete('PASSWORD')
+  container_name = ENV.delete('CONTAINER_NAME')
+
+  # apt-get
+  system('apt-get update', out: File::NULL)
+
+  # packages
+  unless packages.empty?
+    system("apt-get install -y --no-install-recommends #{packages}")
+
+    logger.info 'Packages setup completed.'
+  end
+
+  # user
+  unless system("id -u #{username}", [:out, :err] => File::NULL)
+    system("adduser --gecos '' --disabled-login #{username}", out: File::NULL)
+    system("adduser #{username} sudo", out: File::NULL)
+    system("echo '#{username}:#{password}' | chpasswd")
+
+    logger.info 'User setup completed.'
+  end
+
+  # user > ssh keys
+  # TODO: Change container_name to `hostname` when hostname has been set to container_name inside the container.
+  unless Dir.exist?("/home/#{username}/.ssh")
+    commands = [
+      "mkdir -p /home/#{username}/.ssh",
+      "ssh-keygen -b 4096 -q -f /home/#{username}/.ssh/id_rsa -N '' -C '#{username}@#{container_name}'",
+      "touch /home/#{username}/.ssh/authorized_keys",
+      "chown -R #{username}:#{username} /home/#{username}/.ssh",
+      "chmod -R 700 /home/#{username}/.ssh && chmod 600 /home/#{username}/.ssh/*"
+    ]
+    system(commands.join(' && '))
+
+    logger.info 'User > SSH setup completed.'
+  end
+
+  # user > emacs
+  unless Dir.exist?("/home/#{username}/.emacs.d")
+    commands = [
+      "mkdir -p /home/#{username}/.emacs.d",
+      "cp /root/.emacs.d/* /home/#{username}/.emacs.d",
+      "chown -R #{username}:#{username} /home/#{username}/.emacs.d"
+    ]
+    system(commands.join(' && '))
+
+    logger.info 'User > Emacs setup completed.'
+  end
+
+  # user > asdf > ruby > smartmachine
+  unless Dir.exist?("/home/#{username}/.asdf")
+    user_bash = "sudo -u #{username} bash --login -c"
+
+    commands = [
+      "#{user_bash} \"git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch $(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/asdf-vm/asdf.git '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3)\"",
+      "#{user_bash} 'echo -e \"\n# asdf version manager\n. \"\$HOME/.asdf/asdf.sh\"\n. \"\$HOME/.asdf/completions/asdf.bash\"\" >> ~/.profile'",
+      'apt-get install -y --no-install-recommends autoconf bison patch build-essential rustc libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libgmp-dev libncurses5-dev libffi-dev libgdbm6 libgdbm-dev libdb-dev uuid-dev', # Dependencies for ruby from https://github.com/rbenv/ruby-build/wiki#ubuntudebianmint
+      "#{user_bash} 'asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git'",
+      "#{user_bash} 'asdf install ruby latest'",
+      "#{user_bash} 'asdf global ruby latest'",
+      "#{user_bash} 'gem install smartmachine'"
+    ]
+    system(commands.join(' && '))
+
+    logger.info 'User > asdf > ruby > smartmachine setup completed.'
+  end
+
+  logger.info 'Initial setup completed.'
+end
+
+exec(*ARGV)

data/lib/smart_machine/grids/terminal/haproxy.cfg

@@ -0,0 +1,45 @@
+global
+	log stdout format raw local0
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+frontend myfrontend
+  bind :80
+  use_backend myservers
+  stats enable
+  stats uri /frontend/stats
+  stats refresh 10s
+
+backend myservers
+  server server1 127.0.0.1:8000
+  server server2 127.0.0.1:8001
+  server server3 127.0.0.1:8002