standard-procedure-anvil 0.2.0 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd79d747f6dacee61d78024e0bea3789ce4e143fb8307c5f21df6dfdac5ca357
-  data.tar.gz: d633f9eff054f41ab3e0253606f920d7e258235f25fc84b2eadf6f336125e773
+  metadata.gz: 98f86509b143ec7364ce16bf3b13a407b68e18d75c4baa98772eebe2b553fb85
+  data.tar.gz: a6e71d4b0e94a329ec786144ffa195df6d7308631619f9accffe5d22589988fd
 SHA512:
-  metadata.gz: 903ec97ce720953550c05f15cb15aa5d420f5e510645f688991a860c213ec2025da72049bfae1198d569390bd9cdf1b6c38bfb4e62ff05f470659ee3d5282a2d
-  data.tar.gz: ef6be87643818b9c07183d6cbc5fa4e4a6cea75b00a692313ff088cf0754a00aad33a94ba7b459daf644cb7a94d64c38f1d57bdef48434ec3d5c471d5c06043f
+  metadata.gz: f6c629afa2f500c15226489eb66a9161b7538c097e5533a5640df42cde9d87a21a8709ab2d9b088cb0f5c293c976cb3f25fbe9db606d765c63a13c6a798614e7
+  data.tar.gz: 40a298d3fdf5e6880395524824ec62350c57ac6ee0e36cff15aea0d12211b974ed098f56e1d65861c8774ffebba5a44c0cd78559046eb13edafddcf407a76839

data/CHANGELOG.md

@@ -3,3 +3,23 @@
 ## [0.1.0] - 2023-06-19
 
 - Initial release
+
+## [0.2.0] - 2023-07-05
+
+- It works for me
+Successfully deployed a number of apps into production using this
+
+## [0.2.1] - 2023-07-06
+
+- Corrected dokku proxy SSL settings
+- Tidy up of various bits of code and configuration
+
+## [0.2.2] - 2023-08-14
+
+- Updated the redis cloudinit file to use the latest version from Redis, instead of the older one that is included with Ubuntu.
+
+## [0.2.3] - 2024-01-17
+
+- Updaetd the dokku cloudinit file to install dokku and docker from the official repositories
+- Added support for %{HOSTNAME} in cloudinit files
+- Improved reliability when reading configuration files

data/README.md

@@ -2,110 +2,44 @@
 
 Some simple scripts for installing [Dokku](https://dokku.com) applications on Ubuntu servers.
 
+## Why does this exist?
+
+I needed a tool to [simplify the management](/docs/why.md) of my many dokku-deployed Ruby on Rails apps.
+
 ## Installation
 
+Anvil requires Ruby 2.7 or newer, as it uses ConcurrentRuby to handle doing more than one thing at once.
+
 ```ruby
 gem install standard-procedure-anvil
 ```
 
 ## Usage
 
-### To build a new server
+### Build a server
 
 Ultimately the plan is to use [Fog](https://github.com/fog/fog) to handle building servers.
 
 But until then, you can prepare your servers using [CloudInit](https://cloudinit.readthedocs.io/en/latest/)
 
-A cloudinit file is a YML file that you load into a virtual machine while it is being created.  As the server boots, uses the cloudinit configuration to install software and set itself up.  With most cloud hosting providers, you will find an option for "user data", or something similar, on the "create a new server" page.
-
-So firstly we ask Anvil which cloudinit configurations it has available:
-
-```sh
-anvil cloudinit list
-```
-
-This will give us a list of prewritten cloud init scripts - of which dokku is probably the one we're most interested in.
-
-Next we tell anvil to generate our configuration:
-
-```sh
-anvil cloudinit generate dokku --user app --public-key ~/.ssh/my_key.pub > ~/Desktop/my_server.yml
-```
-
-Anvil generates a dokku configuration (and places it on our desktop) that will create an Ubuntu 22.04 box with docker and dokku preinstalled.  Plus it will create a user called `app` that can log in through SSH using a public key `my_key.pub`.  The server itself is locked down so only ports 80, 443 and 22 are open, only the users `app` and `dokku` are allowed to log in and they must use public/private key encryption - no passwords allowed.
-
-To test this, it's worth taking a look at [Multipass](https://multipass.run) - a tool from Canonical that lets you create virtual machines (using cloud init files) on your local machine - meaning you can try out various configurations without spending money at a hosting company.
-
-Once you've built a preconfigured virtual machine, we can move on to getting our dokku application installed.
-
-### Installing an application onto the server
-
-Move to your application's root folder and create the deploy.yml file (see below).  Then use the `app install` command to set dokku up for your first deployment.
-
-```sh
-anvil app install
-```
-
-This will SSH into the server (or servers if you have multiple) from your config file and:
-
-- Installs any dokku plugins that you have specified
-- Tells dokku to create the app
-- Uses your config file to set the environment variables for the app
-- Sets some sensible defaults for Nginx and makes sure it proxies correctly to your app
-- Optionally forwards the correct SSL/TLS headers if your app is behind a load-balancer
-- Finally it runs the post-installation scripts from your config file, which you can use to configure your plugins
+[Generating a cloudinit file](/docs/cloudinit.md) with `anvil cloudinit generate`
 
-Next up we deploy the app.
+### Install and deploy
 
-```sh
-anvil app deploy
-```
-As this is the first deployment, anvil will create git remotes for each host, then do the initial git push.  If you have multiple servers configured, these should run in parallel (coming soon).  Once each deployment has completed, anvil will SSH in, scale your app and run the post-first-deployment scripts.
-
-You can then use the same `anvil app deploy` command to deploy the app again - but as it knows this isn't the first deployment (as it does not need to create the git remotes), it will run your post-deployment scripts (not post-first-deployment) each time.
-
-To change the number of processes (as defined by your Procfile), you can set the `scale` key(s) in your config file and then call:
-
-```sh
-anvil app scale
-```
-
-(COMING SOON)
-Finally, if you need to change the values of any environment variables, update your config file and use:
-
-```sh
-anvil app configure
-```
-
-### Configuration Files
-
-An Anvil configuration file specifies the configuration for multiple servers and multiple apps.  Each server is configured, then each app is installed onto each server.
+Use the `anvil app install` and `anvil app deploy` commands to [install and deploy](/docs/app.md) your app to your server.
 
-For now take a look at the two samples in the spec folder - [multi-server](/spec/fixtures/multi-server.config.yml) and [single-server](/spec/fixtures/single-server.config.yml).
+### Manage and reconfigure
 
-### Secrets
+Use `anvil app scale` and `anvil app reconfigure` to manage and reconfigure your app.  (Docs coming soon)
 
-Finally, you'll probably want to check your deploy.yml file into source control.  But you _definitely_ don't want to be storing important secrets - database passwords, encryption keys and so on - where everyone can see them.
+### Ruby on Rails
 
-So the `anvil app` commands also allow you to specify secrets, either from another file, or via the command line.
-
-The secrets are just extra environment variables that are added to the ones defined in your config file - in the format:
-
-```
-SECRET1=VALUE1 SECRET2=VALUE2
-```
-
-You can either specify `--secrets my-secrets-file.env` to load these from a separate file.  Or you can load them from stdin.
-
-For example, I use [Bitwarden](https://bitwarden.com) as my password locker and use the Bitwarden CLI to access my secrets.  The CLI is installed through homebrew, I then authenticate and can use a command like:
-
-```sh
-bw get notes secrets@myapp.com | anvil app install deploy.myapp.yml -S
-```
-I have the environment variables for myapp.com stored in Bitwarden as a secure note with the title "secrets@myapp.com".  So `bw get notes secrets@myapp.com` loads them from my vault and pipes them to the `anvil app install` command.  The anvil command is using the `-S` (or `--secrets-stdin`) option which means it will read the information piped in by bitwarden.  So, once decrypted, the confidential data never touches a disk until it gets written into the dokku app configuration on the server.
+I'm a Rails developer and I built anvil to help me with my Rails apps.  Here are [some things I learnt along the way](/docs/ruby-on-rails.md).
 
 ## Contributing
 
+Check out the [Roadmap](/docs/roadmap.md)
+
 Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/standard-procedure-anvil.
 
 ## License

data/assets/cloudinit/dokku.yml

@@ -1,4 +1,146 @@
 #cloud-config
+apt:
+  sources:
+    source_dokku: 
+      source: 'deb https://packagecloud.io/dokku/dokku/ubuntu/ $RELEASE main'
+      key: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+        Version: GnuPG v1.4.11 (GNU/Linux)
+
+        mQINBFu7hksBEADJfS1wB4JJmVcJ3FYoY/F3DmEsg2/NSj/TleB7hkdFPGTaOEef
+        c6SrK6bkQas8CzCZXskg3FFUFyxJwP0yQFosJ7nQCXbuaCzkGyOaob/2D4lqniKu
+        lyFvZuN0Evh2SoJYB6Idiy3rG58/KMQxJ/73HjcrOPxwpcfIE+rfey0fo6HOcSz7
+        AS3pXMbe0VoVOt8107i9qg6PizpaPugbSOP98aq2o0sPkjvKVzPsBvXWe9lDTreI
+        X+00Z6WXjcDxmKTGvCkcJ6jk0L5r66Y6TNlJeYwFb0o7PbY7YeJSEJxw9eNozZpY
+        EYvHCzHvsv7c8s+s5MeHDvvF5qsvt5qPPfw3zwLT01g1YTQpZdSDKn72YhrQUGJM
+        j/W8ro8Ij9BYhYQMIdy+RPNQrBdKjj75kW1NLCGLlE89+6PYzlQwDFLdl9eZlUdM
+        rvxbDPM99MRBBq30xfIS6YctHr40mEqZEi6OUoImaj5bbA1H3XHVH2JsWo1ttQYo
+        5qOGGhNi7/nyI9zxVo9r97lgGLztyl6ILZt8kxnWIx1QnPmSMuUNqYfuUuKAPs1q
+        +bisBLvylnFvQSqnpEuPwUS1UDby4CzVBzshTsuykCQRiwdU9tcjzZUlKKKTRLhj
+        CZCNxv1Ovgl+3m/4R5L7YOBYGCmVW0/GvlrxPLGCjZa1O8/3nih5+cv5TwARAQAB
+        tGhodHRwczovL3BhY2thZ2VjbG91ZC5pby9kb2trdS9kb2trdSAoaHR0cHM6Ly9w
+        YWNrYWdlY2xvdWQuaW8vZG9jcyNncGdfc2lnbmluZykgPHN1cHBvcnRAcGFja2Fn
+        ZWNsb3VkLmlvPokCOAQTAQIAIgUCW7uGSwIbLwYLCQgHAwIGFQgCCQoLBBYCAwEC
+        HgECF4AACgkQ8f9oUSiLMxUN3Q/+LeoFr8p3zSp9tRcCuMXfbc7rnJ/UgJiO53jW
+        8LsXH1h5dWeh2H5VqzGjDJ3SORisAWdOMu1SWkw4mvBZQQL12iwAMZmIDmbWU73c
+        PplwGUQ4sltNxtiAVdntWC1vwSceY6/AQZwE2k60RYzg5bR2KAyZR9yGssGsekFO
+        zOuMiTswzEYoZaJla+cduAXZzGf8NZgbzhXKhyfjVodRTyNR0dhoeMwNBlH0WWzW
+        owwNOaJQ1LwDUkjrfRpkT53RJ5olRYa5ONDxuZEvmFy57bqXJh5U13m9FNWEtmF2
+        NySFltZYEL6BZQn5qehF4kqqJ0JSVsHEyEC7sU9yr93khTGjWQfcGaITZXPNyXTC
+        py/J1TeOEOz2VyvglPx/JL4dTfPg5uZCTWRXzLJDAbW26BcyFI4OyPjFly6FLj0o
+        nMUuEzdCmNpHCKWkeyXajxtYd4EMo+UHGYC7jrpsAxRib0pdHUwnOG0MeNIUtPm/
+        yW8i5St9PnX2y2qSaAoVURAI3irApn4Wc+hgRjo22l/B6ZudMAtASD5Ie8pXHNS0
+        dlsgiv3sTZachMKU+usoIgejIb0MuBhBwVJ93A4YguEqNgZg0Cz4MUpWNma6zLIN
+        Ko+3khp3z2Y/jWfNTKs41sz++png1iqjnvXjGIjKtgcFJyH+AwZzkh5LjRiahM/I
+        OO/xTaO5Ag0EW7uGSwEQAL39qC95IFVNobRvecddeL26kHPgd0JS4fjB5r01pMFR
+        3fojnEwGTLzRJVR4iTfzOiAG1XKGYmEb15NkEgEcvaLaojSsaaAHv++BqL2qXHJa
+        sfsgjKqxCAKyJps5wCEIzF1xfxHB/5BIyKenXZw9K/zlZzsfqzyehLAarZ4oMQEN
+        u/dG3TlXCf/oSBHDttLTcRTGs1I8FEaA9O0ZeV+2S/WuT0kFa6s1tRUMMWHWzMmR
+        2a+vLCE3OMWtlRk6sfhfccf4rIzjj3xyieEGKznkOycu8JOqTBRmGMl3wRS2XI7c
+        PFiV1MGRV5uhJ6a0D6DDAddL13TaXMfsZB0KkFHh8bKvAxJA9opHhl+X2NrdwsLz
+        crCWF+QdoPX494j2aWnwSOXXtW9c2b6cpDfUoGVD79IYEzL0n6dgBPwCKLcmxotF
+        Tv+H3Yy0DBn8BaQ0ZHbEgudwr73vxMgbYStGfu/bQEulcLA0vfTRGBRhzlZLE8k6
+        +fXK23R4T/3kdyJovHdnK6aIN6oFTnVM5pyLrxmUkLCaPEbnoxVtA9zOeiGhqjYT
+        pLgZMG95HgoscBlOh8BpuM2E3MSPV6XYjEKtvDpWy/i/oCPhd/PcY/qVxzj6dANU
+        gQE/8hdf6Q//SvUxZaVrVwnmWkIZshGDJj/EM8VGhKzEoZF8Xmr/aibyN3CLoSMl
+        ABEBAAGJBD4EGAECAAkFAlu7hksCGy4CKQkQ8f9oUSiLMxXBXSAEGQECAAYFAlu7
+        hksACgkQ+ytqpCHNGT+1Vg//Z0ZiIoQQCLXmbAPdA79HVLCzsvkKQ3/RlqIR7Nq1
+        JzgqPxg8drRo5+Ri+VrsIJt3AYH/lGm1UuSeycM6NrNWBpqL5FLjrMmbILQp9GMf
+        bCZLXocOwDvrfpdBuEK+AS8SuLeiZtl8DcOe9Xtv3LSxXre0hsiIZpTRIjP+qkj8
+        W7oZqUxwo1Wcnff+0snf6hPiTps/IB1utzSjxXVe86/89BWvLt/mT1o81h5mclgk
+        l1eit6BvZsO/iicLB5KbyA7DVjAnxngze0+cCUAIVbqQbZhAVw5oZbKeXedbGuxr
+        eRLWx+h5IBbtn+JwWngzueHyc3fY5b6ann06f6y6BF5+XmPRIXakYh4moJxSRQCA
+        GVKGEubH/Y1Vyq8QIX7V6PGpS39mQkoYXEztvEtyZiV3J+SyObYZVTs9d5/rhoE2
+        wXQIFTOdyHi52K2VfT3JU7rWOw5/SWuOQyyDdWgxEJuU6bUeOViOwHVkZDzwBX3Y
+        1to5cgY6dNQARplEgZZjRja4uc06u2d7Bk2CfqO4LvjV5UlPm838Ga+kGzBpp86X
+        5JBbZz9lPGf+GY7ZcROQp6ONui8P08+7EaTVtILTE0rd5g8umOnWBo1zteMv50As
+        jyIPW20kUuJMdz3V+TNag5aCMW7qnO4zwildlQZmL54+xQDuRXK8P5JlKml6gnK+
+        4SLvUA/8CALEMqxNlb06ZJc1GCU/mcQYXfkNosHaNYpORjziDnH1LBQ7AnhIhhMy
+        FwcuxpG9bABwQfoQE84Kx3zVU0xEoCGr549Kf5p7ZcqGwn3WzSql+qR/NcPRV9Dp
+        tb4iSXoTUeutR1SeVn/TI2aOWez3UyIztnam+p32e4BNuyByFRmo2e8dP1RqCg6b
+        0KwuxDDE0k3zJCpjsWROrtBVQ9Zt9rsfG5kFxJ6Qi90uJP71f8rFDUuKmxJazDf3
+        g3GHEGovUrOJO5JpvCcfCyT9mfOPxUSAKGBHj8NPY84vjqGaA9qqt54D8YT57TjR
+        5oWd8Iwex4XFHAoj59q04KmramVgP5q8VKFrxwVOhYmK6SNmvW9dEI3Y16bu9KF7
+        CJnPq/mQXEI+a/G6hZgZ8eYxOV2812WcORppezALreHJeN1HogxI972G0kalKhNC
+        p3315BKJdw/p6/j/qIob2EZOdqBsdHRKBgBVXVbaCnzgh1kKLEvJnVDio+zjEPDr
+        lR9wQbcHRbu+ZqRSEbH0of/4rx0CdCPGKSDafviKPDXnvls85tWV/lMtNxamqYvv
+        V0DUeTWQDmfiyWCgqXTiRA9U4ZFgFNWmirh38UmV7VtSlYaRos8fEQTfmN20fqTk
+        9mVAREENSiAuc4P93l8TtrN1bAqXaTX5oz+lepqWmHWvY+RiNiw=
+        =laU4
+        -----END PGP PUBLIC KEY BLOCK-----
+    source_docker: 
+      source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable'
+      key: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+        mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
+        lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
+        38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
+        L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
+        UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
+        cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
+        ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
+        vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
+        G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
+        XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
+        q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
+        tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
+        BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
+        v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
+        tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
+        jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
+        6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
+        XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
+        FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
+        g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
+        ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
+        9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
+        G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
+        FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
+        EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
+        M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
+        Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
+        w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
+        z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
+        eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
+        VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
+        1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
+        zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
+        pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
+        ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
+        BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
+        1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
+        YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
+        mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
+        KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
+        JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
+        cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
+        6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
+        U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
+        VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
+        irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
+        SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
+        QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
+        9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
+        24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
+        dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
+        Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
+        H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
+        /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
+        M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
+        xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
+        jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
+        YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
+        =0YYh
+        -----END PGP PUBLIC KEY BLOCK-----
+
+  debconf_selections:
+    vhost:    dokku dokku/vhost_enable boolean true
+    # set the domain name of the new Dokku server
+    hostname: dokku dokku/hostname string %
+    # this copies over the public SSH key assigned to the server
+    key:      dokku dokku/key_file string /home/ubuntu/.ssh/authorized_keys
+
 users:
   - name: %{USER}
     groups: users, admin, docker
@@ -6,6 +148,7 @@ users:
     shell: /bin/bash
     ssh_authorized_keys:
       - %{PUBLIC_KEY}
+
 packages:
   - fail2ban
   - ufw
@@ -15,24 +158,19 @@ packages:
   - curl
   - gpg-agent
   - software-properties-common
+  - dokku
+
 package_update: true
 package_upgrade: true
+package_reboot_if_required: true
+
 runcmd:
   # General server setup
   - timedatectl set-timezone UTC
   - echo "${USER}:${USER}" | chpasswd
-  # Prepare for Docker
-  - sudo install -m 0755 -d /etc/apt/keyrings
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-  - sudo chmod a+r /etc/apt/keyrings/docker.gpg
-  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-  # Install docker
-  - apt-get update
-  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-  # Install dokku
-  - echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
-  - wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
+  # Setup dokku
   - cat /home/app/.ssh/authorized_keys | dokku ssh-keys:add admin
+  - dokku domains:set-global %{HOSTNAME}
   - dokku git:set --global deploy-branch main
   # Fail2Ban setup
   - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local

data/assets/cloudinit/redis.yml

@@ -34,11 +34,14 @@ runcmd:
   - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
   - sed -i '$a AllowUsers %{USER}' /etc/ssh/sshd_config
   # Set up Redis
+  - curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
+  - echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/redis.list
+  - apt-get update
   - apt-get -y install redis-server
   - sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
   - sed -i 's/bind 127.0.0.1 ::1/# bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
   - sed -i 's/protected-mode yes/protected-mode no/g' /etc/redis/redis.conf
-  - systemctl restart redis.service
+  - systemctl restart redis-server.service
   - |
     cat > /etc/logrotate.d/redis-server << EOF
     /var/log/redis/redis-server*.log {

data/checksums/standard-procedure-anvil-0.2.1.gem.sha512

@@ -0,0 +1 @@
+2b56322e96127aa43986eaa2de436eafd64c7d5260d61db1a13605d95bf0fc3b331f006c0b534d845c05e781659518f37d3f8aa17475e6e926675d5ea1985a50

data/checksums/standard-procedure-anvil-0.2.3.gem.sha512

@@ -0,0 +1 @@
+c6b89e5ee248e5d0209eee59b5e9445faced31aa2c9ea77a4229bdf9d93cccfbdd29ce88819eb9774e161e6e46b8ebe884f0e3680908279c1dc5f26417d23e6b

data/docs/app.md

@@ -0,0 +1,51 @@
+# The `app` command
+
+## Installing an application
+
+Move to your application's root folder and create the deploy.yml file (see below).  Then use the `app install` command to set dokku up for your first deployment.
+
+```sh
+anvil app install
+```
+
+This will SSH into the server (or servers if you have multiple) from your config file and:
+
+- Installs any dokku plugins that you have specified
+- Tells dokku to create the app
+- Uses your config file to set the environment variables for the app
+- Sets some sensible defaults for Nginx and makes sure it proxies correctly to your app
+- Optionally forwards the correct SSL/TLS headers if your app is behind a load-balancer
+- Finally it runs the post-installation scripts from your config file, which you can use to configure your plugins
+
+## Deploying an application
+
+Next up we deploy the app.
+
+```sh
+anvil app deploy
+```
+As this is the first deployment, anvil will create git remotes for each host, then do the initial git push.  If you have multiple servers configured, these should run in parallel (coming soon).  Once each deployment has completed, anvil will SSH in, scale your app and run the post-first-deployment scripts.
+
+You can then use the same `anvil app deploy` command to deploy the app again - but as it knows this isn't the first deployment (as it does not need to create the git remotes), it will run your post-deployment scripts (not post-first-deployment) each time.
+
+To change the number of processes (as defined by your Procfile), you can set the `scale` key(s) in your config file and then call:
+
+```sh
+anvil app scale
+```
+
+(COMING SOON)
+Finally, if you need to change the values of any environment variables, update your config file and use:
+
+```sh
+anvil app configure
+```
+
+## Configuration files
+
+The [anvil configuration file](/docs/configuration.md) is the heart of the system.
+
+## Secrets
+
+You don't want to store your secrets (passwords, encryption keys) in your anvil configuration.  Instead anvil can [read your secrets](/docs/secrets.md) from a separate file or from the command line.
+

data/docs/cloudinit.md

@@ -0,0 +1,33 @@
+# Building a server
+
+## Cloudinit
+
+A [CloudInit](https://cloudinit.readthedocs.io/en/latest/) file is a YML file that you load into a virtual machine while it is being created.  As the server boots, uses the cloudinit configuration to install software and set itself up.  With most cloud hosting providers, you will find an option for "user data", or something similar, on the "create a new server" page.
+
+### Generate a configuration
+
+So firstly we ask Anvil which cloudinit configurations it has available:
+
+```sh
+anvil cloudinit list
+```
+
+This will give us a list of prewritten cloud init scripts - of which dokku is probably the one we're most interested in.
+
+Next we tell anvil to generate our configuration:
+
+```sh
+anvil cloudinit generate dokku --user app --public-key ~/.ssh/my_key.pub > ~/Desktop/my_server.yml
+```
+
+Anvil generates a dokku configuration (and places it on our desktop) that will create an Ubuntu 22.04 box with docker and dokku preinstalled.  Plus it will create a user called `app` that can log in through SSH using a public key `my_key.pub`.  The server itself is locked down so only ports 80, 443 and 22 are open, only the users `app` and `dokku` are allowed to log in and they must use public/private key encryption - no passwords allowed.
+
+### Testing your configuration
+
+To test this, it's worth taking a look at [Multipass](https://multipass.run) - a tool from Canonical that lets you create virtual machines (using cloud init files) on your local machine.  This means you can try out various configurations without spending money at a hosting company.
+
+One thing to note when using multipass - it requires SSH access for a user called "ubuntu".  So take your generated cloudinit file, locate the SSH configuration section and the "AllowUsers" line - and add the "ubuntu" user to it.  Something like: `  - sed -i '$a AllowUsers %{USER} ubuntu dokku' /etc/ssh/sshd_config`.
+
+Multipass has its own private key generated for the ubuntu user, and uses this to manage the server.  Of course, the multipass VM is only on your machine, plus its private key is hidden away, so it's not a security risk.  But in general `anvil cloudinit generate` disallows all SSH access apart from your named user (using your own key), and the `dokku` user if applicable.
+
+Once you've built a preconfigured virtual machine, we can move on to getting our dokku application installed.  However, note that it can take several minutes for the initialisation process to complete - so don't start your deployment too early, or your server won't be ready and will reboot whilst your setting things up.

data/docs/configuration.md

@@ -0,0 +1,7 @@
+# Anvil configuration files
+
+An Anvil configuration file specifies the configuration for multiple servers and multiple apps.  Each server is configured, then each app is installed onto each server.
+
+For now take a look at the two samples in the spec folder - [single-server](/spec/fixtures/single-server.config.yml) and [multi-server](/spec/fixtures/multi-server.config.yml).
+
+Also check out the [tips for Ruby on Rails](/docs/ruby-on-rails.md) which has an example configuration file.

data/docs/roadmap.md

@@ -0,0 +1,12 @@
+# Roadmap
+
+As I mentioned, this is pretty much designed for my own use.
+
+There are a few bits I still need (which will be V1) and then I want to open it up.  But if it gets too generic, you might as well just write a load of shell scripts to manage dokku yourself - it's important to keep it simple.
+
+## To do
+
+- [ ] `app reconfigure`
+- [ ] Add `--first`/`--not-first` options to `app deploy` so you can override the first-deployment behaviour (in case you get a failure and need to re-run everything)
+- [ ] Instead of relying on the ssh-agent, allow the use of your private key when connecting to servers
+- [ ] Parallel execution across multiple hosts

data/docs/ruby-on-rails.md

@@ -0,0 +1,69 @@
+# Dokku and Ruby on Rails
+
+(incomplete - coming soon)
+
+- If using the Mysql plugin, use the Mysql2 protocol
+- store your RAILS_MASTER_KEY and SECRET_KEY_BASE outside of your configuration file (see [secrets](/docs/secrets.md))
+- in your config/environments/production.rb or config/environments/staging.rb set `config.force_ssl = false` - dokku's nginx configuration will do the redirect for you if you're using the Let's Encrypt plugin, or you can set the redirect on your load-balancer.  Setting `config.force_ssl = true` causes issues with the health checks
+- Make sure your app knows its hostname; set it as an environment variable in your configuration file and then use that hostname in your environment file as follows: `config.action_mailer.default_url_options = {host: ENV["HOSTNAME"]}` and `Rails.application.routes.default_url_options[:host] = config.action_mailer.default_url_options[:host]`.  This means that when you need to generate a full URL (as opposed to a relative path), Rails knows what to use.
+- Use a CHECKS file that looks like this (again using that HOSTNAME environment variable), so dokku's zero-deployment checks can connect correctly.  My `/health_check` route just returns a `200 OK` in most apps, but in some it actually checks the database connection, as well as some other services (although this causes problems with the initial deployment, which is why checks are switched off the first time through)
+```
+WAIT=10
+ATTEMPTS=5
+http://{{ var "HOSTNAME" }}/health_check
+```
+
+A typical Rails deploy.yml for a single-server, totally self-contained app, looks like this:
+
+```yaml
+version: 0.1
+hosts:
+  - myapp.example.com:
+      user: app
+app:
+  domain: myapp.example.com
+  port: 3000
+  environment:
+    - BUNDLE_WITHOUT=test:development
+    - CABLE_CHANNEL_PREFIX=myapp
+    - EMAIL_DOMAIN=mail.myapp.example.com
+    - EMAIL_HOST=smtp.myapp.example.com
+    - EMAIL_PORT=587
+    - EMAIL_USER=postmaster@mail.myapp.example.com
+    - HOSTNAME=myapp.example.com
+    - NODE_ENV=production
+    - RACK_ENV=production
+    - RAILS_ENV=production
+    - RAILS_LOG_TO_STDOUT=true
+    - RAILS_MAX_THREADS=10
+    - RAILS_SERVE_STATIC_FILES=true
+  resource_limit: 2048m
+  scale: web=2 worker=1
+  load_balancer: false
+  nginx:
+    client_max_body_size: 512m
+    proxy_read_timeout: 60s
+  plugins:
+    - cron-restart
+    - maintenance
+    - redis
+    - memcached
+    - mysql
+    - letsencrypt
+  scripts:
+    after_install:
+      - dokku cron-restart:set app schedule '0 3 * * *'
+      - dokku memcached:create memcached
+      - dokku memcached:link memcached app
+      - dokku redis:create redis_db
+      - dokku redis:link redis_db app
+      - dokku mysql:create mysql_db
+      - dokku config:set app MYSQL_DATABASE_SCHEME=mysql2
+      - dokku mysql:link mysql_db app
+    after_first_deploy:
+      - dokku letsencrypt:set app email me@myapp.example.com
+      - dokku letsencrypt:enable app
+      - dokku letsencrypt:cron-job --add
+      - dokku run app bin/rails db:seed
+
+```

data/docs/secrets.md

@@ -0,0 +1,20 @@
+# Secrets
+
+Finally, you'll probably want to check your deploy.yml file into source control.  But you _definitely_ don't want to be storing important secrets - database passwords, encryption keys and so on - where everyone can see them.
+
+So the `anvil app` commands also allow you to specify secrets, either from another file, or via the command line.
+
+The secrets are just extra environment variables that are added to the ones defined in your config file - in the format:
+
+```
+SECRET1=VALUE1 SECRET2=VALUE2
+```
+
+You can either specify `--secrets my-secrets-file.env` to load these from a separate file.  Or you can load them from stdin.
+
+For example, I use [Bitwarden](https://bitwarden.com) as my password locker and use the Bitwarden CLI to access my secrets.  The CLI is installed through homebrew, I then authenticate and can use a command like:
+
+```sh
+bw get notes secrets@myapp.com | anvil app install deploy.myapp.yml -S
+```
+I have the environment variables for myapp.com stored in Bitwarden as a secure note with the title "secrets@myapp.com".  So `bw get notes secrets@myapp.com` loads them from my vault and pipes them to the `anvil app install` command.  The anvil command is using the `-S` (or `--secrets-stdin`) option which means it will read the information piped in by bitwarden.  So, once decrypted, the confidential data never touches a disk until it gets written into the dokku app configuration on the server.

data/docs/why.md

@@ -0,0 +1,17 @@
+# Why does this exist?
+
+[Dokku](https://dokku.com) is great at installing and configuring containers on a single host.
+
+But you do need to install dokku, generate your configuration and environment variables, install your plugins and app and then configure all those plugins.
+
+Unfortunately, there's no [single configuration file](https://github.com/dokku/dokku/issues/1558) for dokku.
+
+In addition, dokku is really designed for managing a single server.  But I'm actually using it to manage multiple servers that are hidden behind a load-balancer.
+
+So to manage this, I wanted a single configuration file that I could user for all my dokku information, that could then use that configuration across multiple servers.
+
+Currently it's extremely tailored to my needs - it's built for Ubuntu 22.04, it creates a user called "app" (although you can change that), it names your dokku app "app".
+
+I've also added in cloudinit configs for some of the other servers I have to use.  Of course, these are not related to dokku, but anvil can generate them easily so it's useful to keep them all in one place.
+
+There are several [limitations](/docs/roadmap.md) to how it works - it does what I need but does need expansion.  That will come soon.

data/lib/anvil/app/host_deployer.rb

@@ -41,10 +41,12 @@ module Anvil
       end
 
       def create_git_remote
+        logger.info "git remote add #{host} dokku@#{host}:/app"
         logger.info `git remote add #{host} dokku@#{host}:/app`
       end
 
       def do_git_push
+        logger.info "git push #{host} #{branch}:main"
         logger.info `git push #{host} #{branch}:main`
       end
 

data/lib/anvil/app/host_installer.rb

@@ -24,7 +24,7 @@ module Anvil
       protected
 
       def install_plugins ssh
-        (configuration_for_app.fetch("plugins") | []).each do |plugin|
+        (configuration_for_app.dig("plugins") || []).each do |plugin|
           ssh.exec! "sudo dokku plugin:install https://github.com/dokku/dokku-#{plugin}.git #{plugin}"
         end
       end
@@ -40,7 +40,9 @@ module Anvil
       def set_dokku_options ssh
         ssh.exec! "dokku docker-options:add app run \"--add-host=host.docker.internal:host-gateway\"", "set_dokku_options"
         ssh.exec! "dokku domains:set app #{configuration_for_app["domain"]}", "set_dokku_options"
-        ssh.exec! "dokku proxy:ports-add app http:80:#{configuration_for_app["port"]}", "set_dokku_options"
+        ssh.exec! "dokku proxy:set app nginx", "set_dokku_options"
+        ssh.exec! "dokku ports:add app http:80:#{configuration_for_app["port"]}", "set_dokku_options"
+        ssh.exec! "dokku ports:add app https:443:#{configuration_for_app["port"]}", "set_dokku_options"
         ssh.exec! "dokku nginx:set app client-max-body-size #{configuration_for_app["nginx"]["client_max_body_size"]}", "set_dokku_options"
         ssh.exec! "dokku nginx:set app proxy-read-timeout #{configuration_for_app["nginx"]["proxy_read_timeout"]}", "set_dokku_options"
         if configuration_for_app["load_balancer"]

data/lib/anvil/app.rb

@@ -14,6 +14,8 @@ module Anvil
     long_desc <<-DESC
     List the environment variables for an app (on a given host)
 
+    Normally you never need call this command directly as it is called by the install command.
+
     Example:
       anvil app env /path/to/config
 
@@ -42,6 +44,10 @@ module Anvil
       If the /path/to/config is not supplied, it defaults to deploy.yml
 
       If --secrets-stdin is specified then additional environment variable values will be read from STDIN, if --secrets=/path/to/secrets is specified then they will be read from the file specified.  This is so you can specify environment variables that you do not want stored in source control.  These should be formatted as "VAR=value VAR2=value2" etc.
+
+      password-manager read my-secrets | anvil app install /path/to/config --secrets-stdin
+
+      Alternatively you can specify secrets as a separate file using the --secrets option.  Again, this should be formatted as "VAR=value VAR2=value2".
     DESC
     option :secrets, type: :string, default: nil, aliases: "-s"
     option :secrets_stdin, type: :boolean, default: false, aliases: "-S"
@@ -84,7 +90,7 @@ module Anvil
     def read_secrets(filename: nil, stdin: false)
       return nil if filename.nil? && !stdin
       return $stdin.read if stdin
-      return File.read(filename) if File.exist?(filename)
+      File.read(filename) if File.exist?(filename)
     end
   end
 end

data/lib/anvil/cloudinit/generator.rb

@@ -2,12 +2,12 @@
 
 module Anvil
   class Cloudinit
-    class Generator < Struct.new(:filename, :user, :public_key_path)
+    class Generator < Struct.new(:filename, :user, :public_key_path, :hostname)
       def call
         public_key = public_key_path.to_s.gsub("~", Dir.home)
 
         if File.exist?(public_key)
-          puts File.read(filename).gsub("%{USER}", user).gsub("%{PUBLIC_KEY}", File.read(public_key))
+          puts File.read(filename).gsub("%{USER}", user).gsub("%{HOSTNAME}", hostname).gsub("%{PUBLIC_KEY}", File.read(public_key))
         else
           puts "Cannot find public key file at #{public_key}"
         end
@@ -15,26 +15,3 @@ module Anvil
     end
   end
 end
-
-# Compare this snippet from assets/cloudinit/mysql.ubuntu-22.yml:
-# # frozen_string_literal: true
-#
-# ---
-# packages:
-#   - mysql-server
-#   - mysql-client
-#   - libmysqlclient-dev
-#
-# users:
-#   - name: <%= user %>
-#     groups: sudo
-#     shell: /bin/bash
-#     sudo: ALL=(ALL) NOPASSWD:ALL
-#     ssh_authorized_keys:
-#       - <%= public_key %>
-#
-# files:
-#   - path: /etc/mysql/mysql.conf.d/mysqld.cnf
-#     content: |
-#       [mysqld]
-#       bind-address =

data/lib/anvil/cloudinit.rb

@@ -18,14 +18,15 @@ module Anvil
     Generate a cloudinit configuration for a server
 
     Example:
-      anvil cloudinit generate mysql.ubuntu-22 --user dbuser --public_key ~/.ssh/my_key.pub
+      anvil cloudinit generate mysql.ubuntu-22 --user dbuser --public_key ~/.ssh/my_key.pub --hostname myserver.com
 
     DESC
     option :user, type: :string, default: "app", aliases: "-u"
     option :public_key, type: :string, default: "~/.ssh/id_rsa.pub", aliases: "-k"
+    option :hostname, type: :string, default: "example.com", aliases: "-h"
     def generate configuration
       filename = File.dirname(__FILE__) + "/../../assets/cloudinit/#{configuration}.yml"
-      Anvil::Cloudinit::Generator.new(filename, options[:user], options[:public_key]).call
+      Anvil::Cloudinit::Generator.new(filename, options[:user], options[:public_key], options[:hostname]).call
     end
   end
 end

data/lib/anvil/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Anvil
-  VERSION = "0.2.0"
+  VERSION = "0.2.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: standard-procedure-anvil
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.3
 platform: ruby
 authors:
 - Rahoul Baruah
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-07-05 00:00:00.000000000 Z
+date: 2024-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -121,6 +121,15 @@ files:
 - checksums/standard-procedure-anvil-0.1.6.gem.sha512
 - checksums/standard-procedure-anvil-0.1.7.gem.sha512
 - checksums/standard-procedure-anvil-0.2.0.gem.sha512
+- checksums/standard-procedure-anvil-0.2.1.gem.sha512
+- checksums/standard-procedure-anvil-0.2.3.gem.sha512
+- docs/app.md
+- docs/cloudinit.md
+- docs/configuration.md
+- docs/roadmap.md
+- docs/ruby-on-rails.md
+- docs/secrets.md
+- docs/why.md
 - exe/anvil
 - lib/anvil.rb
 - lib/anvil/app.rb
@@ -171,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.14
+rubygems_version: 3.4.22
 signing_key:
 specification_version: 4
 summary: Tools for managing servers and apps built using dokku