RubyGems - standard-procedure-anvil - Versions diffs - 0.1.4 → 0.1.6 - Mend

standard-procedure-anvil 0.1.4 → 0.1.6

Files changed (11) hide show

checksums.yaml +4 -4
data/assets/cloudinit/dokku.mysql.ubuntu-22.yml +61 -0
data/assets/cloudinit/dokku.ubuntu-22.yml +1 -12
data/assets/install/dokku.txt +13 -0
data/checksums/standard-procedure-anvil-0.1.5.gem.sha512 +1 -0
data/checksums/standard-procedure-anvil-0.1.6.gem.sha512 +1 -0
data/lib/anvil/app/host_installer.rb +10 -3
data/lib/anvil/app.rb +1 -0
data/lib/anvil/version.rb +1 -1
metadata +6 -3
data/assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml +0 -126

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50580aabd8ea329997f9a044178f08790aa12719e6d412da4a6a7a3b6c335fff
-  data.tar.gz: c4ec1dbbd6ccc1945e6fab5f76f988578bd0df0cef15cc7801b2bbdfda5f6a30
+  metadata.gz: 7ce4bfd700a5d2b870087b7d983902c43bc377ebcba1abbb911caea507aba0e8
+  data.tar.gz: 4e902474667b96efaf5a86435b381f6e54f28d58a1ae6a216441d9de6eb35925
 SHA512:
-  metadata.gz: e39c66044138540191d4214f5fa0b7f46d76f037b5268315f7fdb19cca214e545f93e9d89ce69d939339ca0133b7fa209281a21938ddd976d17e79160bc00167
-  data.tar.gz: 968a6df094c5f7846c23af2148b04c3671ce15c8abffce3ba407c0e3014aee4bb15e64873a6cfa0287dcd19b6193883efa259b4f8c9eb2b047abb12f6fa5ed95
+  metadata.gz: 6a6c16d63f3b0c2bbbafcce079bdb7ba7ea8b44f2c5e0f4ac0f5a9beb3e1f2999852be11aeaed5c107bb88eaef1b7a09b0bf3fef4eaeabb9f5760c625f73c845
+  data.tar.gz: ca793262284e8938121d155fe18f0b6c527a50b9bf0bf437f9a3973d02d708060c317ece52f85713913ec0995937a88eb93d58af85293d01abcf50f5005d5493

data/assets/cloudinit/dokku.mysql.ubuntu-22.yml ADDED Viewed

@@ -0,0 +1,61 @@
+#cloud-config
+users:
+  - name: %{USER}
+    groups: users, admin, docker
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - %{PUBLIC_KEY}
+packages:
+  - fail2ban
+  - ufw
+  - wget
+  - apt-transport-https
+  - mysql-client
+  - libmysqlclient-dev
+package_update: true
+package_upgrade: true
+runcmd:
+  # General server setup
+  - timedatectl set-timezone UTC
+  # Install MySQL
+  - echo "mysql-server mysql-server/root_password password root" | sudo debconf-set-selections
+  - echo "mysql-server mysql-server/root_password_again password root" | sudo debconf-set-selections
+  - sudo apt-get -y install mysql-server
+  - |
+    cat >> /etc/mysql/mysql.conf.d/utf8.cnf << CONF
+    [client]
+    default-character-set=utf8mb4
+    [mysql]
+    default-character-set=utf8mb4
+    [mysqld]
+    init_connect='SET collation_connection = utf8mb4_unicode_ci'
+    init_connect='SET NAMES utf8mb4'
+    character-set-server=utf8mb4
+    collation-server=utf8mb4_unicode_ci
+    skip-character-set-client-handshake
+    CONF
+  - sed -i -e '/^\(#\|\)bind-address/s/^.*$/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
+  # Start MySQL
+  - systemctl start mysql.service
+  # Fail2Ban setup
+  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
+  - systemctl enable fail2ban
+  # UFW and SSH setup
+  - ufw allow 22/tcp
+  - ufw allow 80/tcp
+  - ufw allow 443/tcp
+  - ufw enable
+  # Harden SSH
+  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
+  # And we're done
+  - reboot

data/assets/cloudinit/dokku.ubuntu-22.yml CHANGED Viewed

@@ -33,16 +33,5 @@ runcmd:
   - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
   - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
   - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
-  # Dokku setup
-  - echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
-  - wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
-  - cat /home/%{USER}/.ssh/authorized_keys | dokku ssh-keys:add admin
-  - dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
-  - dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
-  - dokku plugin:install https://github.com/dokku/dokku-redis.git redis
-  - dokku plugin:install https://github.com/dokku/dokku-mariadb.git mariadb
-  - dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
-  - dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
-  - dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
-  - dokku git:set --global deploy-branch main
+  # And we're done
   - reboot

data/assets/install/dokku.txt ADDED Viewed

@@ -0,0 +1,13 @@
+# SSH into your server and paste the script
+sudo bash
+echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
+wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
+cat /home/app/.ssh/authorized_keys | dokku ssh-keys:add admin
+dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
+dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
+dokku plugin:install https://github.com/dokku/dokku-redis.git redis
+dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
+dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
+dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
+dokku git:set --global deploy-branch main
+exit

data/checksums/standard-procedure-anvil-0.1.5.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 185f01d498e635d91fcbc77ae60a47529b68f927302c67dc7b052a4b190d6aa1197c9c7d46d9626f927ea80b5d40162ed3e86177d63d5dbcd93b957dbf4238b7

data/checksums/standard-procedure-anvil-0.1.6.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 11a59b33098151fd6205adbd24c410acd58168066dc2942b93feb601557f527fecce250002d6157bacf0007a546a4a23abdc219f269bc73820236cae738b63a0

data/lib/anvil/app/host_installer.rb CHANGED Viewed

@@ -5,11 +5,13 @@ module Anvil
   require_relative "../logger"
   require_relative "../ssh_executor"
   require_relative "env"
+  require_relative "../configuration_reader"
   class App
     class HostInstaller < Struct.new(:configuration, :host, :secrets)
       include StandardProcedure::Async::Actor
+      include Anvil::ConfigurationReader
-      async :call do
+      def call
         Anvil::SshExecutor.new(host, user_for(host), logger).call do |ssh|
           create_app ssh
           set_environment ssh
@@ -32,8 +34,13 @@ module Anvil
         ssh.exec! "dokku docker-options:add app run \"--add-host=host.docker.internal:host-gateway\"", "set_dokku_options"
         ssh.exec! "dokku domains:set app #{configuration_for_app["domain"]}", "set_dokku_options"
         ssh.exec! "dokku proxy:ports-add app http:80:#{configuration_for_app["port"]}", "set_dokku_options"
-        ssh.exec! "dokku nginx:set app client-max-body-size 512m", "set_dokku_options"
-        ssh.exec! "dokku nginx:set app proxy-read-timeout 60s", "set_dokku_options"
+        ssh.exec! "dokku nginx:set app client-max-body-size #{configuration_for_app["nginx"]["client_max_body_size"]}", "set_dokku_options"
+        ssh.exec! "dokku nginx:set app proxy-read-timeout #{configuration_for_app["nginx"]["proxy_read_timeout"]}", "set_dokku_options"
+        if configuration_for_app["nginx"]["forward_proxy_headers"]
+          ssh.exec! "dokku nginx:set $APP x-forwarded-for-value \"$http_x_forwarded_for\"", "set_dokku_options"
+          ssh.exec! "dokku nginx:set $APP x-forwarded-port-value \"$http_x_forwarded_port\"", "set_dokku_options"
+          ssh.exec! "dokku nginx:set $APP x-forwarded-proto-value \"$http_x_forwarded_proto\"", "set_dokku_options"
+        end
         ssh.exec! "dokku proxy:build-config app", "set_dokku_options"
       end

data/lib/anvil/app.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require "yaml"
 module Anvil
   class App < Anvil::SubCommandBase
     require_relative "app/env"
+    require_relative "app/install"
     desc "env /path/to/config.yml", "Generate environment variables for an app"
     long_desc <<-DESC

data/lib/anvil/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Anvil
-  VERSION = "0.1.4"
+  VERSION = "0.1.6"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: standard-procedure-anvil
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Rahoul Baruah
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-06-30 00:00:00.000000000 Z
+date: 2023-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -110,13 +110,16 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml
+- assets/cloudinit/dokku.mysql.ubuntu-22.yml
 - assets/cloudinit/dokku.ubuntu-22.yml
 - assets/cloudinit/memcached.ubuntu-22.yml
 - assets/cloudinit/mysql.ubuntu-22.yml
 - assets/cloudinit/opensearch.ubuntu-22.yml
 - assets/cloudinit/redis.ubuntu-22.yml
+- assets/install/dokku.txt
 - checksums/standard-procedure-anvil-0.1.4.gem.sha512
+- checksums/standard-procedure-anvil-0.1.5.gem.sha512
+- checksums/standard-procedure-anvil-0.1.6.gem.sha512
 - exe/anvil
 - lib/anvil.rb
 - lib/anvil/app.rb

data/assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml DELETED Viewed

@@ -1,126 +0,0 @@
-#cloud-config
-users:
-  - name: %{USER}
-    groups: users, admin, docker
-    sudo: ALL=(ALL) NOPASSWD:ALL
-    shell: /bin/bash
-    ssh_authorized_keys:
-      - %{PUBLIC_KEY}
-packages:
-  - fail2ban
-  - ufw
-  - wget
-  - apt-transport-https
-  - docker.io
-  - docker-compose
-  - mysql-client
-  - libmysqlclient-dev
-package_update: true
-package_upgrade: true
-runcmd:
-  # General server setup
-  - timedatectl set-timezone UTC
-  # Prepare for OpenSearch
-  - swapoff -a
-  - echo "vm.max_map_count=262144" > /etc/sysctl.d/98-opensearch.conf
-  - sysctl -p /etc/sysctl.d/98-opensearch.conf
-  # Install MySQL
-  - echo "mysql-server mysql-server/root_password password root" | sudo debconf-set-selections
-  - echo "mysql-server mysql-server/root_password_again password root" | sudo debconf-set-selections
-  - sudo apt-get -y install mysql-server
-  - |
-    cat >> /etc/mysql/mysql.conf.d/utf8.cnf << CONF
-    [client]
-    default-character-set=utf8mb4
-    [mysql]
-    default-character-set=utf8mb4
-    [mysqld]
-    init_connect='SET collation_connection = utf8mb4_unicode_ci'
-    init_connect='SET NAMES utf8mb4'
-    character-set-server=utf8mb4
-    collation-server=utf8mb4_unicode_ci
-    skip-character-set-client-handshake
-    CONF
-  - sed -i -e '/^\(#\|\)bind-address/s/^.*$/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
-  # Start MySQL
-  - systemctl start mysql.service
-  # Fail2Ban setup
-  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
-  - systemctl enable fail2ban
-  # UFW and SSH setup
-  - ufw allow 22/tcp
-  - ufw allow 80/tcp
-  - ufw allow 443/tcp
-  - ufw enable
-  # Harden SSH
-  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
-  - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
-  # Dokku setup
-  - echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
-  - wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
-  - cat /home/%{USER}/.ssh/authorized_keys | dokku ssh-keys:add admin
-  - dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
-  - dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
-  - dokku plugin:install https://github.com/dokku/dokku-redis.git redis
-  - dokku plugin:install https://github.com/dokku/dokku-mariadb.git mariadb
-  - dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
-  - dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
-  - dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
-  - dokku git:set --global deploy-branch main
-  # OpenSearch setup
-  - mkdir -p /etc/opensearch
-  - docker pull opensearchproject/opensearch:latest
-  - docker pull opensearchproject/opensearch-dashboards:latest
-  - |
-    cat >> /etc/opensearch/docker-compose.yml << EOF
-    version: '3'
-    services:
-      search_db:
-        image: opensearchproject/opensearch:latest
-        container_name: search_db
-        environment:
-          - discovery.type=single-node
-          - node.name=search_db
-          - bootstrap.memory_lock=true
-          - plugins.security.disabled=true
-          - "OPENSEARCH_JAVA_OPTS=-Xms2048m -Xmx2048m"
-        ulimits:
-          memlock:
-            soft: -1
-            hard: -1
-          nofile:
-            soft: 65536
-            hard: 65536
-        volumes:
-          - opensearch_data:/usr/share/opensearch/data
-        ports:
-          - 9200:9200
-          - 9600:9600
-    volumes:
-      opensearch_data:
-    EOF
-  - |
-    cat >> /etc/systemd/system/opensearch.service << EOF
-    Description=OpenSearch container
-    Requires=docker.service
-    After=docker.service
-    [Service]
-    WorkingDirectory=/etc/opensearch
-    Restart=always
-    ExecStart=/usr/bin/docker-compose up
-    ExecStop=/usr/bin/docker-compose down
-    [Install]
-    WantedBy=multi-user.target
-    EOF
-  - systemctl daemon-reload
-  - systemctl enable opensearch.service
-  - service opensearch start
-  - reboot