RubyGems - standard-procedure-anvil - Versions diffs - 0.1.4 → 0.1.6 - Mend

standard-procedure-anvil 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/assets/cloudinit/dokku.mysql.ubuntu-22.yml +61 -0
data/assets/cloudinit/dokku.ubuntu-22.yml +1 -12
data/assets/install/dokku.txt +13 -0
data/checksums/standard-procedure-anvil-0.1.5.gem.sha512 +1 -0
data/checksums/standard-procedure-anvil-0.1.6.gem.sha512 +1 -0
data/lib/anvil/app/host_installer.rb +10 -3
data/lib/anvil/app.rb +1 -0
data/lib/anvil/version.rb +1 -1
metadata +6 -3
data/assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml +0 -126

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50580aabd8ea329997f9a044178f08790aa12719e6d412da4a6a7a3b6c335fff
-  data.tar.gz: c4ec1dbbd6ccc1945e6fab5f76f988578bd0df0cef15cc7801b2bbdfda5f6a30
+  metadata.gz: 7ce4bfd700a5d2b870087b7d983902c43bc377ebcba1abbb911caea507aba0e8
+  data.tar.gz: 4e902474667b96efaf5a86435b381f6e54f28d58a1ae6a216441d9de6eb35925
 SHA512:
-  metadata.gz: e39c66044138540191d4214f5fa0b7f46d76f037b5268315f7fdb19cca214e545f93e9d89ce69d939339ca0133b7fa209281a21938ddd976d17e79160bc00167
-  data.tar.gz: 968a6df094c5f7846c23af2148b04c3671ce15c8abffce3ba407c0e3014aee4bb15e64873a6cfa0287dcd19b6193883efa259b4f8c9eb2b047abb12f6fa5ed95
+  metadata.gz: 6a6c16d63f3b0c2bbbafcce079bdb7ba7ea8b44f2c5e0f4ac0f5a9beb3e1f2999852be11aeaed5c107bb88eaef1b7a09b0bf3fef4eaeabb9f5760c625f73c845
+  data.tar.gz: ca793262284e8938121d155fe18f0b6c527a50b9bf0bf437f9a3973d02d708060c317ece52f85713913ec0995937a88eb93d58af85293d01abcf50f5005d5493

data/assets/cloudinit/dokku.mysql.ubuntu-22.yml ADDED Viewed

@@ -0,0 +1,61 @@
+#cloud-config
+users:
+  - name: %{USER}
+    groups: users, admin, docker
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - %{PUBLIC_KEY}
+packages:
+  - fail2ban
+  - ufw
+  - wget
+  - apt-transport-https
+  - mysql-client
+  - libmysqlclient-dev
+package_update: true
+package_upgrade: true
+runcmd:
+  # General server setup
+  - timedatectl set-timezone UTC
+  # Install MySQL
+  - echo "mysql-server mysql-server/root_password password root" | sudo debconf-set-selections
+  - echo "mysql-server mysql-server/root_password_again password root" | sudo debconf-set-selections
+  - sudo apt-get -y install mysql-server
+  - |
+    cat >> /etc/mysql/mysql.conf.d/utf8.cnf << CONF
+    [client]
+    default-character-set=utf8mb4
+    [mysql]
+    default-character-set=utf8mb4
+    [mysqld]
+    init_connect='SET collation_connection = utf8mb4_unicode_ci'
+    init_connect='SET NAMES utf8mb4'
+    character-set-server=utf8mb4
+    collation-server=utf8mb4_unicode_ci
+    skip-character-set-client-handshake
+    CONF
+  - sed -i -e '/^\(#\|\)bind-address/s/^.*$/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
+  # Start MySQL
+  - systemctl start mysql.service
+  # Fail2Ban setup
+  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
+  - systemctl enable fail2ban
+  # UFW and SSH setup
+  - ufw allow 22/tcp
+  - ufw allow 80/tcp
+  - ufw allow 443/tcp
+  - ufw enable
+  # Harden SSH
+  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
+  # And we're done
+  - reboot

data/assets/cloudinit/dokku.ubuntu-22.yml CHANGED Viewed

@@ -33,16 +33,5 @@ runcmd:
   - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
   - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
   - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
-  # Dokku setup
-  - echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
-  - wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
-  - cat /home/%{USER}/.ssh/authorized_keys | dokku ssh-keys:add admin
-  - dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
-  - dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
-  - dokku plugin:install https://github.com/dokku/dokku-redis.git redis
-  - dokku plugin:install https://github.com/dokku/dokku-mariadb.git mariadb
-  - dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
-  - dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
-  - dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
-  - dokku git:set --global deploy-branch main
+  # And we're done
   - reboot

data/assets/install/dokku.txt ADDED Viewed

@@ -0,0 +1,13 @@
+# SSH into your server and paste the script
+sudo bash
+echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
+wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
+cat /home/app/.ssh/authorized_keys | dokku ssh-keys:add admin
+dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
+dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
+dokku plugin:install https://github.com/dokku/dokku-redis.git redis
+dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
+dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
+dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
+dokku git:set --global deploy-branch main
+exit

data/checksums/standard-procedure-anvil-0.1.5.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 185f01d498e635d91fcbc77ae60a47529b68f927302c67dc7b052a4b190d6aa1197c9c7d46d9626f927ea80b5d40162ed3e86177d63d5dbcd93b957dbf4238b7

data/checksums/standard-procedure-anvil-0.1.6.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 11a59b33098151fd6205adbd24c410acd58168066dc2942b93feb601557f527fecce250002d6157bacf0007a546a4a23abdc219f269bc73820236cae738b63a0

data/lib/anvil/app/host_installer.rb CHANGED Viewed

@@ -5,11 +5,13 @@ module Anvil
   require_relative "../logger"
   require_relative "../ssh_executor"
   require_relative "env"
+  require_relative "../configuration_reader"
   class App
     class HostInstaller < Struct.new(:configuration, :host, :secrets)
       include StandardProcedure::Async::Actor
+      include Anvil::ConfigurationReader
-      async :call do
+      def call
         Anvil::SshExecutor.new(host, user_for(host), logger).call do |ssh|
           create_app ssh
           set_environment ssh
@@ -32,8 +34,13 @@ module Anvil
         ssh.exec! "dokku docker-options:add app run \"--add-host=host.docker.internal:host-gateway\"", "set_dokku_options"
         ssh.exec! "dokku domains:set app #{configuration_for_app["domain"]}", "set_dokku_options"
         ssh.exec! "dokku proxy:ports-add app http:80:#{configuration_for_app["port"]}", "set_dokku_options"
-        ssh.exec! "dokku nginx:set app client-max-body-size 512m", "set_dokku_options"
-        ssh.exec! "dokku nginx:set app proxy-read-timeout 60s", "set_dokku_options"
+        ssh.exec! "dokku nginx:set app client-max-body-size #{configuration_for_app["nginx"]["client_max_body_size"]}", "set_dokku_options"
+        ssh.exec! "dokku nginx:set app proxy-read-timeout #{configuration_for_app["nginx"]["proxy_read_timeout"]}", "set_dokku_options"
+        if configuration_for_app["nginx"]["forward_proxy_headers"]
+          ssh.exec! "dokku nginx:set $APP x-forwarded-for-value \"$http_x_forwarded_for\"", "set_dokku_options"
+          ssh.exec! "dokku nginx:set $APP x-forwarded-port-value \"$http_x_forwarded_port\"", "set_dokku_options"
+          ssh.exec! "dokku nginx:set $APP x-forwarded-proto-value \"$http_x_forwarded_proto\"", "set_dokku_options"
+        end
         ssh.exec! "dokku proxy:build-config app", "set_dokku_options"
       end

data/lib/anvil/app.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require "yaml"
 module Anvil
   class App < Anvil::SubCommandBase
     require_relative "app/env"
+    require_relative "app/install"
     desc "env /path/to/config.yml", "Generate environment variables for an app"
     long_desc <<-DESC

data/lib/anvil/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Anvil
-  VERSION = "0.1.4"
+  VERSION = "0.1.6"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: standard-procedure-anvil
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Rahoul Baruah
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-06-30 00:00:00.000000000 Z
+date: 2023-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -110,13 +110,16 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml
+- assets/cloudinit/dokku.mysql.ubuntu-22.yml
 - assets/cloudinit/dokku.ubuntu-22.yml
 - assets/cloudinit/memcached.ubuntu-22.yml
 - assets/cloudinit/mysql.ubuntu-22.yml
 - assets/cloudinit/opensearch.ubuntu-22.yml
 - assets/cloudinit/redis.ubuntu-22.yml
+- assets/install/dokku.txt
 - checksums/standard-procedure-anvil-0.1.4.gem.sha512
+- checksums/standard-procedure-anvil-0.1.5.gem.sha512
+- checksums/standard-procedure-anvil-0.1.6.gem.sha512
 - exe/anvil
 - lib/anvil.rb
 - lib/anvil/app.rb

data/assets/cloudinit/dokku.mysql.opensearch.ubuntu-22.yml DELETED Viewed

@@ -1,126 +0,0 @@
-#cloud-config
-users:
-  - name: %{USER}
-    groups: users, admin, docker
-    sudo: ALL=(ALL) NOPASSWD:ALL
-    shell: /bin/bash
-    ssh_authorized_keys:
-      - %{PUBLIC_KEY}
-packages:
-  - fail2ban
-  - ufw
-  - wget
-  - apt-transport-https
-  - docker.io
-  - docker-compose
-  - mysql-client
-  - libmysqlclient-dev
-package_update: true
-package_upgrade: true
-runcmd:
-  # General server setup
-  - timedatectl set-timezone UTC
-  # Prepare for OpenSearch
-  - swapoff -a
-  - echo "vm.max_map_count=262144" > /etc/sysctl.d/98-opensearch.conf
-  - sysctl -p /etc/sysctl.d/98-opensearch.conf
-  # Install MySQL
-  - echo "mysql-server mysql-server/root_password password root" | sudo debconf-set-selections
-  - echo "mysql-server mysql-server/root_password_again password root" | sudo debconf-set-selections
-  - sudo apt-get -y install mysql-server
-  - |
-    cat >> /etc/mysql/mysql.conf.d/utf8.cnf << CONF
-    [client]
-    default-character-set=utf8mb4
-    [mysql]
-    default-character-set=utf8mb4
-    [mysqld]
-    init_connect='SET collation_connection = utf8mb4_unicode_ci'
-    init_connect='SET NAMES utf8mb4'
-    character-set-server=utf8mb4
-    collation-server=utf8mb4_unicode_ci
-    skip-character-set-client-handshake
-    CONF
-  - sed -i -e '/^\(#\|\)bind-address/s/^.*$/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
-  # Start MySQL
-  - systemctl start mysql.service
-  # Fail2Ban setup
-  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
-  - systemctl enable fail2ban
-  # UFW and SSH setup
-  - ufw allow 22/tcp
-  - ufw allow 80/tcp
-  - ufw allow 443/tcp
-  - ufw enable
-  # Harden SSH
-  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
-  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
-  - sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
-  # Dokku setup
-  - echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
-  - wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
-  - cat /home/%{USER}/.ssh/authorized_keys | dokku ssh-keys:add admin
-  - dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
-  - dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
-  - dokku plugin:install https://github.com/dokku/dokku-redis.git redis
-  - dokku plugin:install https://github.com/dokku/dokku-mariadb.git mariadb
-  - dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
-  - dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
-  - dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
-  - dokku git:set --global deploy-branch main
-  # OpenSearch setup
-  - mkdir -p /etc/opensearch
-  - docker pull opensearchproject/opensearch:latest
-  - docker pull opensearchproject/opensearch-dashboards:latest
-  - |
-    cat >> /etc/opensearch/docker-compose.yml << EOF
-    version: '3'
-    services:
-      search_db:
-        image: opensearchproject/opensearch:latest
-        container_name: search_db
-        environment:
-          - discovery.type=single-node
-          - node.name=search_db
-          - bootstrap.memory_lock=true
-          - plugins.security.disabled=true
-          - "OPENSEARCH_JAVA_OPTS=-Xms2048m -Xmx2048m"
-        ulimits:
-          memlock:
-            soft: -1
-            hard: -1
-          nofile:
-            soft: 65536
-            hard: 65536
-        volumes:
-          - opensearch_data:/usr/share/opensearch/data
-        ports:
-          - 9200:9200
-          - 9600:9600
-    volumes:
-      opensearch_data:
-    EOF
-  - |
-    cat >> /etc/systemd/system/opensearch.service << EOF
-    Description=OpenSearch container
-    Requires=docker.service
-    After=docker.service
-    [Service]
-    WorkingDirectory=/etc/opensearch
-    Restart=always
-    ExecStart=/usr/bin/docker-compose up
-    ExecStop=/usr/bin/docker-compose down
-    [Install]
-    WantedBy=multi-user.target
-    EOF
-  - systemctl daemon-reload
-  - systemctl enable opensearch.service
-  - service opensearch start
-  - reboot