vps 0.2.0

data/lib/vps/cli/service.rb

@@ -0,0 +1,96 @@
+module VPS
+  class CLI < Thor
+    class Service < Thor
+
+      SERVICES = "#{VPS::ROOT}/config/services.yml"
+
+      desc "add HOST [SERVICE]", "Add service to host configuration"
+      def add(host, service = nil)
+        config = VPS.read_config(host)
+
+        unless service
+          list = services.keys.sort - config[:services].keys
+          service = list[Ask.list("Which service to you want to add?", list)]
+        end
+
+        if !config[:services].include?(service) && (yml = services[service])
+          list = tags(yml[:image] || "library/#{service}")
+          tag = list[Ask.list("Choose which tag to use", list)]
+          image = "#{yml[:image] || service}:#{tag}"
+
+          yml, volumes = finalize_config(yml)
+          config[:services][service] = {:image => image}.merge(yml)
+          config[:volumes].concat(volumes).uniq!
+
+          VPS.write_config(host, config)
+        end
+      end
+
+      desc "remove HOST [SERVICE]", "Remove service from host configuration"
+      def remove(host, service = nil)
+        config = VPS.read_config(host)
+
+        unless service
+          list = config[:services].keys.sort
+          service = list[Ask.list("Which service do you want to remove?", list)]
+        end
+
+        if config[:services].delete(service)
+          VPS.write_config(host, config)
+        end
+      end
+
+      desc "list HOST", "List services of host configuration"
+      def list(host)
+        config = VPS.read_config(host)
+
+        services = config[:services].collect do |service, yml|
+          "* #{yml[:image]}"
+        end.sort
+
+        puts services
+      end
+
+    private
+
+      def services
+        @services ||= with_indifferent_access(YAML.load_file(SERVICES))
+      end
+
+      def tags(image)
+        uri = URI.parse("https://registry.hub.docker.com/v2/repositories/#{image}/tags/")
+        tags = JSON.parse(Net::HTTP.get(uri))["results"]
+        tags.collect{|tag| tag["name"]}.sort{|a, b| (a == "latest") ? -1 : (b <=> a)}
+      end
+
+      def with_indifferent_access(object)
+        case object
+        when Hash
+          object.inject({}.with_indifferent_access) do |hash, (key, value)|
+            hash[key] = with_indifferent_access(value)
+            hash
+          end
+        when Array
+          object.collect{|item| with_indifferent_access(item)}
+        else
+          object
+        end
+      end
+
+      def finalize_config(config)
+        config.delete(:image)
+        if config[:environment]
+          config[:environment] = config[:environment].inject({}) do |env, variable|
+            env[variable] = Ask.input(variable)
+            env
+          end
+        end
+        volumes = (config[:volumes] || []).collect do |volume|
+          volume.split(":")[0]
+        end
+        [config, volumes]
+      end
+
+    end
+  end
+end

data/lib/vps/cli/upstream.rb

@@ -0,0 +1,95 @@
+module VPS
+  class CLI < Thor
+    class Upstream < Thor
+
+      desc "add HOST[:UPSTREAM] PATH", "Add upstream to host configuration"
+      def add(host_and_optional_upstream, path)
+        host, name = host_and_optional_upstream.split(":")
+        config = VPS.read_config(host)
+        path = File.expand_path(path)
+
+        unless config[:upstreams].any?{|upstream| upstream[:name] == name}
+          spec = derive_upstream(path)
+          spec[:nginx] ||= {
+            :http => nil,
+            :https => nil
+          }
+          config[:upstreams].push(spec.merge({
+            :name => name || File.basename(path),
+            :path => path,
+            :domains => [],
+            :email => nil,
+            :compose => nil
+          }))
+          VPS.write_config(host, config)
+        end
+      end
+
+      desc "remove HOST[:UPSTREAM]", "Remove upstream from host configuration"
+      def remove(host_and_optional_upstream)
+        host, name = host_and_optional_upstream.split(":")
+        config = VPS.read_config(host)
+
+        unless name
+          list = config[:upstreams].collect{|upstream| upstream[:name]}.sort
+          name = list[Ask.list("Which upstream do you want to remove?", list)]
+        end
+
+        if config[:upstreams].reject!{|upstream| upstream[:name] == name}
+          VPS.write_config(host, config)
+        end
+      end
+
+      desc "list HOST", "List upstreams of host configuration"
+      def list(host)
+        config = VPS.read_config(host)
+
+        upstreams = config[:upstreams].collect do |upstream|
+          "* #{upstream[:name]} (#{upstream[:path].gsub(Dir.home, "~")})"
+        end.sort
+
+        puts upstreams
+      end
+
+    private
+
+      def derive_upstream(path)
+        if Dir["#{path}/mix.exs"].any?
+          elixir = <<-ELIXIR
+            Application.started_applications()
+            |> Enum.reduce([], fn {name, _desc, _version}, acc ->
+              if(name in [:phoenix, :plug], do: [name | acc], else: acc)
+            end)
+            |> Enum.sort()
+            |> Enum.at(0)
+            |> IO.puts()
+          ELIXIR
+          type = `cd #{path} && mix run -e "#{elixir.strip.gsub(/\n\s+/, " ")}" | tail -n 1`.strip
+          {
+            type: type,
+            elixir_version: `cd #{path} && mix run -e "System.version() |> IO.puts()" | tail -n 1`.strip,
+            port: (type == "phoenix") ? 4000 : `cd #{path} && mix run -e ":ranch.info |> hd() |> elem(0) |> :ranch.get_port() |> IO.puts()" | tail -n 1`.strip.to_i
+          }
+        elsif Dir["#{path}/Gemfile"].any?
+          lines = `cd #{path} && BUNDLE_GEMFILE=#{path}/Gemfile bundle list`.split("\n")
+          type = %w(rails rack).detect{|gem| lines.any?{|line| line.include?("* #{gem} (")}}
+          {
+            type: type,
+            ruby_version: `$SHELL -l -c 'cd #{path} && ruby -e "puts RUBY_VERSION"'`.strip,
+            bundler_version: `$SHELL -l -c 'cd #{path} && bundle -v'`.split.last,
+            port: (type == "rails" ? 3000 : 9292) # :'(
+          }.tap do |spec|
+            if type == "rails"
+              spec[:nginx] = {
+                root: "/opt/app/public",
+                try_files: true,
+                proxy_redirect: "off"
+              }
+            end
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/vps/core_ext/ostruct.rb

@@ -0,0 +1,17 @@
+class OpenStruct
+  def self.to_hash(object, hash = {})
+    case object
+    when OpenStruct then
+      object.each_pair do |key, value|
+        hash[key.to_s] = to_hash(value)
+      end
+      hash
+    when Array then
+      object.collect do |value|
+        to_hash(value)
+      end
+    else
+      object
+    end
+  end
+end

data/lib/vps/core_ext/string.rb

@@ -0,0 +1,33 @@
+class String
+
+  COLORS = {
+    :red     => 31,
+    :green   => 32,
+    :yellow  => 33,
+    :blue    => 34,
+    :magenta => 35,
+    :cyan    => 36,
+    :white   => 39,
+    :gray    => 90
+  }
+
+  COLORS.keys.each do |color|
+    define_method color do
+      colorize color
+    end
+  end
+
+  def indent(n, string = " ")
+    split("\n").collect do |line|
+      line.empty? ? line : "#{string * n}#{line}"
+    end.join("\n")
+  end
+
+private
+
+  def colorize(color)
+    color = COLORS[color]
+    "\033[0;#{color}m#{self}\033[0m"
+  end
+
+end

data/lib/vps/version.rb

@@ -0,0 +1,7 @@
+module VPS
+  MAJOR = 0
+  MINOR = 2
+  TINY  = 0
+
+  VERSION = [MAJOR, MINOR, TINY].join(".")
+end

data/playbooks/deploy.yml

@@ -0,0 +1,43 @@
+---
+description:
+  Deploy web application to the server
+usage:
+  deploy HOST [TOOL]
+arguments:
+  - host
+  - tool
+tasks:
+  - task: ensure
+    argument: user
+    fallbacks:
+      - task: read_config
+        key: user
+      - description: Obtaining remote user
+        task: remote_execute
+        command: whoami
+  - task: ensure
+    argument: tool
+    fallbacks:
+      - task: read_config
+        key: tool
+      - description: Choose which deploy tool to use
+        task: select
+        question: Which deployment tool do you want to use?
+        options: << playbooks >>
+  - task: ensure
+    argument: release_path
+    fallbacks:
+      - task: read_config
+        key: release_path
+      - description: Specify which directory to deploy to
+        task: input
+        question: Enter release path on the server
+        default: ~/app
+  - task: write_config
+    config:
+      user: << user >>
+      tool: << tool >>
+      release_path: << release_path >>
+  - task: obtain_config
+  - task: playbook
+    playbook: deploy/{{ tool }}

data/playbooks/deploy/docker.yml

@@ -0,0 +1,96 @@
+---
+source:
+  - http://dimafeng.com/2015/10/17/docker-distribution/
+constants:
+  config_path: ~/.vps/{{ host }}
+  docker_compose_file: "{{ config_path }}/docker-compose.yml"
+  nginx_conf_file: "{{ config_path }}/data/nginx/app.conf"
+tasks:
+  - task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: generate_file
+        template: docker/upstream/Dockerfile.{{ upstream.type }}.erb
+        target: "{{ config_path }}/{{ upstream.name }}/Dockerfile"
+      - description: Building '{{ upstream.name }}' image
+        task: execute
+        command: docker build --no-cache -f {{ config_path }}/{{ upstream.name }}/Dockerfile -t {{ upstream.name }} {{ upstream.path }}
+  - description: Saving docker images as .gzip file
+    task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: execute
+        command: docker save {{ upstream.name }} | gzip > /tmp/{{ upstream.name }}.gzip
+  - description: Uploading images
+    task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: upload
+        file: /tmp/{{ upstream.name }}.gzip
+  - description: Stopping current containers
+    task: remote_execute
+    command: cd {{ release_path }} && docker-compose stop
+  - description: Removing current containers
+    task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: remote_execute
+        command: docker container rm $(docker container ls -f ancestor={{ upstream.name }} -aq)
+  - description: Removing current images
+    task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: remote_execute
+        command: docker image rm {{ upstream.name }}
+  - task: run_tasks
+    tasks: << preload >>
+  - description: Unzipping and loading docker images
+    task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: remote_execute
+        command: gunzip < /tmp/{{ upstream.name }}.gzip | docker load
+  - task: generate_file
+    template: docker/docker-compose.yml.erb
+    target: "{{ docker_compose_file }}"
+  - description: Uploading docker-compose.yml
+    task: upload
+    file: "{{ docker_compose_file }}"
+    remote_path: "{{ release_path }}/docker-compose.yml"
+  - task: generate_file
+    template: docker/data/nginx/app.conf.erb
+    target: "{{ nginx_conf_file }}"
+  - description: Uploading Nginx config
+    task: upload
+    file: "{{ nginx_conf_file }}"
+    remote_path: "{{ release_path }}/data/nginx/app.conf"
+  - task: loop
+    through: << upstreams >>
+    as: upstream
+    run:
+      - task: generate_file
+        template: docker/upstream/init-letsencrypt.sh.erb
+        target: "{{ config_path }}/{{ upstream.name }}/init-letsencrypt.sh"
+      - description: Uploading Let’s Encrypt script
+        task: upload
+        file: "{{ config_path }}/{{ upstream.name }}/init-letsencrypt.sh"
+        remote_path: "{{ release_path }}/init-letsencrypt/{{ upstream.name }}.sh"
+      - description: Install SSL certificates (if required)
+        task: remote_execute
+        command:
+          - chmod +x {{ release_path }}/init-letsencrypt/{{ upstream.name }}.sh
+          - cd {{ release_path }} && if [ ! -d "data/certbot/conf/live/{{ domain:upstream }}" ]; then yes Y | sudo ./init-letsencrypt/{{ upstream.name }}.sh; fi
+  - description: Starting containers
+    task: remote_execute
+    command: cd {{ release_path }} && docker-compose up {{ up }} -d
+  - description: Checking running docker images
+    task: remote_execute
+    command: docker ps
+  - task: run_tasks
+    tasks: << postload >>

data/playbooks/init.yml

@@ -0,0 +1,12 @@
+---
+description:
+  Execute an initial server setup
+confirm:
+  Are you sure you want to initially setup your VPS?
+constants:
+  user: root
+arguments:
+  - host
+tasks:
+  - task: playbook
+    playbook: init

data/playbooks/init/ubuntu-18.04.yml

@@ -0,0 +1,110 @@
+---
+source:
+  - https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
+  - https://github.com/jasonheecs/ubuntu-server-setup/blob/master/setupLibrary.sh
+  - https://www.linode.com/stackscripts/view/1
+  - https://gist.github.com/parente/0227cfbbd8de1ce8ad05
+tasks:
+  - description: Updating server with latest packages
+    task: remote_execute
+    command: apt-get update && apt-get upgrade -y
+  - description: Choose which tasks to execute
+    task: multiselect
+    question: Which tasks do you want to execute?
+    options:
+      set_server_hostname: Set server hostname
+      add_sudo_user: Add new user with sudo access
+      disable_password_authentication: Disable password authentication to the server
+      setup_uncomplicated_firewall: Setup Uncomplicated FireWall
+      setup_timezone: Setup server timezone
+      install_network_time_protocol: Install Network Time Protocol
+      deny_root_login: Deny root login to the server
+  - description: Setting the server hostname
+    task: when
+    boolean: set_server_hostname
+    run:
+      - task: input
+        question: Enter hostname for the server
+        as: hostname
+      - task: remote_execute
+        command:
+          - echo '{{ hostname }}' > /etc/hostname
+          - hostname -F /etc/hostname
+  - description: Creating new sudo user
+    task: when
+    boolean: add_sudo_user
+    run:
+      - task: input
+        question: Enter username for the new sudo user
+        as: username
+      - task: input
+        question: Enter location of your public SSH key
+        default: ~/.ssh/id_rsa.pub
+        as: public_key
+      - task: remote_execute
+        command: adduser --disabled-password --gecos '' {{ username }}
+      - description: Granting administrative privileges
+        task: remote_execute
+        command: usermod -aG sudo {{ username }}
+      - description: Copying public SSH key
+        task: execute
+        command: cat {{ public_key }}
+        as: public_key
+      - description: Installing public SSH key on server
+        task: remote_execute
+        user: "{{ username }}"
+        command:
+          - mkdir -p ~/.ssh
+          - touch ~/.ssh/authorized_keys
+          - echo {{{ public_key }}} >> ~/.ssh/authorized_keys
+          - chmod 700 ~/.ssh
+          - chmod 600 ~/.ssh/authorized_keys
+      - description: Disabling sudo password for new user
+        task: remote_execute
+        command:
+          - cp /etc/sudoers /etc/sudoers.bak
+          - sh -c 'echo "{{ username }} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers'
+  - description: Disabling password authentication
+    task: when
+    boolean: disable_password_authentication
+    run:
+      - task: remote_execute
+        command:
+          - sed -i 's/#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+          - sed -i 's/#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+          - service ssh restart
+  - description: Denying root login to the server
+    task: when
+    boolean: deny_root_login
+    run:
+      - task: remote_execute
+        command:
+          - sed -i 's/#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+          - service ssh restart
+  - description: Setting up Uncomplicated FireWall
+    task: when
+    boolean: setup_uncomplicated_firewall
+    run:
+      - task: remote_execute
+        command:
+          - ufw allow OpenSSH
+          - ufw allow http
+          - ufw allow https
+          - yes y | ufw enable
+  - description: Setting up the server timezone
+    task: when
+    boolean: setup_timezone
+    run:
+      - task: remote_execute
+        command:
+          export timezone=`wget -qO - http://geoip.ubuntu.com/lookup | sed -n -e 's/.*<TimeZone>\(.*\)<\/TimeZone>.*/\1/p'` &&
+          timedatectl set-timezone $timezone &&
+          echo $timezone
+  - description: Installing Network Time Protocol
+    task: when
+    boolean: install_network_time_protocol
+    run:
+      - task: remote_execute
+        command:
+          - apt-get update
+          - apt-get --assume-yes install ntp