vps 0.2.0

data/playbooks/install.yml

@@ -0,0 +1,18 @@
+---
+description:
+  Install software on the server
+usage:
+  install HOST [TOOL]
+arguments:
+  - host
+  - tool
+tasks:
+  - task: ensure
+    argument: tool
+    fallbacks:
+      - description: Choose which deploy tool to install
+        task: select
+        question: Which deployment tool do you want to install?
+        options: << playbooks >>
+  - task: playbook
+    playbook: install/{{ tool }}

data/playbooks/install/docker/ubuntu-18.04.yml

@@ -0,0 +1,35 @@
+---
+source:
+  - https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-using-the-repository
+  - https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
+tasks:
+  - description: Updating apt package index
+    task: remote_execute
+    command: sudo apt-get update
+  - description: Installing packages which let apt use packages over HTTPS
+    task: remote_execute
+    command:
+      sudo apt-get install
+        apt-transport-https
+        ca-certificates
+        curl
+        gnupg-agent
+        software-properties-common
+  - description: Adding Docker’s official GPG key
+    task: remote_execute
+    command: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - description: Adding the Docker repository to APT sources
+    task: remote_execute
+    command: sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
+  - description: Updating apt package index
+    task: remote_execute
+    command: sudo apt-get update
+  - description: Installing Docker
+    task: remote_execute
+    command: sudo apt install -y docker-ce docker-compose
+  - description: Adding current user to the docker group
+    task: remote_execute
+    command: sudo usermod -aG docker ${USER}
+  - description: Checking docker state
+    task: remote_execute
+    command: sudo systemctl status docker

data/script/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "bundler"
+Bundler.require :default, :development
+
+puts "Loading VPS development environment (#{VPS::VERSION})"
+Pry.start

data/templates/docker/data/nginx/app.conf.erb

@@ -0,0 +1,69 @@
+<%- upstreams.each do |upstream| %>
+
+upstream <%= upstream[:name] %> {
+  server <%= upstream[:name] %>:<%= upstream[:port] %>;
+}
+<%- upstream[:domains].partition{|domain| domain.include?("http://")}.reject(&:empty?).each do |domains| %>
+<%-
+  https = domains.first.include?("https://")
+  domains = domains.collect{|domain| domain.gsub(/https?:\/\//, "")}.join(" ")
+  domain = domains.split(" ")[0]
+  nginx = upstream[:nginx] || {}
+  proxy_pass = "http://#{ upstream[:name] }"
+%>
+
+server {
+  <%- unless domains.empty? %>
+  listen 80;
+  server_name <%= domains %>;
+  server_tokens off;
+
+  <%- end %>
+  <%- if nginx[:http] %>
+<%= nginx[:http].gsub("PROXY_PASS", proxy_pass).indent(2) %>
+
+  <%- end %>
+  <%- if https %>
+  location /.well-known/acme-challenge/ {
+    root /var/www/certbot;
+  }
+
+  location / {
+    return 301 https://$host$request_uri;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name <%= domains %>;
+  server_tokens off;
+
+  ssl_certificate /etc/letsencrypt/live/<%= domain %>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<%= domain %>/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+  <%- end %>
+  <%- if nginx[:root] %>
+  root <%= nginx[:root] %>;
+  <%- end %>
+  <%- if nginx[:try_files] %>
+  try_files $uri @app;
+
+  <%- end %>
+  <%- if nginx[:https] %>
+<%= nginx[:https].gsub("PROXY_PASS", proxy_pass).indent(2) %>
+
+  <%- end %>
+  location <%= nginx[:try_files] ? "@app" : "/" %> {
+    proxy_pass        <%= proxy_pass %>;
+    proxy_set_header  Host $http_host;
+    proxy_set_header  X-Real-IP $remote_addr;
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    <%- if nginx[:proxy_redirect] %>
+    proxy_redirect    <%= nginx[:proxy_redirect] %>;
+    <%- end %>
+  }
+}
+<%- end %>
+<%- end %>

data/templates/docker/docker-compose.yml.erb

@@ -0,0 +1,58 @@
+version: "3"
+<% https = upstreams.any?{|upstream| upstream[:domains].any?{|domain| domain.include?("https://")}} %>
+services:
+
+  nginx:
+    image: nginx:1.15-alpine
+    container_name: nginx
+    restart: unless-stopped
+    ports:
+      - 80:80
+      <%- if https %>
+      - 443:443
+      <%- end %>
+    depends_on:
+      <%- upstreams.each do |upstream| %>
+      - <%= upstream.name %>
+      <%- end %>
+    volumes:
+      - ./data/nginx:/etc/nginx/conf.d
+  <%- if https %>
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+
+  certbot:
+    image: certbot/certbot:v0.27.1
+    container_name: certbot
+    restart: unless-stopped
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  <%- end %>
+  <%- services.to_h.each do |name, spec| %>
+
+  <%= name %>:
+<%= OpenStruct.to_hash(spec).to_yaml.sub(/^.*?\n/, "").indent(4) %>
+  <%- end %>
+  <%- upstreams.each do |upstream| %>
+
+  <%= upstream.name %>:
+    image: <%= upstream.name %>
+    restart: always
+    <%- unless upstream[:compose].inspect.match(/\bports\b/) %>
+    ports:
+      - <%= upstream.port %>
+    <%- end %>
+    <%- if upstream[:compose] %>
+<%= OpenStruct.to_hash(upstream[:compose]).to_yaml.sub(/^.*?\n/, "").indent(4) %>
+    <%- end %>
+  <%- end %>
+<%- unless (volumes || []).empty? %>
+
+volumes:
+<%- volumes.each do |volume| %>
+  <%= volume %>:
+<%- end %>
+<%- end %>

data/templates/docker/upstream/Dockerfile.phoenix.erb

@@ -0,0 +1,13 @@
+FROM elixir:<%= upstream.elixir_version %>-alpine
+
+RUN apk update \
+&& apk --no-cache --update add alpine-sdk \
+&& mix local.rebar --force \
+&& mix local.hex --force
+
+WORKDIR /opt/app
+COPY . .
+
+ENV MIX_ENV=prod
+RUN mix do deps.get --only prod, deps.compile
+CMD ["sh", "-c", "mix phx.server"]

data/templates/docker/upstream/Dockerfile.plug.erb

@@ -0,0 +1,13 @@
+FROM elixir:<%= upstream.elixir_version %>-alpine
+
+RUN apk update \
+&& apk --no-cache --update add alpine-sdk \
+&& mix local.rebar --force \
+&& mix local.hex --force
+
+WORKDIR /opt/app
+COPY . .
+
+ENV MIX_ENV=prod
+RUN mix do deps.get --only prod, deps.compile
+CMD ["sh", "-c", "mix run --no-halt"]

data/templates/docker/upstream/Dockerfile.rack.erb

@@ -0,0 +1,16 @@
+FROM ruby:<%= upstream.ruby_version %>-alpine
+
+RUN apk update \
+&& apk --no-cache --update add \
+  build-base nodejs tzdata \
+  mysql-dev mysql-client --no-install-recommends \
+  postgresql-dev postgresql-client \
+  libxslt-dev libxml2-dev
+
+WORKDIR /opt/app
+COPY . .
+
+ENV RACK_ENV=production
+RUN gem install bundler -v <%= upstream.bundler_version %>
+RUN bundle install --without development test
+CMD ["bundle", "exec", "rackup", "config.ru", "-o", "0.0.0.0"]

data/templates/docker/upstream/Dockerfile.rails.erb

@@ -0,0 +1,18 @@
+FROM ruby:<%= upstream.ruby_version %>-alpine
+
+RUN apk update \
+&& apk --no-cache --update add \
+  build-base nodejs tzdata \
+  mysql-dev mysql-client --no-install-recommends \
+  postgresql-dev postgresql-client \
+  libxslt-dev libxml2-dev
+
+WORKDIR /opt/app
+COPY . .
+
+ENV RAILS_ENV=production
+EXPOSE <%= upstream.port %>
+RUN gem install bundler -v <%= upstream.bundler_version %>
+RUN bundle install --without development test
+CMD ["rm", "-f", "tmp/pids/server.pid"]
+CMD ["rails", "server", "-b", "0.0.0.0"]

data/templates/docker/upstream/init-letsencrypt.sh.erb

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+<%- if (domains = upstream[:domains].collect{|domain| domain.dup.gsub!("https://", "")}.compact).any? %>
+domains=(<%= domains.join(" ") %>)
+email="<%= upstream[:email] || "noreply@#{domains.first}" %>" # Adding a valid address is strongly recommended
+data_path="./data/certbot"
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+rsa_key_size=4096
+
+if [ -d "$data_path" ]; then
+  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
+  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
+    exit
+  fi
+fi
+
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "$data_path/conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/v0.40.1/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/v0.40.1/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  echo
+fi
+
+echo "### Creating dummy certificate for $domains ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$data_path/conf/live/$domains"
+docker-compose run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:1024 -days 1\
+    -keyout '$path/privkey.pem' \
+    -out '$path/fullchain.pem' \
+    -subj '/CN=localhost'" certbot
+echo
+
+echo "### Starting nginx ..."
+docker-compose up --force-recreate -d nginx
+echo
+
+echo "### Deleting dummy certificate for $domains ..."
+docker-compose run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/$domains && \
+  rm -Rf /etc/letsencrypt/archive/$domains && \
+  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+echo
+
+echo "### Requesting Let's Encrypt certificate for $domains ..."
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+# Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+# Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /var/www/certbot \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+echo
+
+echo "### Reloading nginx ..."
+docker-compose exec nginx nginx -s reload
+<%- else %>
+# NO HTTPS
+<%- end %>

data/test/test_helper.rb

@@ -0,0 +1,12 @@
+require_relative "test_helper/coverage"
+
+require "minitest"
+require "minitest/autorun"
+require "mocha/setup"
+
+def path(path)
+  File.expand_path "../../#{path}", __FILE__
+end
+
+require "bundler"
+Bundler.require :default, :development, :test

data/test/test_helper/coverage.rb

@@ -0,0 +1,8 @@
+if Dir.pwd == File.expand_path("../../..", __FILE__)
+  require "simplecov"
+  SimpleCov.coverage_dir "test/coverage"
+  SimpleCov.start do
+    add_group "VPS", "lib"
+    add_group "Test suite", "test"
+  end
+end

data/test/unit/test_version.rb

@@ -0,0 +1,15 @@
+require_relative "../test_helper"
+
+module Unit
+  class TestVersion < MiniTest::Test
+
+    describe VPS::VERSION do
+      it "has the current version" do
+        version = File.read(path("VERSION")).strip
+        assert_equal version, VPS::VERSION
+        assert File.read(path "CHANGELOG.md").include?("Version #{version} ")
+      end
+    end
+
+  end
+end

data/vps.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path("../lib/vps/version", __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Paul Engel"]
+  gem.email         = ["pm_engel@icloud.com"]
+  gem.summary       = %q{Zero-config deployments of Plug, Phoenix, Rack and Rails apps on a clean Ubuntu server using Docker and Let's Encrypt}
+  gem.description   = %q{Zero-config deployments of Plug, Phoenix, Rack and Rails apps on a clean Ubuntu server using Docker and Let's Encrypt}
+  gem.homepage      = "https://github.com/archan937/vps"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "vps"
+  gem.require_paths = ["lib"]
+  gem.version       = VPS::VERSION
+  gem.licenses      = ["MIT"]
+
+  gem.add_dependency "thor"
+  gem.add_dependency "erubis"
+  gem.add_dependency "inquirer"
+  gem.add_dependency "net-ssh"
+  gem.add_dependency "activesupport", ">= 4.1.8"
+
+  gem.add_development_dependency "pry"
+  gem.add_development_dependency "simplecov"
+  gem.add_development_dependency "minitest"
+  gem.add_development_dependency "mocha"
+end

metadata

@@ -0,0 +1,214 @@
+--- !ruby/object:Gem::Specification
+name: vps
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Paul Engel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-12-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: inquirer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.8
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Zero-config deployments of Plug, Phoenix, Rack and Rails apps on a clean
+  Ubuntu server using Docker and Let's Encrypt
+email:
+- pm_engel@icloud.com
+executables:
+- vps
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- VERSION
+- bin/vps
+- config/services.yml
+- lib/vps.rb
+- lib/vps/cli.rb
+- lib/vps/cli/domain.rb
+- lib/vps/cli/playbook.rb
+- lib/vps/cli/playbook/state.rb
+- lib/vps/cli/playbook/tasks.rb
+- lib/vps/cli/service.rb
+- lib/vps/cli/upstream.rb
+- lib/vps/core_ext/ostruct.rb
+- lib/vps/core_ext/string.rb
+- lib/vps/version.rb
+- playbooks/deploy.yml
+- playbooks/deploy/docker.yml
+- playbooks/init.yml
+- playbooks/init/ubuntu-18.04.yml
+- playbooks/install.yml
+- playbooks/install/docker/ubuntu-18.04.yml
+- script/console
+- templates/docker/data/nginx/app.conf.erb
+- templates/docker/docker-compose.yml.erb
+- templates/docker/upstream/Dockerfile.phoenix.erb
+- templates/docker/upstream/Dockerfile.plug.erb
+- templates/docker/upstream/Dockerfile.rack.erb
+- templates/docker/upstream/Dockerfile.rails.erb
+- templates/docker/upstream/init-letsencrypt.sh.erb
+- test/test_helper.rb
+- test/test_helper/coverage.rb
+- test/unit/test_version.rb
+- vps.gemspec
+homepage: https://github.com/archan937/vps
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.4
+signing_key: 
+specification_version: 4
+summary: Zero-config deployments of Plug, Phoenix, Rack and Rails apps on a clean
+  Ubuntu server using Docker and Let's Encrypt
+test_files:
+- test/test_helper.rb
+- test/test_helper/coverage.rb
+- test/unit/test_version.rb