@ebowwa/hetzner 0.2.2 → 0.3.0

package/onboarding/git.ts

@@ -1,133 +0,0 @@
-/**
- * Git Onboarding
- *
- * Configure Git credentials on remote servers.
- * Sets up GitHub token for gh cli and git credential helper.
- */
-
-import type { SSHOptions } from "@ebowwa/terminal/types";
-
-export interface GitConfig {
-  username?: string;
-  email?: string;
-  githubToken?: string;
-}
-
-/**
- * Configure Git on a remote server
- *
- * @param host - Server IP or hostname
- * @param config - Git configuration
- * @param sshOptions - SSH options
- * @returns Success status
- */
-export async function onboardGit(
-  host: string,
-  config: GitConfig,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<{ success: boolean; message: string }> {
-  const { execSSH } = await import("@ebowwa/terminal/client");
-
-  const { username = "root", email, githubToken } = config;
-
-  try {
-    const commands: string[] = [];
-
-    // Configure git user
-    commands.push(`git config --global user.name "${username}"`);
-
-    if (email) {
-      commands.push(`git config --global user.email "${email}"`);
-    }
-
-    // Configure credential helper
-    commands.push(`
-      git config --global credential.helper store
-      mkdir -p ~/.config/gh
-    `);
-
-    // Configure GitHub CLI token if provided
-    if (githubToken) {
-      commands.push(`
-        echo "github.com:" ${username}:${githubToken} > ~/.git-credentials
-        chmod 600 ~/.git-credentials
-        echo "GITHUB_TOKEN=${githubToken}" > ~/.config/gh/hosts.yml
-        chmod 600 ~/.config/gh/hosts.yml
-      `);
-    }
-
-    const cmd = commands.join(" && ");
-
-    await execSSH(cmd, {
-      host,
-      user: "root",
-      timeout: 10000,
-      ...sshOptions
-    });
-
-    return {
-      success: true,
-      message: `Git configured for ${username}${email ? ` (${email})` : ""}`
-    };
-  } catch (error) {
-    return {
-      success: false,
-      message: `Git configuration failed: ${error instanceof Error ? error.message : String(error)}`
-    };
-  }
-}
-
-/**
- * Check Git status on a remote server
- *
- * @param host - Server IP or hostname
- * @param sshOptions - SSH options
- * @returns Git status
- */
-export async function checkGitStatus(
-  host: string,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<{ configured: boolean; username?: string; email?: string; hasToken: boolean; message: string }> {
-  const { execSSH } = await import("@ebowwa/terminal/client");
-
-  try {
-    const checkCmd = `
-      git config --global user.name 2>/dev/null || echo "NOT_SET"
-      git config --global user.email 2>/dev/null || echo "NOT_SET"
-      test -f ~/.git-credentials && echo "HAS_CREDS" || echo "NO_CREDS"
-      test -f ~/.config/gh/hosts.yml && echo "HAS_GH_TOKEN" || echo "NO_GH_TOKEN"
-    `;
-
-    const result = await execSSH(checkCmd, {
-      host,
-      user: "root",
-      timeout: 5000,
-      ...sshOptions
-    });
-
-    const lines = result.trim().split("\n");
-
-    const username = lines[0]?.trim();
-    const email = lines[1]?.trim();
-    const hasCreds = lines[2]?.includes("HAS_CREDS");
-    const hasGhToken = lines[3]?.includes("HAS_GH_TOKEN");
-
-    const configured = username !== "NOT_SET";
-
-    return {
-      configured,
-      username: username !== "NOT_SET" ? username : undefined,
-      email: email !== "NOT_SET" ? email : undefined,
-      hasToken: hasCreds || hasGhToken,
-      message: configured
-        ? `Git configured: ${username}${email ? ` <${email}>` : ""}`
-        : "Git not configured"
-    };
-  } catch (error) {
-    return {
-      configured: false,
-      hasToken: false,
-      message: `Could not check Git status: ${error instanceof Error ? error.message : String(error)}`
-    };
-  }
-}

package/onboarding/index.ts

@@ -1,18 +0,0 @@
-/**
- * Hetzner Onboarding Module
- *
- * Post-boot configuration for newly provisioned servers.
- * Handles services that require secrets/tokens:
- * - Doppler (secrets management)
- * - Tailscale (VPN)
- * - Git (credentials)
- *
- * This is Phase 2 of the bootstrap process, running after
- * cloud-init completes the initial installation.
- */
-
-export { OnboardingConfig, OnboardingStatus, OnboardingResult } from "./types.js";
-export { onboardDoppler, checkDopplerStatus } from "./doppler.js";
-export { onboardTailscale, checkTailscaleStatus } from "./tailscale.js";
-export { onboardGit, checkGitStatus } from "./git.js";
-export { onboardServer, checkOnboardingStatus, onboardBatch } from "./onboarding.js";

package/onboarding/onboarding.ts

@@ -1,193 +0,0 @@
-/**
- * Server Onboarding
- *
- * Main onboarding orchestration.
- * Coordinates Doppler, Tailscale, and Git onboarding.
- */
-
-import type { SSHOptions } from "@ebowwa/terminal/types";
-import type {
-  OnboardingConfig,
-  OnboardingStatus,
-  OnboardingResult,
-  BatchOnboardingResult,
-} from "./types.js";
-import { checkDopplerStatus, onboardDoppler } from "./doppler.js";
-import { checkTailscaleStatus, onboardTailscale } from "./tailscale.js";
-import { checkGitStatus, onboardGit } from "./git.js";
-
-/**
- * Onboard a single server with all configured services
- *
- * @param config - Onboarding configuration
- * @param sshOptions - Additional SSH options
- * @returns Onboarding result
- */
-export async function onboardServer(
-  config: OnboardingConfig,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<OnboardingResult> {
-  const { host, user = "root", doppler, tailscale, git } = config;
-
-  const configured: ("doppler" | "tailscale" | "git")[] = [];
-  const failed: Array<{
-    service: "doppler" | "tailscale" | "git";
-    error: string;
-  }> = [];
-
-  const baseSshOptions: Partial<SSHOptions> = {
-    user,
-    ...sshOptions
-  };
-
-  // Onboard Doppler
-  if (doppler) {
-    const result = await onboardDoppler(host, doppler, baseSshOptions);
-    if (result.success) {
-      configured.push("doppler");
-    } else {
-      failed.push({ service: "doppler", error: result.message });
-    }
-  }
-
-  // Onboard Tailscale
-  if (tailscale) {
-    const result = await onboardTailscale(host, tailscale, baseSshOptions);
-    if (result.success) {
-      configured.push("tailscale");
-    } else {
-      failed.push({ service: "tailscale", error: result.message });
-    }
-  }
-
-  // Onboard Git
-  if (git) {
-    const result = await onboardGit(host, git, baseSshOptions);
-    if (result.success) {
-      configured.push("git");
-    } else {
-      failed.push({ service: "git", error: result.message });
-    }
-  }
-
-  return {
-    host,
-    configured,
-    failed,
-    success: failed.length === 0,
-    completedAt: new Date().toISOString(),
-  };
-}
-
-/**
- * Check onboarding status of a server
- *
- * @param host - Server IP or hostname
- * @param sshOptions - SSH options
- * @returns Onboarding status
- */
-export async function checkOnboardingStatus(
-  host: string,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<OnboardingStatus> {
-  const user = "root";
-
-  const [dopplerStatus, tailscaleStatus, gitStatus] = await Promise.all([
-    checkDopplerStatus(host, { user, ...sshOptions }),
-    checkTailscaleStatus(host, { user, ...sshOptions }),
-    checkGitStatus(host, { user, ...sshOptions }),
-  ]);
-
-  const services = {
-    doppler: {
-      service: "doppler",
-      configured: dopplerStatus.configured,
-      message: dopplerStatus.message,
-      details: dopplerStatus.project
-        ? { project: dopplerStatus.project, config: dopplerStatus.config }
-        : undefined,
-    } as const,
-    tailscale: {
-      service: "tailscale",
-      configured: tailscaleStatus.configured,
-      message: tailscaleStatus.message,
-      details: tailscaleStatus.tailscaleIp
-        ? { tailscaleIp: tailscaleStatus.tailscaleIp, hostname: tailscaleStatus.hostname }
-        : undefined,
-    } as const,
-    git: {
-      service: "git",
-      configured: gitStatus.configured,
-      message: gitStatus.message,
-      details: gitStatus.username
-        ? { username: gitStatus.username, email: gitStatus.email }
-        : undefined,
-    } as const,
-  };
-
-  const complete = services.doppler.configured && services.tailscale.configured && services.git.configured;
-
-  return {
-    host,
-    services,
-    complete,
-    checkedAt: new Date().toISOString(),
-  };
-}
-
-/**
- * Onboard multiple servers in parallel
- *
- * @param hosts - List of server IPs/hostnames
- * @param sharedConfig - Shared onboarding config for all servers
- * @param sshOptions - SSH options
- * @returns Batch onboarding result
- */
-export async function onboardBatch(
-  hosts: string[],
-  sharedConfig: Omit<OnboardingConfig, "host">,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<BatchOnboardingResult> {
-  // Onboard all servers in parallel
-  const results = await Promise.all(
-    hosts.map((host) =>
-      onboardServer({ ...sharedConfig, host }, sshOptions)
-    )
-  );
-
-  // Calculate summary
-  const succeeded = results.filter((r) => r.success).length;
-  const failed = results.filter((r) => !r.success).length;
-  const partial = results.filter((r) => !r.success && r.configured.length > 0).length;
-
-  return {
-    results,
-    summary: {
-      total: results.length,
-      succeeded,
-      failed,
-      partial,
-    },
-  };
-}
-
-/**
- * Quick onboarding check for multiple servers
- *
- * @param hosts - List of server IPs/hostnames
- * @param sshOptions - SSH options
- * @returns Map of host to onboarding status
- */
-export async function checkBatchStatus(
-  hosts: string[],
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<Map<string, OnboardingStatus>> {
-  const statuses = await Promise.all(
-    hosts.map(async (host) => {
-      const status = await checkOnboardingStatus(host, sshOptions);
-      return { host, status };
-    })
-  );
-
-  return new Map(statuses.map(({ host, status }) => [host, status]));
-}

package/onboarding/tailscale.ts

@@ -1,159 +0,0 @@
-/**
- * Tailscale Onboarding
- *
- * Join Tailscale network on remote servers.
- * Enables secure VPN access to servers.
- */
-
-import type { SSHOptions } from "@ebowwa/terminal/types";
-
-export interface TailscaleConfig {
-  authKey: string;
-  hostname?: string;
-  tags?: string[];
-}
-
-/**
- * Join Tailscale network on a remote server
- *
- * @param host - Server IP or hostname
- * @param config - Tailscale configuration
- * @param sshOptions - SSH options
- * @returns Success status with Tailscale IP
- */
-export async function onboardTailscale(
-  host: string,
-  config: TailscaleConfig,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<{ success: boolean; message: string; tailscaleIp?: string }> {
-  const { execSSH } = await import("@ebowwa/terminal/client");
-
-  const { authKey, hostname, tags = [] } = config;
-
-  try {
-    // Step 1: Install Tailscale if not present
-    const installCmd = `
-      if ! command -v tailscale &>/dev/null; then
-        curl -fsSL https://tailscale.com/install.sh | sh
-      fi
-    `;
-
-    await execSSH(installCmd, {
-      host,
-      user: "root",
-      timeout: 60000, // 1 minute for install
-      ...sshOptions
-    });
-
-    // Step 2: Build tailscale up command
-    const upArgs = ["up", "--authkey", authKey];
-
-    if (hostname) {
-      upArgs.push("--hostname", hostname);
-    }
-
-    if (tags.length > 0) {
-      upArgs.push("--tags", tags.join(","));
-    }
-
-    const upCmd = `tailscale ${upArgs.join(" ")}`;
-
-    // Step 3: Run tailscale up
-    await execSSH(upCmd, {
-      host,
-      user: "root",
-      timeout: 30000,
-      ...sshOptions
-    });
-
-    // Step 4: Get Tailscale IP
-    const ipCmd = "tailscale ip -4 2>/dev/null || tailscale ip 2>/dev/null || echo 'PENDING'";
-
-    const ipResult = await execSSH(ipCmd, {
-      host,
-      user: "root",
-      timeout: 5000,
-      ...sshOptions
-    });
-
-    const tailscaleIp = ipResult.trim();
-
-    return {
-      success: true,
-      message: hostname
-        ? `Tailscale joined as ${hostname}`
-        : "Tailscale joined",
-      tailscaleIp: tailscaleIp !== "PENDING" ? tailscaleIp : undefined
-    };
-  } catch (error) {
-    return {
-      success: false,
-      message: `Tailscale onboarding failed: ${error instanceof Error ? error.message : String(error)}`
-    };
-  }
-}
-
-/**
- * Check Tailscale status on a remote server
- *
- * @param host - Server IP or hostname
- * @param sshOptions - SSH options
- * @returns Tailscale status
- */
-export async function checkTailscaleStatus(
-  host: string,
-  sshOptions: Partial<SSHOptions> = {}
-): Promise<{ configured: boolean; tailscaleIp?: string; hostname?: string; message: string }> {
-  const { execSSH } = await import("@ebowwa/terminal/client");
-
-  try {
-    // Check if tailscale is installed and running
-    const checkCmd = `
-      command -v tailscale &>/dev/null || echo "NOT_INSTALLED"
-      tailscale status --json 2>/dev/null || echo "NOT_RUNNING"
-    `;
-
-    const result = await execSSH(checkCmd, {
-      host,
-      user: "root",
-      timeout: 10000,
-      ...sshOptions
-    });
-
-    const lines = result.trim().split("\n");
-
-    if (lines[0]?.includes("NOT_INSTALLED")) {
-      return {
-        configured: false,
-        message: "Tailscale not installed"
-      };
-    }
-
-    const statusJson = lines[1] || "";
-
-    if (statusJson.includes("NOT_RUNNING")) {
-      return {
-        configured: false,
-        message: "Tailscale installed but not running"
-      };
-    }
-
-    // Parse status JSON
-    const status = JSON.parse(statusJson);
-
-    const tailscaleIp = status.TailnetIPs?.[0] || status.IPv4;
-    const hostname = status.HostName?.HostName || status.HostName;
-
-    return {
-      configured: true,
-      tailscaleIp,
-      hostname,
-      message: `Tailscale connected as ${hostname || "unknown"} (${tailscaleIp || "no IP"})`
-    };
-  } catch (error) {
-    return {
-      configured: false,
-      message: `Could not check Tailscale status: ${error instanceof Error ? error.message : String(error)}`
-    };
-  }
-}

package/onboarding/types.ts

@@ -1,115 +0,0 @@
-/**
- * Onboarding Types
- *
- * Type definitions for server onboarding operations.
- */
-
-/**
- * Onboarding configuration for a server
- */
-export interface OnboardingConfig {
-  /** Server IP or hostname */
-  host: string;
-
-  /** SSH user (default: root) */
-  user?: string;
-
-  /** SSH port (default: 22) */
-  port?: number;
-
-  /** Doppler configuration */
-  doppler?: {
-    /** Doppler service token */
-    token: string;
-    /** Doppler project (default: seed) */
-    project?: string;
-    /** Doppler config (default: prd) */
-    config?: string;
-  };
-
-  /** Tailscale configuration */
-  tailscale?: {
-    /** Tailscale auth key */
-    authKey: string;
-    /** Tailscale hostname (optional) */
-    hostname?: string;
-    /** Tailscale tags (optional) */
-    tags?: string[];
-  };
-
-  /** Git configuration */
-  git?: {
-    /** Git username */
-    username?: string;
-    /** Git email */
-    email?: string;
-    /** GitHub token for gh cli */
-    githubToken?: string;
-  };
-}
-
-/**
- * Onboarding status for a single service
- */
-export interface ServiceStatus {
-  /** Service name */
-  service: "doppler" | "tailscale" | "git";
-  /** Whether service is configured */
-  configured: boolean;
-  /** Status message */
-  message: string;
-  /** Configuration details (sanitized) */
-  details?: Record<string, unknown>;
-}
-
-/**
- * Overall onboarding status
- */
-export interface OnboardingStatus {
-  /** Server being checked */
-  host: string;
-  /** Status of each service */
-  services: {
-    doppler: ServiceStatus;
-    tailscale: ServiceStatus;
-    git: ServiceStatus;
-  };
-  /** Overall onboarding complete */
-  complete: boolean;
-  /** Timestamp */
-  checkedAt: string;
-}
-
-/**
- * Result of an onboarding operation
- */
-export interface OnboardingResult {
-  /** Server that was onboarded */
-  host: string;
-  /** Services that were configured */
-  configured: ("doppler" | "tailscale" | "git")[];
-  /** Services that failed */
-  failed: Array<{
-    service: "doppler" | "tailscale" | "git";
-    error: string;
-  }>;
-  /** Overall success */
-  success: boolean;
-  /** Timestamp */
-  completedAt: string;
-}
-
-/**
- * Batch onboarding result
- */
-export interface BatchOnboardingResult {
-  /** Results for each server */
-  results: OnboardingResult[];
-  /** Summary statistics */
-  summary: {
-    total: number;
-    succeeded: number;
-    failed: number;
-    partial: number;
-  };
-}