fujin-cli 0.1.0__py3-none-any.whl → 0.3.0__py3-none-any.whl

fujin/errors.py

@@ -0,0 +1,5 @@
+import cappa
+
+
+class ImproperlyConfiguredError(cappa.Exit):
+    code = 1

fujin/hooks.py

@@ -0,0 +1,55 @@
+from dataclasses import dataclass
+
+from fujin.connection import Connection
+from rich import print as rich_print
+
+try:
+    from enum import StrEnum
+except ImportError:
+    from enum import Enum
+
+    class StrEnum(str, Enum):
+        pass
+
+
+class Hook(StrEnum):
+    PRE_DEPLOY = "pre_deploy"
+    POST_DEPLOY = "post_deploy"
+    PRE_BOOTSTRAP = "pre_bootstrap"
+    POST_BOOTSTRAP = "post_bootstrap"
+    PRE_TEARDOWN = "pre_teardown"
+    POST_TEARDOWN = "post_teardown"
+
+
+HooksDict = dict[Hook, dict]
+
+
+@dataclass(frozen=True, slots=True)
+class HookManager:
+    app_name: str
+    hooks: HooksDict
+    conn: Connection
+
+    def _run_hook(self, type_: Hook) -> None:
+        if hooks := self.hooks.get(type_):
+            for name, command in hooks.items():
+                rich_print(f"[blue]Running {type_} hook {name} [/blue]")
+                self.conn.run(command, pty=True)
+
+    def pre_deploy(self) -> None:
+        self._run_hook(Hook.PRE_DEPLOY)
+
+    def post_deploy(self) -> None:
+        self._run_hook(Hook.POST_DEPLOY)
+
+    def pre_bootstrap(self) -> None:
+        self._run_hook(Hook.PRE_BOOTSTRAP)
+
+    def post_bootstrap(self) -> None:
+        self._run_hook(Hook.POST_BOOTSTRAP)
+
+    def pre_teardown(self) -> None:
+        self._run_hook(Hook.PRE_TEARDOWN)
+
+    def post_teardown(self) -> None:
+        self._run_hook(Hook.POST_TEARDOWN)

fujin/process_managers/__init__.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+from typing import Protocol
+from typing import TYPE_CHECKING
+
+from fujin.connection import Connection
+
+if TYPE_CHECKING:
+    from fujin.config import Config
+
+
+class ProcessManager(Protocol):
+    service_names: list[str]
+
+    @classmethod
+    def create(cls, config: Config, conn: Connection) -> ProcessManager: ...
+
+    def get_service_name(self, process_name: str): ...
+
+    def install_services(self) -> None: ...
+
+    def uninstall_services(self) -> None: ...
+
+    def start_services(self, *names) -> None: ...
+
+    def restart_services(self, *names) -> None: ...
+
+    def stop_services(self, *names) -> None: ...
+
+    def is_enabled(self, *names) -> dict[str, bool]: ...
+
+    def is_active(self, *names) -> dict[str, bool]: ...
+
+    def service_logs(self, name: str, follow: bool = False): ...
+
+    def reload_configuration(self) -> None: ...
+
+    def get_configuration_files(
+        self, ignore_local: bool = False
+    ) -> list[tuple[str, str]]: ...

fujin/process_managers/systemd.py

@@ -0,0 +1,155 @@
+from __future__ import annotations
+
+import importlib.util
+from dataclasses import dataclass
+from pathlib import Path
+
+from fujin.config import Config
+from fujin.connection import Connection
+
+
+@dataclass(frozen=True, slots=True)
+class ProcessManager:
+    conn: Connection
+    app_name: str
+    processes: dict[str, str]
+    app_dir: str
+    user: str
+    is_using_unix_socket: bool
+    local_config_dir: Path
+
+    @classmethod
+    def create(cls, config: Config, conn: Connection):
+        return cls(
+            processes=config.processes,
+            app_name=config.app_name,
+            app_dir=config.host.get_app_dir(config.app_name),
+            conn=conn,
+            user=config.host.user,
+            is_using_unix_socket="unix" in config.webserver.upstream
+            and config.webserver.type != "fujin.proxies.dummy",
+            local_config_dir=config.local_config_dir,
+        )
+
+    @property
+    def service_names(self) -> list[str]:
+        services = [self.get_service_name(name) for name in self.processes]
+        if self.is_using_unix_socket:
+            services.append(f"{self.app_name}.socket")
+        return services
+
+    def get_service_name(self, process_name: str):
+        if process_name == "web":
+            return f"{self.app_name}.service"
+        return f"{self.app_name}-{process_name}.service"
+
+    def run_pty(self, *args, **kwargs):
+        return self.conn.run(*args, **kwargs, pty=True)
+
+    def install_services(self) -> None:
+        conf_files = self.get_configuration_files()
+        for filename, content in conf_files:
+            self.run_pty(
+                f"echo '{content}' | sudo tee /etc/systemd/system/{filename}",
+                hide="out",
+            )
+
+        for name in self.processes:
+            if name == "web" and self.is_using_unix_socket:
+                self.run_pty(f"sudo systemctl enable --now {self.app_name}.socket")
+            else:
+                self.run_pty(f"sudo systemctl enable {self.get_service_name(name)}")
+
+    def get_configuration_files(
+        self, ignore_local: bool = False
+    ) -> list[tuple[str, str]]:
+        templates_folder = (
+            Path(importlib.util.find_spec("fujin").origin).parent / "templates"
+        )
+        web_service_content = (templates_folder / "web.service").read_text()
+        web_socket_content = (templates_folder / "web.socket").read_text()
+        simple_service_content = (templates_folder / "simple.service").read_text()
+        if not self.is_using_unix_socket:
+            web_service_content = web_service_content.replace(
+                "Requires={app_name}.socket\n", ""
+            )
+
+        context = {
+            "app_name": self.app_name,
+            "user": self.user,
+            "app_dir": self.app_dir,
+        }
+
+        files = []
+        for name, command in self.processes.items():
+            template = web_service_content if name == "web" else simple_service_content
+            name = self.get_service_name(name)
+            local_config = self.local_config_dir / name
+            body = (
+                local_config.read_text()
+                if local_config.exists() and not ignore_local
+                else template.format(**context, command=command)
+            )
+            files.append((name, body))
+        # if using unix then we are sure a web process was defined and the proxy is not dummy
+        if self.is_using_unix_socket:
+            name = f"{self.app_name}.socket"
+            local_config = self.local_config_dir / name
+            body = (
+                local_config.read_text()
+                if local_config.exists() and not ignore_local
+                else web_socket_content.format(**context)
+            )
+            files.append((name, body))
+        return files
+
+    def uninstall_services(self) -> None:
+        self.stop_services()
+        for name in self.service_names:
+            self.run_pty(f"sudo systemctl disable {name}", warn=True)
+            self.run_pty(f"sudo rm /etc/systemd/system/{name}", warn=True)
+
+    def start_services(self, *names) -> None:
+        names = names or self.service_names
+        for name in names:
+            if name in self.service_names:
+                self.run_pty(f"sudo systemctl start {name}")
+
+    def restart_services(self, *names) -> None:
+        names = names or self.service_names
+        for name in names:
+            if name in self.service_names:
+                self.run_pty(f"sudo systemctl restart {name}")
+
+    def stop_services(self, *names) -> None:
+        names = names or self.service_names
+        for name in names:
+            if name in self.service_names:
+                self.run_pty(f"sudo systemctl stop {name}")
+
+    def is_enabled(self, *names) -> dict[str, bool]:
+        names = names or self.service_names
+        return {
+            name: self.run_pty(
+                f"sudo systemctl is-enabled {name}", warn=True, hide=True
+            ).stdout.strip()
+            == "enabled"
+            for name in names
+        }
+
+    def is_active(self, *names) -> dict[str, bool]:
+        names = names or self.service_names
+        return {
+            name: self.run_pty(
+                f"sudo systemctl is-active {name}", warn=True, hide=True
+            ).stdout.strip()
+            == "active"
+            for name in names
+        }
+
+    def service_logs(self, name: str, follow: bool = False):
+        # TODO: add more options here
+        self.run_pty(f"sudo journalctl -u {name} {'-f' if follow else ''}", warn=True)
+
+    def reload_configuration(self) -> None:
+        self.run_pty(f"sudo systemctl daemon-reload")

fujin/proxies/__init__.py

@@ -0,0 +1,35 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Protocol
+
+from fujin.config import Config
+from fujin.config import HostConfig
+from fujin.connection import Connection
+
+
+class WebProxy(Protocol):
+    config_file: Path
+
+    @classmethod
+    def create(cls, config: Config, conn: Connection) -> WebProxy: ...
+
+    def install(self) -> None: ...
+
+    def uninstall(self) -> None: ...
+
+    def setup(self) -> None: ...
+
+    def teardown(self) -> None: ...
+
+    def start(self) -> None: ...
+
+    def stop(self) -> None: ...
+
+    def status(self) -> None: ...
+
+    def restart(self) -> None: ...
+
+    def logs(self) -> None: ...
+
+    def export_config(self) -> None: ...

fujin/proxies/caddy.py

@@ -0,0 +1,214 @@
+from __future__ import annotations
+
+import json
+import urllib.request
+from pathlib import Path
+
+import msgspec
+
+from fujin.config import Config
+from fujin.connection import Connection
+
+DEFAULT_VERSION = "2.8.4"
+GH_TAR_FILENAME = "caddy_{version}_linux_amd64.tar.gz"
+GH_DOWNL0AD_URL = (
+    "https://github.com/caddyserver/caddy/releases/download/v{version}/"
+    + GH_TAR_FILENAME
+)
+GH_RELEASE_LATEST_URL = "https://api.github.com/repos/caddyserver/caddy/releases/latest"
+
+
+# TODO: let the user write the configuration with a simple syntax and export use caddy adapter, same for exporting,
+#   don't export to json
+
+
+class WebProxy(msgspec.Struct):
+    conn: Connection
+    domain_name: str
+    app_name: str
+    upstream: str
+    statics: dict[str, str]
+    local_config_dir: Path
+
+    @property
+    def config_file(self) -> Path:
+        return self.local_config_dir / "caddy.json"
+
+    @classmethod
+    def create(cls, config: Config, conn: Connection) -> WebProxy:
+        return cls(
+            conn=conn,
+            domain_name=config.host.domain_name,
+            upstream=config.webserver.upstream,
+            app_name=config.app_name,
+            local_config_dir=config.local_config_dir,
+            statics=config.webserver.statics,
+        )
+
+    def run_pty(self, *args, **kwargs):
+        return self.conn.run(*args, **kwargs, pty=True)
+
+    def install(self):
+        version = get_latest_gh_tag()
+        download_url = GH_DOWNL0AD_URL.format(version=version)
+        filename = GH_TAR_FILENAME.format(version=version)
+        with self.conn.cd("/tmp"):
+            self.conn.run(f"curl -O -L {download_url}")
+            self.conn.run(f"tar -xzvf {filename}")
+            self.run_pty("sudo mv caddy /usr/bin/")
+            self.conn.run(f"rm {filename}")
+            self.conn.run("rm LICENSE && rm README.md")
+        self.run_pty("sudo groupadd --force --system caddy")
+        self.conn.run(
+            "sudo useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment 'Caddy web server' caddy",
+            pty=True,
+            warn=True,
+        )
+        self.conn.run(
+            f"echo '{systemd_service}' | sudo tee /etc/systemd/system/caddy-api.service",
+            hide="out",
+            pty=True,
+        )
+        self.run_pty("sudo systemctl daemon-reload")
+        self.run_pty("sudo systemctl enable --now caddy-api")
+
+    def uninstall(self):
+        self.stop()
+        self.run_pty("sudo systemctl disable caddy-api")
+        self.run_pty("sudo rm /usr/bin/caddy")
+        self.run_pty("sudo rm /etc/systemd/system/caddy-api.service")
+        self.run_pty("sudo userdel caddy")
+
+    def setup(self):
+        config = (
+            json.loads(self.config_file.read_text())
+            if self.config_file.exists()
+            else self._get_config()
+        )
+        self.conn.run(f"echo '{json.dumps(config)}' > caddy.json")
+        self.conn.run(
+            f"curl localhost:2019/config/apps/http/servers/{self.app_name} -H 'Content-Type: application/json' -d @caddy.json"
+        )
+        # TODO: stop when received an {"error":"loading config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: permission denied"}, not a 200 ok
+
+    def teardown(self):
+        self.conn.run(f"echo '{json.dumps({})}' > caddy.json")
+        self.conn.run(
+            f"curl localhost:2019/config/apps/http/servers/{self.app_name} -H 'Content-Type: application/json' -d @caddy.json"
+        )
+
+    def start(self) -> None:
+        self.run_pty("sudo systemctl start caddy-api")
+
+    def stop(self) -> None:
+        self.run_pty("sudo systemctl stop caddy-api")
+
+    def status(self) -> None:
+        self.run_pty("sudo systemctl status caddy-api", warn=True)
+
+    def restart(self) -> None:
+        self.run_pty("sudo systemctl restart caddy-api")
+
+    def logs(self) -> None:
+        self.run_pty(f"sudo journalctl -u caddy-api -f", warn=True)
+
+    def export_config(self) -> None:
+        self.config_file.write_text(json.dumps(self._get_config()))
+
+    def _get_config(self) -> dict:
+        handle = []
+        config = {
+            "listen": [":443"],
+            "routes": [
+                {
+                    "match": [{"host": [self.domain_name]}],
+                    "handle": handle,
+                }
+            ],
+        }
+        reverse_proxy = {
+            "handler": "reverse_proxy",
+            "upstreams": [{"dial": self.upstream}],
+        }
+        if not self.statics:
+            handle.append(reverse_proxy)
+            return config
+        routes = []
+        handle.append({"handler": "subroute", "routes": routes})
+        for path, directory in self.statics.items():
+            strip_path_prefix = path.replace("/*", "")
+            if strip_path_prefix.endswith("/"):
+                strip_path_prefix = strip_path_prefix[:-1]
+            routes.append(
+                {
+                    "handle": [
+                        {
+                            "handler": "subroute",
+                            "routes": [
+                                {
+                                    "handle": [
+                                        {
+                                            "handler": "rewrite",
+                                            "strip_path_prefix": strip_path_prefix,
+                                        }
+                                    ]
+                                },
+                                {
+                                    "handle": [
+                                        {"handler": "vars", "root": directory},
+                                        {
+                                            "handler": "file_server",
+                                        },
+                                    ]
+                                },
+                            ],
+                        }
+                    ],
+                    "match": [{"path": [path]}],
+                }
+            )
+        routes.append({"handle": [reverse_proxy]})
+        return config
+
+
+def get_latest_gh_tag() -> str:
+    with urllib.request.urlopen(GH_RELEASE_LATEST_URL) as response:
+        if response.status != 200:
+            return DEFAULT_VERSION
+        try:
+            data = json.loads(response.read().decode())
+            return data["tag_name"][1:]
+        except (KeyError, json.JSONDecodeError):
+            return DEFAULT_VERSION
+
+
+systemd_service = """
+# caddy-api.service
+#
+# For using Caddy with its API.
+#
+# This unit is "durable" in that it will automatically resume
+# the last active configuration if the service is restarted.
+#
+# See https://caddyserver.com/docs/install for instructions.
+
+[Unit]
+Description=Caddy
+Documentation=https://caddyserver.com/docs/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=notify
+User=caddy
+Group=www-data
+ExecStart=/usr/bin/caddy run --environ --resume
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+"""

fujin/proxies/dummy.py

@@ -0,0 +1,29 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+from fujin.config import Config
+from fujin.connection import Connection
+
+
+class WebProxy:
+    config_file: Path
+
+    @classmethod
+    def create(cls, _: Config, __: Connection) -> WebProxy:
+        return cls()
+
+    def install(self):
+        pass
+
+    def uninstall(self):
+        pass
+
+    def setup(self):
+        pass
+
+    def teardown(self):
+        pass
+
+    def export_config(self):
+        pass

fujin/proxies/nginx.py

@@ -0,0 +1,132 @@
+from __future__ import annotations
+
+import os
+from pathlib import Path
+
+import msgspec
+
+from fujin.config import Config
+from fujin.connection import Connection
+
+CERTBOT_EMAIL = os.getenv("CERTBOT_EMAIL")
+
+
+class WebProxy(msgspec.Struct):
+    conn: Connection
+    domain_name: str
+    app_name: str
+    upstream: str
+    statics: dict[str, str]
+    local_config_dir: Path
+
+    @property
+    def config_file(self) -> Path:
+        return self.local_config_dir / f"{self.app_name}.conf"
+
+    @classmethod
+    def create(cls, config: Config, conn: Connection) -> WebProxy:
+        return cls(
+            conn=conn,
+            domain_name=config.host.domain_name,
+            upstream=config.webserver.upstream,
+            app_name=config.app_name,
+            local_config_dir=config.local_config_dir,
+            statics=config.webserver.statics,
+        )
+
+    def run_pty(self, *args, **kwargs):
+        return self.conn.run(*args, **kwargs, pty=True)
+
+    def install(self):
+        self.conn.run(
+            "sudo apt install -y nginx libpq-dev python3-dev python3-certbot-nginx"
+        )
+
+    def uninstall(self):
+        self.stop()
+        self.conn.run("sudo apt remove -y nginx")
+        self.conn.run(f"sudo rm /etc/nginx/sites-available/{self.app_name}.conf")
+        self.conn.run(f"sudo rm /etc/nginx/sites-enabled/{self.app_name}.conf")
+        self.conn.run("sudo systemctl disable certbot.timer")
+        self.conn.run("sudo apt remove -y python3-certbot-nginx")
+
+    def setup(self):
+        conf = (
+            self.config_file.read_text()
+            if self.config_file.exists()
+            else self._get_config()
+        )
+        self.run_pty(
+            f"sudo echo '{conf}' | sudo tee /etc/nginx/sites-available/{self.app_name}.conf",
+            hide="out",
+        )
+        self.run_pty(
+            f"sudo ln -sf /etc/nginx/sites-available/{self.app_name}.conf /etc/nginx/sites-enabled/{self.app_name}.conf",
+        )
+        if CERTBOT_EMAIL:
+            cert_path = f"/etc/letsencrypt/live/{self.domain_name}/fullchain.pem"
+            cert_exists = self.conn.run(f"sudo test -f {cert_path}", warn=True).ok
+
+            if not cert_exists:
+                self.conn.run(
+                    f"certbot --nginx -d {self.domain_name} --non-interactive --agree-tos --email {CERTBOT_EMAIL} --redirect"
+                )
+                self.config_file.parent.mkdir(exist_ok=True)
+                self.conn.get(
+                    f"/etc/nginx/sites-available/{self.app_name}.conf",
+                    str(self.config_file),
+                )
+                self.run_pty("sudo systemctl enable certbot.timer")
+                self.run_pty("sudo systemctl start certbot.timer")
+        self.restart()
+
+    def teardown(self):
+        self.run_pty(f"sudo rm /etc/nginx/sites-available/{self.app_name}.conf")
+        self.run_pty(f"sudo rm /etc/nginx/sites-enabled/{self.app_name}.conf")
+        self.run_pty(
+            "sudo systemctl restart nginx",
+        )
+
+    def start(self) -> None:
+        self.run_pty("sudo systemctl start nginx")
+
+    def stop(self) -> None:
+        self.run_pty("sudo systemctl stop nginx")
+
+    def status(self) -> None:
+        self.run_pty("sudo systemctl status nginx", warn=True)
+
+    def restart(self) -> None:
+        self.run_pty("sudo systemctl restart nginx")
+
+    def logs(self) -> None:
+        self.run_pty(f"sudo journalctl -u nginx -f", warn=True)
+
+    def export_config(self) -> None:
+        self.config_file.write_text(self._get_config())
+
+    def _get_config(self) -> str:
+        static_locations = ""
+        for path, directory in self.statics.items():
+            static_locations += f"""
+        location {path} {{
+            alias {directory};
+        }}
+        """
+
+        return f"""
+server {{
+    listen 80;
+    server_name {self.domain_name};
+
+    {static_locations}
+
+    location / {{
+        proxy_pass {self.upstream};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }}
+}}
+"""

fujin/templates/simple.service

@@ -0,0 +1,14 @@
+# All options are documented here https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
+[Unit]
+Description={app_name} Worker
+
+[Service]
+User={user}
+Group={user}
+WorkingDirectory={app_dir}
+ExecStart={app_dir}/{command}
+EnvironmentFile={app_dir}/.env
+Restart=always
+
+[Install]
+WantedBy=multi-user.target