fujin-cli 0.9.1__py3-none-any.whl → 0.11.4__py3-none-any.whl

fujin/__main__.py

@@ -50,9 +50,9 @@ class Fujin:
 def main():
     alias_cmd = _parse_aliases()
     if alias_cmd:
-        cappa.invoke(Fujin, argv=alias_cmd)
+        cappa.invoke(Fujin, argv=alias_cmd, version="0.11.4")
     else:
-        cappa.invoke(Fujin)
+        cappa.invoke(Fujin, version="0.11.4")
 
 
 def _parse_aliases() -> list[str] | None:

fujin/commands/init.py

@@ -57,7 +57,7 @@ def simple_config(app_name) -> dict:
         "host": {
             "user": "root",
             "domain_name": f"{app_name}.com",
-            "env_content": f"DEBUG=False\nALLOWED_HOSTS={app_name}.com\n",
+            "envfile": ".env.prod",
         },
     }
     if not Path(".python-version").exists():

fujin/commands/prune.py

@@ -8,7 +8,7 @@ from fujin.commands import BaseCommand
 
 
 @cappa.command(
-    help="Prune old version artifacts, keeping only the specified number of recent versions"
+    help="Prune old artifacts, keeping only the specified number of recent versions"
 )
 @dataclass
 class Prune(BaseCommand):

fujin/config.py

@@ -1,5 +1,5 @@
 """
-Fujin uses a ``fujin.toml`` file at the root of your project for configuration. Below are all available configuration options.
+Fujin uses a **fujin.toml** file at the root of your project for configuration. Below are all available configuration options.
 
 app
 ---
@@ -7,16 +7,16 @@ The name of your project or application. Must be a valid Python package name.
 
 version
 --------
-The version of your project to build and deploy. If not specified, automatically parsed from ``pyproject.toml`` under ``project.version``.
+The version of your project to build and deploy. If not specified, automatically parsed from **pyproject.toml** under *project.version*.
 
 python_version
 --------------
-The Python version for your virtualenv. If not specified, automatically parsed from ``.python-version`` file. This is only
-required if the installation mode is set to ``python-package``
+The Python version for your virtualenv. If not specified, automatically parsed from **.python-version** file. This is only
+required if the installation mode is set to **python-package**
 
 requirements
 ------------
-Optional path to your requirements file. This will only be used when the installation mode is set to ``python-package``
+Optional path to your requirements file. This will only be used when the installation mode is set to *python-package*
 
 versions_to_keep
 ----------------
@@ -30,31 +30,28 @@ The command to use to build your project's distribution file.
 distfile
 --------
 Path to your project's distribution file. This should be the main artifact containing everything needed to run your project on the server.
-Supports version placeholder, e.g., ``dist/app_name-{version}-py3-none-any.whl``
+Supports version placeholder, e.g., **dist/app_name-{version}-py3-none-any.whl**
 
 installation_mode
 -----------------
 
-Indicates whether the ``distfile`` is a Python package or a self-contained executable. The possible values are ``python-package`` and ``binary``.
-The ``binary`` option disables specific Python-related features, such as virtual environment creation and requirements installation. ``fujin`` will assume the provided
-``distfile`` already contains all the necessary dependencies to run your program.
+Indicates whether the *distfile* is a Python package or a self-contained executable. The possible values are *python-package* and *binary*.
+The *binary* option disables specific Python-related features, such as virtual environment creation and requirements installation. ``fujin`` will assume the provided
+*distfile* already contains all the necessary dependencies to run your program.
 
 release_command
 ---------------
-Optional command to run at the end of deployment (e.g., database migrations).
+Optional command to run at the end of deployment (e.g., database migrations) before your application is started.
 
 secrets
 -------
 
-Optional secrets configuration. If set, Fujin will load secrets from the specified secret management service.
+Optional secrets configuration. If set, ``fujin`` will load secrets from the specified secret management service.
 Check out the `secrets </secrets.html>`_ page for more information.
 
 adapter
 ~~~~~~~
-The secret management service to use. Available options:
-
-- ``bitwarden``
-- ``1password``
+The secret management service to use. The currently available options are *bitwarden*, *1password*, *doppler*
 
 password_env
 ~~~~~~~~~~~~
@@ -63,35 +60,39 @@ Environment variable containing the password for the service account. This is on
 Webserver
 ---------
 
+Web server configurations.
+
 type
 ~~~~
 The reverse proxy implementation to use. Available options:
 
-- ``fujin.proxies.caddy`` (default)
-- ``fujin.proxies.nginx``
-- ``fujin.proxies.dummy`` (disables proxy functionality)
+- *fujin.proxies.caddy* (default)
+- *fujin.proxies.nginx*
+- *fujin.proxies.dummy* (disables proxy)
 
 upstream
 ~~~~~~~~
 The address where your web application listens for requests. Supports any value compatible with your chosen web proxy:
 
-- HTTP address (e.g., ``localhost:8000``)
-- Unix socket (e.g., ``unix//run/project.sock``)
+- HTTP address (e.g., *localhost:8000* )
+- Unix socket caddy (e.g., *unix//run/project.sock* )
+- Unix socket nginx (e.g., *http://unix:/run/project.sock* )
 
 certbot_email
 ~~~~~~~~~~~~~
-Required when Nginx is used as a proxy, to obtain SSL certificates.
+Required when Nginx is used as a proxy to obtain SSL certificates.
 
 statics
 ~~~~~~~
 
 Defines the mapping of URL paths to local directories for serving static files. The syntax and support for static
 file serving depend on the selected reverse proxy. The directories you map should be accessible by the web server, meaning
-with read permissions for the ``www-data`` group; a reliable choice is ``/var/www``.
+with read permissions for the *www-data* group; a reliable choice is **/var/www**.
 
 Example:
 
 .. code-block:: toml
+    :caption: fujin.toml
 
     [webserver]
     upstream = "unix//run/project.sock"
@@ -102,12 +103,12 @@ processes
 ---------
 
 A mapping of process names to commands that will be managed by the process manager. Define as many processes as needed, but
-when using any proxy other than ``fujin.proxies.dummy``, a ``web`` process must be declared.  Refer to the ``apps_dir``
-setting on the host to understand how ``app_dir`` is determined.
+when using any proxy other than *fujin.proxies.dummy*, a *web* process must be declared.
 
 Example:
 
 .. code-block:: toml
+    :caption: fujin.toml
 
     [processes]
     web = ".venv/bin/gunicorn myproject.wsgi:application"
@@ -115,7 +116,8 @@ Example:
 
 .. note::
 
-    Commands are relative to your ``app_dir``. When generating systemd service files, the full path is automatically constructed.
+    Commands are relative to your *app_dir*. When generating systemd service files, the full path is automatically constructed.
+    Refer to the *apps_dir* setting on the host to understand how *app_dir* is determined.
     Here are the templates for the service files:
 
     - `web.service <https://github.com/falcopackages/fujin/blob/main/src/fujin/templates/web.service>`_
@@ -127,7 +129,7 @@ Host Configuration
 
 ip
 ~~
-The IP address or anything that resolves to the remote host IP's. This is use to communicate via ssh with the server, if omitted it's value will default to the one of the ``domain_name``.
+The IP address or anything that resolves to the remote host IP's. This is use to communicate via ssh with the server, if omitted it's value will default to the one of the *domain_name*.
 
 domain_name
 ~~~~~~~~~~~
@@ -141,23 +143,23 @@ The login user for running remote tasks. Should have passwordless sudo access fo
 
     You can create a user with these requirements using the ``fujin server create-user`` command.
 
-env_file
-~~~~~~~~
+envfile
+~~~~~~~
 Path to the production environment file that will be copied to the host.
 
-env_content
-~~~~~~~~~~~
+env
+~~~
 A string containing the production environment variables, ideal for scenarios where most variables are retrieved from secrets and you prefer not to use a separate file.
 
 .. important::
 
-    ``env_file`` and ``env_content`` are mutually exclusive—you can define only one.
+    *envfile* and *env* are mutually exclusive—you can define only one.
 
 apps_dir
 ~~~~~~~~
 
 Base directory for project storage on the host. Path is relative to user's home directory.
-Default: ``.local/share/fujin``. This value determines your project's ``app_dir``, which is ``{apps_dir}/{app}``.
+Default: **.local/share/fujin**. This value determines your project's **app_dir**, which is **{apps_dir}/{app}**.
 
 password_env
 ~~~~~~~~~~~~
@@ -167,8 +169,7 @@ Environment variable containing the user's password. Only needed if the user can
 ssh_port
 ~~~~~~~~
 
-SSH port for connecting to the host.
-Default: ``22``
+SSH port for connecting to the host. Default to **22**.
 
 key_filename
 ~~~~~~~~~~~~
@@ -183,6 +184,7 @@ A mapping of shortcut names to Fujin commands. Allows you to create convenient s
 Example:
 
 .. code-block:: toml
+    :caption: fujin.toml
 
     [aliases]
     console = "app exec -i shell_plus" # open an interactive django shell
@@ -221,6 +223,8 @@ class InstallationMode(StrEnum):
 class SecretAdapter(StrEnum):
     BITWARDEN = "bitwarden"
     ONE_PASSWORD = "1password"
+    DOPPLER = "doppler"
+    SYSTEM = "system"
 
 
 class SecretConfig(msgspec.Struct):
@@ -244,7 +248,10 @@ class Config(msgspec.Struct, kw_only=True):
     requirements: str | None = None
     hooks: HooksDict = msgspec.field(default_factory=dict)
     local_config_dir: Path = Path(".fujin")
-    secret_config: SecretConfig | None = msgspec.field(name="secrets", default=None)
+    secret_config: SecretConfig | None = msgspec.field(
+        name="secrets",
+        default_factory=lambda: SecretConfig(adapter=SecretAdapter.SYSTEM),
+    )
 
     def __post_init__(self):
         if self.installation_mode == InstallationMode.PY_PACKAGE:
@@ -283,8 +290,8 @@ class HostConfig(msgspec.Struct, kw_only=True):
     ip: str | None = None
     domain_name: str
     user: str
-    _env_file: str = msgspec.field(name="envfile", default="")
-    env_content: str = ""
+    _env_file: str | None = msgspec.field(name="envfile", default=None)
+    env_content: str | None = msgspec.field(name="env", default=None)
     apps_dir: str = ".local/share/fujin"
     password_env: str | None = None
     ssh_port: int = 22
@@ -293,14 +300,14 @@ class HostConfig(msgspec.Struct, kw_only=True):
     def __post_init__(self):
         if self._env_file and self.env_content:
             raise ImproperlyConfiguredError(
-                "Cannot set both 'env_content' and 'env_file' properties."
+                "Cannot set both 'env' and 'envfile' properties."
             )
-        if not self.env_content:
+        if self._env_file:
             envfile = Path(self._env_file)
             if not envfile.exists():
                 raise ImproperlyConfiguredError(f"{self._env_file} not found")
             self.env_content = envfile.read_text()
-        self.env_content = self.env_content.strip()
+        self.env_content = self.env_content.strip() if self.env_content else ""
         self.apps_dir = f"/home/{self.user}/{self.apps_dir}"
         self.ip = self.ip or self.domain_name
 

fujin/secrets/__init__.py

@@ -10,18 +10,24 @@ from dotenv import dotenv_values
 from fujin.config import SecretAdapter
 from fujin.config import SecretConfig
 from .bitwarden import bitwarden
+from .dopppler import doppler
 from .onepassword import one_password
+from .system import system
 
 secret_reader = Callable[[str], str]
 secret_adapter_context = Callable[[SecretConfig], ContextManager[secret_reader]]
 
 adapter_to_context: dict[SecretAdapter, secret_adapter_context] = {
+    SecretAdapter.SYSTEM: system,
     SecretAdapter.BITWARDEN: bitwarden,
     SecretAdapter.ONE_PASSWORD: one_password,
+    SecretAdapter.DOPPLER: doppler,
 }
 
 
 def resolve_secrets(env_content: str, secret_config: SecretConfig) -> str:
+    if not env_content:  # this is really for empty string
+        return ""
     with closing(StringIO(env_content)) as buffer:
         env_dict = dotenv_values(stream=buffer)
     secrets = {key: value for key, value in env_dict.items() if value.startswith("$")}
@@ -31,7 +37,9 @@ def resolve_secrets(env_content: str, secret_config: SecretConfig) -> str:
     parsed_secrets = {}
     with adapter_context(secret_config) as reader:
         for key, secret in secrets.items():
-            parsed_secrets[key] = gevent.spawn(reader, secret[1:])
+            parsed_secrets[key] = gevent.spawn(
+                reader, secret[1:]
+            )  # remove the leading $
         gevent.joinall(parsed_secrets.values())
     env_dict.update({key: thread.value for key, thread in parsed_secrets.items()})
     return "\n".join(f'{key}="{value}"' for key, value in env_dict.items())

fujin/secrets/dopppler.py

@@ -0,0 +1,31 @@
+from __future__ import annotations
+
+import subprocess
+from contextlib import contextmanager
+from typing import Generator
+from typing import TYPE_CHECKING
+
+import cappa
+
+from fujin.config import SecretConfig
+
+if TYPE_CHECKING:
+    from . import secret_reader
+
+
+@contextmanager
+def doppler(_: SecretConfig) -> Generator[secret_reader, None, None]:
+    def read_secret(name: str) -> str:
+        result = subprocess.run(
+            ["doppler", "run", "--command", f"echo ${name}"],
+            capture_output=True,
+            text=True,
+        )
+        if result.returncode != 0:
+            raise cappa.Exit(result.stderr)
+        return result.stdout.strip()
+
+    try:
+        yield read_secret
+    finally:
+        pass

fujin/secrets/system.py

@@ -0,0 +1,19 @@
+from __future__ import annotations
+
+import os
+from contextlib import contextmanager
+from typing import Generator
+from typing import TYPE_CHECKING
+
+from fujin.config import SecretConfig
+
+if TYPE_CHECKING:
+    from . import secret_reader
+
+
+@contextmanager
+def system(_: SecretConfig) -> Generator[secret_reader, None, None]:
+    try:
+        yield os.getenv
+    finally:
+        pass

fujin/templates/granian/web.service

@@ -0,0 +1,22 @@
+# All options are documented here https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
+# Inspiration was taken from here https://docs.gunicorn.org/en/stable/deploy.html#systemd
+[Unit]
+Description={app_name} daemon
+After=network.target
+
+[Service]
+User={user}
+Group={user}
+RuntimeDirectory={app_name}
+WorkingDirectory={app_dir}
+ExecStart={app_dir}/{command}
+EnvironmentFile={app_dir}/.env
+ExecReload=/bin/kill -s HUP $MAINPID
+KillMode=mixed
+TimeoutStopSec=5
+PrivateTmp=true
+# if your app does not need administrative capabilities, let systemd know
+ProtectSystem=strict
+
+[Install]
+WantedBy=multi-user.target

fujin/templates/{web.service → gunicorn/web.service}

@@ -6,8 +6,8 @@ Requires={app_name}.socket
 After=network.target
 
 [Service]
-#Type=notify
-#NotifyAccess=main
+Type=notify
+NotifyAccess=main
 User={user}
 Group={user}
 RuntimeDirectory={app_name}

fujin/templates/simple.service

@@ -1,6 +1,7 @@
 # All options are documented here https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
 [Unit]
-Description={app_name} Worker
+Description={app_name} {process_name}
+After=network.target
 
 [Service]
 User={user}

{fujin_cli-0.9.1.dist-info → fujin_cli-0.11.4.dist-info}/METADATA

@@ -1,11 +1,12 @@
-Metadata-Version: 2.3
+Metadata-Version: 2.4
 Name: fujin-cli
-Version: 0.9.1
+Version: 0.11.4
 Summary: Get your project up and running in a few minutes on your own vps.
 Project-URL: Documentation, https://github.com/falcopackages/fujin#readme
 Project-URL: Issues, https://github.com/falcopackages/fujin/issues
 Project-URL: Source, https://github.com/falcopackages/fujin
 Author-email: Tobi DEGNON <tobidegnon@proton.me>
+License-File: LICENSE.txt
 Keywords: caddy,deployment,django,fastapi,litestar,python,systemd
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers

{fujin_cli-0.9.1.dist-info → fujin_cli-0.11.4.dist-info}/RECORD

@@ -1,6 +1,6 @@
 fujin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-fujin/__main__.py,sha256=VJMBzuQuxkQaAKNEySktGnms944bkRsrIAjj-XeaWR8,1813
-fujin/config.py,sha256=jE5iAu1ouHgv2eTut6CRBiKIzK-vxJqVtZuOr6NICEM,11365
+fujin/__main__.py,sha256=qnRqZD-ZGTGeRTcPeHVzlvNNUj3exzftC_KILAlx-Hs,1849
+fujin/config.py,sha256=t7UnhQMl-wYDyFCIcOC5lLdfpSmYWDIRPHvozoSoVME,11707
 fujin/connection.py,sha256=LL7LhX9p0X9FmiGdlSroD3Ht216QY0Kd51xkSrXmM3s,2479
 fujin/errors.py,sha256=74Rh-Sgql1YspPdR_akQ2G3xZ48zecyafYCptpaFo1A,73
 fujin/hooks.py,sha256=EDVYNozlDJ5kc1xHtZrXgtuKplUMEMPTp65TLMP02Ek,1449
@@ -12,10 +12,10 @@ fujin/commands/config.py,sha256=WymGla-H2yduhLcYE1Nb6IJaFIj0S0KIhV9fBDCKsAw,2779
 fujin/commands/deploy.py,sha256=AylcVNX47ekf-AFfQrYcSh86I3qltADEgjPtV9lQAfE,5831
 fujin/commands/docs.py,sha256=b5FZ8AgoAfn4q4BueEQvM2w5HCuh8-rwBqv_CRFVU8E,349
 fujin/commands/down.py,sha256=aw_mxl_TMC66plKTXwlYP1W2XQBmHeROltQqOpQssyE,1577
-fujin/commands/init.py,sha256=AHAZeYkSk-zShF288Zs4rCfVwalCUqeMXWR6GTks2v0,4046
+fujin/commands/init.py,sha256=9yrja4YYFlJqEarN0ekg6yPd5niifPwvQ4i4wnC55a0,4007
 fujin/commands/printenv.py,sha256=bS2mIgk7zd_w3yDhZLTa1PkHIzuSbBWjnYyM8CUjX0k,523
 fujin/commands/proxy.py,sha256=ajXwboS0gDDiMWW7b9rtWU6WPF1h7JYYeycDyU-hQfg,3053
-fujin/commands/prune.py,sha256=C2aAN6AUS84jgRg1eiCroyiuZyaZDmf5yvGAQY9xkcg,1517
+fujin/commands/prune.py,sha256=3Y0ZpgoI8eb_FVD6XMmZK9lEp2delKUeJdK09kv9_08,1509
 fujin/commands/redeploy.py,sha256=491Mzz0qiaHqcI7BFUtZq-M34WQkiBd2ZgQbLRLp8T8,2355
 fujin/commands/rollback.py,sha256=JsocJzQcdQelSnYD94klhjBh8UKkkdiRD9shfUfo4FI,2032
 fujin/commands/server.py,sha256=-3-PyBNR0fGm-RYE3fz50kP-LSDYGU9BzUxrbGZEghc,3312
@@ -24,14 +24,17 @@ fujin/proxies/__init__.py,sha256=UuWYU175tkdaz1WWRCDDpQgGfFVYYNR9PBxA3lTCNr0,695
 fujin/proxies/caddy.py,sha256=H52D7cGEEGcxDaXxvClnny9lAat_h1G9dYlIlf6gwKo,7933
 fujin/proxies/dummy.py,sha256=qBKSn8XNEA9SVwB7GzRNX2l9Iw6tUjo2CFqZjWi0FjY,465
 fujin/proxies/nginx.py,sha256=BNJNLxLLRVAmBIGVCk8pb16iiSJsOI9jXOZhdSQGtX8,4151
-fujin/secrets/__init__.py,sha256=hiNZIBtOwM0WQbvAF3GhuMMCsQCjXjiSr5gTLAGN-VI,1375
+fujin/secrets/__init__.py,sha256=nicjIkcEX22rSD-Fleg0jG2IaBtvEq1dbkcfZ7lGlGI,1633
 fujin/secrets/bitwarden.py,sha256=01GZL5hYwZzL6yXy5ab3L3kgBFBeOT8i3Yg9GC8YwFU,2008
+fujin/secrets/dopppler.py,sha256=t5SGfyuA0RxsD9uvrAu4cG2TBDIUgB5gb6XYXPrd61Y,724
 fujin/secrets/onepassword.py,sha256=6Xj3XWttKfcjMbcoMZvXVpJW1KHxlD785DysmX_mqvk,654
-fujin/templates/simple.service,sha256=-lyKjmSyfHGucP4O_vRQE1NNaHq0Qjsc0twdwoRLgI0,321
-fujin/templates/web.service,sha256=NZ7ZeaFvV_MZTBn8QqRQeu8PIrWHf3aWYWNzjOQeqCw,685
-fujin/templates/web.socket,sha256=2lJsiOHlMJL0YlN7YBLLnr5zqsytPEt81yP34nk0dmc,173
-fujin_cli-0.9.1.dist-info/METADATA,sha256=5mtskwHoka7b0M4fs897ic7prKs3NgTBrdeMSWlfKBk,4576
-fujin_cli-0.9.1.dist-info/WHEEL,sha256=C2FUgwZgiLbznR-k0b_5k3Ai_1aASOXDss3lzCUsUug,87
-fujin_cli-0.9.1.dist-info/entry_points.txt,sha256=Y_TBtKt3j11qhwquMexZR5yqnDEqOBDACtresqQFE-s,46
-fujin_cli-0.9.1.dist-info/licenses/LICENSE.txt,sha256=0QF8XfuH0zkIHhSet6teXfiCze6JSdr8inRkmLLTDyo,1099
-fujin_cli-0.9.1.dist-info/RECORD,,
+fujin/secrets/system.py,sha256=Z5uNc2V3rcR75ffBnOsJywndoWuDcih88O9nPXIJ3U0,382
+fujin/templates/simple.service,sha256=ySlLqF354UCvlQaJcEVj4jf4hK7aKAq9qseE6pmtXJI,350
+fujin/templates/granian/web.service,sha256=D3vHOHdP3wrZueKuhlhkB4syOCVvGSciDsNsmU_Bp68,626
+fujin/templates/gunicorn/web.service,sha256=EfTJQP4VvwlOTDyVCch5Y7iVhpPvZVaRWE6MHI4_z4k,683
+fujin/templates/gunicorn/web.socket,sha256=2lJsiOHlMJL0YlN7YBLLnr5zqsytPEt81yP34nk0dmc,173
+fujin_cli-0.11.4.dist-info/METADATA,sha256=MOALo-mvFTBlNaK-mnrEUSY0aZJSIqHL28m0CYM97KQ,4603
+fujin_cli-0.11.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+fujin_cli-0.11.4.dist-info/entry_points.txt,sha256=Y_TBtKt3j11qhwquMexZR5yqnDEqOBDACtresqQFE-s,46
+fujin_cli-0.11.4.dist-info/licenses/LICENSE.txt,sha256=0QF8XfuH0zkIHhSet6teXfiCze6JSdr8inRkmLLTDyo,1099
+fujin_cli-0.11.4.dist-info/RECORD,,

{fujin_cli-0.9.1.dist-info → fujin_cli-0.11.4.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.26.3
+Generator: hatchling 1.27.0
 Root-Is-Purelib: true
 Tag: py3-none-any